В этом руководстве показано, как создать учетную запись клиента с помощью API для реселлеров.
Правильная настройка учетной записи клиента включает в себя несколько взаимозависимых шагов, охватывающих множество API в платформе Google Workspace.
На приведенной выше диаграмме показано, какие API используются на каждом этапе для инициализации учетной записи клиента:
- Используйте API проверки сайта для размещения токена подтверждения домена.
- Используйте API для реселлеров, чтобы создать клиента.
- Используйте API каталога для создания первого пользователя и назначения ему прав администратора.
- Используйте API для реселлеров, чтобы создать подписку.
- Для подтверждения домена используйте API проверки сайта.
Предварительные требования
- Экземпляр домена реселлера Google.
- Полностью оформленное партнерское соглашение с Google Workspace.
- Аккаунт Google.
- Примите условия предоставления услуг в консоли партнерских продаж.
- Загрузите клиентскую библиотеку для разных языков .
Настройте свою среду
Для завершения этого руководства настройте свою среду.
Включить API
Перед использованием API Google необходимо включить их в проекте Google Cloud. В одном проекте Google Cloud можно включить один или несколько API.В консоли Google Cloud включите API для реселлеров, API для проверки сайтов и API для административного SDK.
[Enable the APIS](https://console.cloud.google.com/flows/enableapi?apiid=reseller.googleapis.com,admin.googleapis.com,siteverification.googleapis.com){: class="button button-primary" target="console"}Создайте учетную запись службы
Консоль Google Cloud
- В консоли Google Cloud перейдите в > IAM и администрирование > Учетные записи служб .
- Нажмите «Создать учетную запись службы» .
- Заполните данные учетной записи службы, затем нажмите «Создать и продолжить» .
- Необязательно: назначьте роли вашей учетной записи службы, чтобы предоставить доступ к ресурсам вашего проекта Google Cloud. Для получения более подробной информации см. раздел «Предоставление, изменение и отзыв доступа к ресурсам» .
- Нажмите «Продолжить» .
- Необязательно: укажите пользователей или группы, которые могут управлять этой учетной записью службы и выполнять с ней действия. Дополнительные сведения см. в разделе «Управление имитацией учетной записи службы» .
- Нажмите «Готово» . Запишите адрес электронной почты учетной записи службы.
gcloud CLI
- Создайте учетную запись службы:
gcloud iam service-accounts createSERVICE_ACCOUNT_NAME\ --display-name="SERVICE_ACCOUNT_NAME" - Необязательно: назначьте роли вашей учетной записи службы, чтобы предоставить доступ к ресурсам вашего проекта Google Cloud. Для получения более подробной информации см. раздел «Предоставление, изменение и отзыв доступа к ресурсам» .
Создайте учетные данные для служебной учетной записи.
Вам необходимо получить учетные данные в виде пары открытого/закрытого ключей. Эти учетные данные используются вашим кодом для авторизации действий учетной записи службы внутри вашего приложения.- В консоли Google Cloud перейдите в > IAM и администрирование > Учетные записи служб .
- Выберите свой сервисный аккаунт.
- Нажмите «Клавиши» > «Добавить клавишу» > «Создать новую клавишу» .
- Выберите JSON , затем нажмите «Создать» .
Ваша новая пара открытого/закрытого ключей будет сгенерирована и загружена на ваш компьютер в виде нового файла. Сохраните загруженный JSON-файл как
credentials.jsonв вашей рабочей директории. Этот файл является единственной копией данного ключа. Информацию о том, как безопасно хранить ключ, см. в разделе «Управление ключами учетных записей служб» . - Нажмите «Закрыть» .
Настройте делегирование полномочий для учетной записи службы в масштабе всего домена.
Для вызова API от имени пользователей в организации Google Workspace вашей учетной записи службы необходимо предоставить полномочия на уровне домена в консоли администратора Google Workspace от учетной записи суперадминистратора. Дополнительную информацию см. в разделе «Делегирование полномочий на уровне домена учетной записи службы» .- В консоли Google Cloud перейдите в > IAM и администрирование > Учетные записи служб .
- Выберите свой сервисный аккаунт.
- Нажмите «Показать дополнительные настройки» .
- В разделе «Делегирование в масштабе домена» найдите «Идентификатор клиента» вашей учетной записи службы. Нажмите «Копировать », чтобы скопировать значение идентификатора клиента в буфер обмена.
Если у вас есть права суперадминистратора для соответствующей учетной записи Google Workspace, нажмите «Просмотреть консоль администратора Google Workspace» , затем войдите в систему, используя учетную запись суперадминистратора, и продолжите выполнение следующих шагов.
Если у вас нет прав суперадминистратора для соответствующей учетной записи Google Workspace, свяжитесь с суперадминистратором этой учетной записи и отправьте ему идентификатор клиента (Client ID) вашей служебной учетной записи и список областей действия OAuth (OAuth Scopes), чтобы он мог выполнить следующие шаги в консоли администратора.
- В консоли администратора Google перейдите в > Безопасность > Доступ и контроль данных > Управление API .
- Нажмите «Управление делегированием в масштабе домена» .
- Нажмите «Добавить новый» .
- В поле "Идентификатор клиента" вставьте ранее скопированный идентификатор клиента.
- В поле "Области действия OAuth" введите список областей действия, разделенных запятыми, которые необходимы для вашего приложения. Это тот же набор областей действия, который вы определили при настройке экрана согласия OAuth.
- Нажмите «Авторизовать» .
Создавайте объекты сервисов с аутентифицированными учетными данными.
Для начала работы с любым API Google необходимо настроить аутентификацию и учетные данные в вашем приложении. Клиентские библиотеки Google сделают это за вас. Все библиотеки имеют шаблоны для создания объекта учетных данных, которому вы можете предоставить доступ ко всем API и передать его в каждый сервис. Как правило, приложение должно использовать один набор учетных данных и один облачный проект для всех взаимодействий с API Google.
Используйте JSON-файл с ключами, который вы сгенерировали при создании учетной записи службы.
Python
import sys from apiclient.discovery import build from apiclient.http import HttpError from oauth2client.service_account import ServiceAccountCredentials ############## REPLACE WITH YOUR OWN VALUES #################### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com' ################################################################ # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ] credentials = ServiceAccountCredentials.from_json_keyfile_name( JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER) reseller_service = build( serviceName='reseller', version='v1', credentials=credentials) directory_service = build( serviceName='admin', version='directory_v1', credentials=credentials) verification_service = build( serviceName='siteVerification', version='v1', credentials=credentials)
Java
// OAuth2 and HTTP import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; import com.google.api.client.http.HttpResponseException; import com.google.api.client.json.jackson2.JacksonFactory; // Directory API import com.google.api.services.admin.directory.Directory; import com.google.api.services.admin.directory.DirectoryScopes; import com.google.api.services.admin.directory.model.User; import com.google.api.services.admin.directory.model.UserMakeAdmin; import com.google.api.services.admin.directory.model.UserName; // Reseller API import com.google.api.services.reseller.Reseller; import com.google.api.services.reseller.ResellerScopes; import com.google.api.services.reseller.model.Address; import com.google.api.services.reseller.model.Customer; import com.google.api.services.reseller.model.RenewalSettings; import com.google.api.services.reseller.model.Seats; import com.google.api.services.reseller.model.Subscription; // Site Verification API import com.google.api.services.siteVerification.SiteVerification; import com.google.api.services.siteVerification.SiteVerificationScopes; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource; // Java library imports import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Arrays; import java.util.List; /** * This is a basic example of provisioning a Google Workspace customer. */ public class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes private static final List<String> OAUTH2_SCOPES = Arrays.asList( ResellerScopes.APPS_ORDER, SiteVerificationScopes.SITEVERIFICATION, DirectoryScopes.ADMIN_DIRECTORY_USER ); /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static final String CUSTOMER_DOMAIN = "example.com"; public static final String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ public static void main(String[] args) throws IOException, GeneralSecurityException, FileNotFoundException { // Instantiate services with authenticated credentials GoogleCredential jsonCredentials = GoogleCredential .fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE)); GoogleCredential credentials = new GoogleCredential.Builder() .setTransport(GoogleNetHttpTransport.newTrustedTransport()) .setJsonFactory(JacksonFactory.getDefaultInstance()) .setServiceAccountScopes(OAUTH2_SCOPES) .setServiceAccountUser(RESELLER_ADMIN_USER) .setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey()) .setServiceAccountId(jsonCredentials.getServiceAccountId()) .build(); Reseller resellerService = new Reseller.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); Directory directoryService = new Directory.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); SiteVerification verificationService = new SiteVerification.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build();
C#
// OAuth2 and HTTP using Google.Apis.Auth.OAuth2; using Google.Apis.Services; // Reseller API using Google.Apis.Reseller.v1; using Google.Apis.Reseller.v1.Data; // Directory API using Google.Apis.Admin.Directory.directory_v1; using User = Google.Apis.Admin.Directory.directory_v1.Data.User; using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName; using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin; //Site Verification API using Google.Apis.SiteVerification.v1; using Google.Apis.SiteVerification.v1.Data; // System imports using System; using System.IO; class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes static string[] OAUTH2_SCOPES = { ResellerService.Scope.AppsOrder, DirectoryService.Scope.AdminDirectoryUser, SiteVerificationService.Scope.Siteverification }; /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static String CUSTOMER_DOMAIN = "example.com"; public static String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ static void Main(string[] args) { GoogleCredential credential; using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read)) { credential = GoogleCredential .FromStream(stream) .CreateScoped(OAUTH2_SCOPES) .CreateWithUser(RESELLER_ADMIN_USER); } var resellerService = new ResellerService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var directoryService = new DirectoryService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var verificationService = new SiteVerificationService(new BaseClientService.Initializer() { HttpClientInitializer = credential, });
PHP
// https://developers.google.com/api-client-library/php/ require_once 'vendor/autoload.php'; // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes $OAUTH2_SCOPES = [ Google_Service_Reseller::APPS_ORDER, Google_Service_SiteVerification::SITEVERIFICATION, Google_Service_Directory::ADMIN_DIRECTORY_USER, ]; ######### REPLACE WITH YOUR OWN VALUES ############### $JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; $RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; $CUSTOMER_DOMAIN = 'example.com'; $CUSTOMER_SITE = 'https://www.example.com/'; ###################################################### $client = new Google_Client(); $client->setAuthConfig($JSON_PRIVATE_KEY_FILE); $client->setSubject($RESELLER_ADMIN_USER); $client->setScopes($OAUTH2_SCOPES); $resellerService = new Google_Service_Reseller($client); $directoryService = new Google_Service_Directory($client); $verificationService = new Google_Service_SiteVerification($client);
Руби
require 'googleauth' require 'google/apis/reseller_v1' require 'google/apis/site_verification_v1' require 'google/apis/admin_directory_v1' # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/admin.directory.user', 'https://reseller.googleapis.com/auth/siteverification', ] ####### REPLACE WITH YOUR OWN VALUES ############### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com/' #################################################### credentials = Google::Auth::ServiceAccountCredentials.make_creds( json_key_io: File.open(JSON_PRIVATE_KEY_FILE), scope: OAUTH2_SCOPES) credentials.sub = RESELLER_ADMIN_USER Google::Apis::RequestOptions.default.authorization = credentials reseller_service = Google::Apis::ResellerV1::ResellerService.new directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises const {google} = require('googleapis'); // ############## REPLACE WITH YOUR OWN VALUES #################### const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; const CUSTOMER_DOMAIN = 'example.com'; const CUSTOMER_SITE = 'https://www.example.com/'; // ################################################################ // Full List of scopes: https://developers.google.com/identity/protocols/googlescopes const OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ]; const authJWT = new google.auth.JWT({ keyFile: JSON_PRIVATE_KEY_FILE, scopes: OAUTH2_SCOPES, subject: RESELLER_ADMIN_USER, }); const resellerService = google.reseller({version: 'v1', auth: authJWT}); const directoryService = google.admin({version: 'directory_v1', auth: authJWT}); const verificationService = google.siteVerification({version: 'v1', auth: authJWT});
Начать процесс проверки домена
Этот шаг необязателен, но рекомендуется, если у вас есть возможность подтвердить домен клиента. Этот шаг завершается в конце руководства после подтверждения домена.
Если вы не подтвердите домен клиента, то к нему будут применяться следующие ограничения:
- Они имеют доступ только к консоли администратора, где проходят процедуру ручной проверки домена .
- Их могут приостановить через 21 день после создания.
Для получения токена подтверждения сайта выполните следующие действия:
Для получения токена подтверждения сайта используйте
Вы не можете проверить, был ли домен ранее проверен, но вы можете проверять сайты несколько раз без каких-либо проблем. В зависимости от того, проверяете ли вы тип
INET_DOMAINилиSITE, параметрыverificationMethodразличаются. Выберите один из следующих вариантов:Для типа
INET_DOMAINиспользуйте один из следующих параметровverificationMethod:-
DNS_TXT -
DNS_CNAME
В следующем примере получения токена используется тип
INET_DOMAIN:Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'verificationMethod': 'DNS_TXT' }).execute() print(response)
Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("INET_DOMAIN") .setIdentifier(CUSTOMER_DOMAIN); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("DNS_TXT") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());
C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "INET_DOMAIN", Identifier = CUSTOMER_DOMAIN }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "DNS_TXT", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);
PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'DNS_TXT', 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r ($response);
Руби
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, verification_method: 'DNS_TXT' ) response = verification_service.get_web_resource_token(request) puts response.inspect
Node.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, verificationMethod: 'DNS_TXT', } }).then(({data}) => { console.log(data); return data; });
-
Для типа
SITEиспользуйте один из следующих параметровverificationMethod:-
FILE -
META
В следующем примере получения токена используется тип
SITEс методом проверкиFILE. При использовании типа проверкиSITEнеобходимо добавить перед идентификатором префиксhttp://илиhttps://.Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'SITE', 'identifier': CUSTOMER_SITE }, 'verificationMethod': 'FILE' }).execute() print(response)
Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("SITE") .setIdentifier(CUSTOMER_SITE); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("FILE") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());
C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "SITE", Identifier = CUSTOMER_SITE }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "FILE", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);
PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'FILE', 'site' => [ 'type' => 'SITE', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r($response);
Руби
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'SITE', identifier: CUSTOMER_SITE }, verification_method: 'FILE' ) response = verification_service.get_web_resource_token(request) puts response.inspect
Node.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'SITE', identifier: CUSTOMER_SITE, }, verificationMethod: 'FILE', } }).then(({data}) => { console.log(data); return data; });
-
Разместите токен подтверждения сайта в DNS-записи или на сайте .
Создайте клиента с помощью API для реселлеров.
Используйте метод Customers.Get , чтобы определить, существует ли клиент уже в Google Workspace:
Python
# Determine if customer domain already has Google Workspace try: response = reseller_service.customers().get( customerId=CUSTOMER_DOMAIN).execute() print('Customer already exists if call succeeds') sys.exit() except HttpError as error: if int(error.resp['status']) == 404: print('Domain available for Google Workspace creation') else: raise
Java
// Determine if customer domain already has Google Workspace try { resellerService.customers().get(CUSTOMER_DOMAIN).execute(); System.out.println("Customer already exists if call succeeds"); System.exit(0); } catch (HttpResponseException e) { if (e.getStatusCode() == 404) { System.out.println("Domain available for Google Workspace creation"); } else { throw e; } }
C#
// Determine if customer domain already has Google Workspace try { resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Customer already exists if call succeeds"); Environment.Exit(0); } catch (Google.GoogleApiException e) { if (e.Error.Code == 404) { Console.WriteLine("Domain available for Google Workspace creation"); } else throw e; }
PHP
// Determine if customer domain already has Google Workspace try { $response = $resellerService->customers->get($CUSTOMER_DOMAIN); exit('Customer already exists if call succeeds'); } catch(Google_Service_Exception $e) { if ($e->getErrors()[0]['reason'] == 'notFound'){ print ("Domain available for Google Workspace creation\n"); } else { throw $e; } }
Руби
# Determine if customer domain already has Google Workspace begin reseller_service.get_customer(CUSTOMER_DOMAIN) abort('Customer already exists if call succeeds') rescue Google::Apis::ClientError => ex if ex.status_code == 404 puts 'Domain available for Google Workspace creation' else raise ex end end
Node.js
// Determine if customer domain already has Google Workspace const getCustomerPromise = resellerService.customers.get({ customerId: CUSTOMER_DOMAIN }).then(() => { throw new Error('Customer already exists'); }, resErr => { if (resErr.code === 404) { console.log('Domain available for Google Workspace creation'); } else { throw resErr; } });
В зависимости от ответа выполните следующие действия:
Если клиент не существует, метод
customers.getвозвращает код ошибкиHTTP 404Перейдите к следующему шагу, где вы создадите запись о клиенте в Google Workspace.Если метод
customers.getвозвращает ошибку, определите, принадлежит ли клиент вам, проверив тело ответа на наличие свойстваalternateEmail. Если свойствоalternateEmailотсутствует, необходимо передать клиента и его подписки .
Создайте запись о клиенте в Google Workspace. Для создания подписок для этого клиента необходимо сначала создать запись о клиенте, следуя приведенным ниже инструкциям:
- Параметр
alternateEmailне может находиться в том же домене, что иcustomerDomain. - Параметр
postalAddress.countryCodeдолжен представлять собой двухсимвольный код страны по стандарту ISO.
В следующем примере показано создание записи о клиенте:
Python
# Create customer resource response = reseller_service.customers().insert( body={ 'customerDomain': CUSTOMER_DOMAIN, 'alternateEmail': 'marty.mcfly@gmail.com', 'postalAddress': { 'contactName': 'Marty McFly', 'organizationName': 'Acme Corp', 'postalCode': '10009', 'countryCode': 'US', } }).execute() print(response)
Java
// Create customer resource Address address = new Address() .setContactName("Marty McFly") .setOrganizationName("Acme Corp") .setCountryCode("US") .setPostalCode("10009"); Customer customer = new Customer() .setCustomerDomain(CUSTOMER_DOMAIN) .setAlternateEmail("marty.mcfly@gmail.com") .setPostalAddress(address); Customer customerResponse = resellerService.customers() .insert(customer).execute(); System.out.println("Created Customer:\n" + customerResponse);
C#
// Create customer resource Address address = new Address() { ContactName = "Marty McFly", OrganizationName = "Acme Corp", CountryCode = "US", PostalCode = "10009" }; Customer customer = new Customer() { CustomerDomain = CUSTOMER_DOMAIN, AlternateEmail = "marty.mcfly@gmail.com", PostalAddress = address }; Customer customerResponse = resellerService.Customers.Insert(customer).Execute(); Console.WriteLine("Created Customer:\n{0}", customerResponse);
PHP
// Create customer resource $customer = new Google_Service_Reseller_Customer([ 'customerDomain' => $CUSTOMER_DOMAIN, 'alternateEmail' => 'marty.mcfly@gmail.com', 'postalAddress' => [ 'contactName' => 'Marty McFly', 'organizationName' => 'Acme Corp', 'countryCode' => 'US', 'postalCode' => '10009' ] ]); $response = $resellerService->customers->insert($customer); print_r ($response);
Руби
# Create customer resource customer = Google::Apis::ResellerV1::Customer.new( customer_domain: CUSTOMER_DOMAIN, alternate_email: 'marty.mcfly@gmail.com', postal_address: { contact_name: 'Marty McFly', organization_name: 'Acme Corp', country_code: 'US', postal_code: '10009'}) response = reseller_service.insert_customer(customer) puts response.inspect
Node.js
// Create customer resource const insertCustomerPromise = resellerService.customers.insert({ requestBody: { customerDomain: CUSTOMER_DOMAIN, alternateEmail: 'marty.mcfly@gmail.com', postalAddress: { contactName: 'Marty McFly', organizationName: 'Acme Corp', postalCode: '10009', countryCode: 'US', } } }).then(({data}) => { console.log(data); return data; });
- Параметр
Создайте первого пользователя-администратора с помощью API Admin SDK.
После предоставления доступа клиенту необходимо создать первого пользователя и немедленно повысить его права до уровня суперадминистратора домена, чтобы клиент мог получить доступ к новым услугам и принять все применимые Условия предоставления услуг.
Создайте первого пользователя и установите для него пароль. Пароли должны быть достаточно сложными и содержать не менее восьми символов. Для получения дополнительной информации см. ресурс
user.Python
# Create first admin user response = directory_service.users().insert( body={ 'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN, 'name': { 'givenName': 'Marty', 'familyName': 'McFly', }, 'password': 'Timecircuit88' }).execute() print(response)
Java
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName(); name.setGivenName("Marty"); name.setFamilyName("McFly"); User user = new User(); user.setPrimaryEmail(userEmail); user.setPassword("TimeCircuit88"); user.setName(name); User userResponse = directoryService.users().insert(user).execute(); System.out.println("Created User:\n" + userResponse);
C#
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName() { GivenName = "Marty", FamilyName = "McFly" }; User user = new User() { PrimaryEmail = userEmail, Password = "TimeCircuit88", Name = name }; User userResponse = directoryService.Users.Insert(user).Execute(); Console.WriteLine("Created User:\n{0}", userResponse);
PHP
// Create first admin user $user = new Google_Service_Directory_User([ 'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN, 'password' => 'Timecircuit88', 'name' => [ 'givenName' => 'Marty', 'familyName' => 'McFly', 'fullName' => 'Marty McFly' ] ]); $response = $directoryService->users->insert($user); print_r ($response);
Руби
# Create first admin user user = Google::Apis::AdminDirectoryV1::User.new( name: { given_name: 'Marty', family_name: 'McFly', full_name: 'Marty McFly' }, password: 'Timecircuit88', primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN, ) response = directory_service.insert_user(user) puts response.inspect
Node.js
// Create first admin user const insertUserPromise = directoryService.users.insert({ requestBody: { primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`, name: { givenName: 'Marty', familyName: 'McFly', }, password: 'Timecircuit88', } }).then(({data}) => { console.log(data); return data; });
Если при попытке создания пользователя возвращается
HTTP 409, возможно, данное имя пользователя уже существует в качестве пользовательской учетной записи Google.Повысьте квалификацию пользователя до роли суперадминистратора:
Python
# Promote user to admin status response = directory_service.users().makeAdmin( userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={ 'status': True }).execute()
Java
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin(); admin.setStatus(true); directoryService.users().makeAdmin(userEmail, admin).execute(); System.out.println("User promoted to Admin");
C#
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin() { Status = true }; directoryService.Users.MakeAdmin(admin, userEmail).Execute(); Console.WriteLine("User promoted to Admin");
PHP
// Promote user to admin status $makeAdmin = new Google_Service_Directory_UserMakeAdmin([ 'status' => true ]); $directoryService->users->makeAdmin( 'marty.mcfly@' . $CUSTOMER_DOMAIN, $makeAdmin );
Руби
# Promote user to admin status admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new( status: true ) response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)
Node.js
// Promote user to admin status const makeAdminPromise = directoryService.users.makeAdmin({ userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`, requestBody: { status: true } });
Создайте подписку Google Workspace для клиента.
При создании подписки для клиента в поле purchaseOrderId следует указать внутренний идентификатор транзакции или идентификатор этого клиента. Дополнительную информацию о конкретных аргументах и значениях см. в разделе «Управление подписками» .
Для создания подписки используйте вызов Subscriptions.Insert . В следующем примере используется подписка
ANNUAL_YEARLY_PAY:Python
# Create subscription resource response = reseller_service.subscriptions().insert( customerId=CUSTOMER_DOMAIN, body={ 'customerId': CUSTOMER_DOMAIN, 'skuId': '1010020027', 'plan': { 'planName': 'ANNUAL_MONTHLY_PAY', }, 'seats': { 'numberOfSeats': 5, }, 'renewalSettings': { # only relevant for annual plans 'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY' } }).execute() print(response)
Java
// Create subscription resource Seats seats = new Seats() .setNumberOfSeats(5); Subscription.Plan plan = new Subscription.Plan() .setPlanName("ANNUAL_YEARLY_PAY"); RenewalSettings renewalSettings = new RenewalSettings() .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY"); Subscription subscription = new Subscription() .setCustomerId(CUSTOMER_DOMAIN) .setSeats(seats) .setPlan(plan) .setSkuId("1010020027") .setRenewalSettings(renewalSettings); Subscription subscriptionResponse = resellerService.subscriptions() .insert(CUSTOMER_DOMAIN, subscription).execute(); System.out.println("Created Subscription:\n" + subscriptionResponse);
C#
// Create subscription resource Seats seats = new Seats() { NumberOfSeats = 5 }; Subscription.PlanData plan = new Subscription.PlanData() { PlanName = "ANNUAL_YEARLY_PAY" }; RenewalSettings renewalSettings = new RenewalSettings() { RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY" }; Subscription subscription = new Subscription() { CustomerId = CUSTOMER_DOMAIN, Seats = seats, Plan = plan, SkuId = "1010020027", RenewalSettings = renewalSettings }; Subscription subscriptionResponse = resellerService.Subscriptions .Insert(subscription, CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Created Subscription:\n" + subscriptionResponse);
PHP
// Create subscription resource $subscription = new Google_Service_Reseller_Subscription([ 'customerId' => $CUSTOMER_DOMAIN, 'skuId' => '1010020027', 'plan' => [ 'planName' => 'ANNUAL_MONTHLY_PAY' ], 'seats' => [ 'numberOfSeats' => '5' ], 'renewalSettings' => [ 'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY' ] ]); $response = $resellerService->subscriptions->insert( $CUSTOMER_DOMAIN, $subscription ); print_r ($response);
Руби
# Create subscription resource subscription = Google::Apis::ResellerV1::Subscription.new( customer_id: CUSTOMER_DOMAIN, sku_id: '1010020027', plan: { plan_name: 'ANNUAL_MONTHLY_PAY' }, seats: { number_of_seats: 5, }, renewal_settings: { renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY' } ) response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription) puts response.inspect
Node.js
// Create subscription resource const insertSubscriptionPromise = resellerService.subscriptions.insert({ customerId: CUSTOMER_DOMAIN, requestBody: { customerId: CUSTOMER_DOMAIN, skuId: '1010020027', plan: { planName: 'ANNUAL_MONTHLY_PAY', }, seats: { numberOfSeats: 5, }, renewalSettings: { // only relevant for annual plans renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY', } } }).then(({data}) => { console.log(data); return data; });
Подписки находятся в
SUSPENDEDсостоянии до тех пор, пока администратор клиента не войдет в систему и не примет Условия предоставления услуг. Администраторы клиентов перенаправляются на страницу Условий предоставления услуг при первом входе в систему при доступе к любому ресурсу Google (например, Gmail или Google Drive).
Проверьте домен и назначьте владельцев домена.
Этот шаг необязателен, но рекомендуется, если у вас есть возможность проверить домен клиента. Вызов webResource.insert() API проверки сайта проверяет домен и назначает ему владельцев, указанных в параметре owners[] тела запроса.
Следующий пример показывает, как проверить INET_DOMAIN :
Python
# Verify domain and designate domain owners response = verification_service.webResource().insert( verificationMethod='DNS_TXT', body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN] }).execute() print(response)
Java
// Verify domain and designate domain owners SiteVerificationWebResourceResource.Site verifySite = new SiteVerificationWebResourceResource.Site() .setIdentifier(CUSTOMER_DOMAIN) .setType("INET_DOMAIN"); List<String> owners = Arrays.asList(userEmail); SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() .setSite(verifySite) .setOwners(owners); SiteVerificationWebResourceResource verifyResponse = verificationService.webResource().insert("DNS_TXT", resource).execute(); System.out.println("Site Verification Web Resource:\n" + verifyResponse);
C#
// Verify domain and designate domain owners SiteVerificationWebResourceResource.SiteData verifySite = new SiteVerificationWebResourceResource.SiteData() { Identifier = CUSTOMER_DOMAIN, Type = "INET_DOMAIN" }; string[] owners = { userEmail }; SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() { Site = verifySite, Owners = owners }; SiteVerificationWebResourceResource verifyResponse = verificationService.WebResource.Insert(resource, "DNS_TXT").Execute(); Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
PHP
// Verify domain and designate domain owners $body = new Google_Service_SiteVerification_SiteVerificationWebResourceResource([ 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN, ], 'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN] ]); $response = $verificationService->webResource->insert('DNS_TXT', $body); print_r ($response);
Руби
# Verify domain and designate domain owners webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, owners: ['marty.mcfly@' + CUSTOMER_DOMAIN] ) response = verification_service.insert_web_resource('DNS_TXT', webResource) puts response.inspect
Node.js
// Verify domain and designate domain owners const verifyDomainPromise = verificationService.webResource.insert({ verificationMethod: 'DNS_TXT', requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`], } }).then(({data}) => { console.log(data); return data; });
В случае успеха этот вызов возвращает код HTTP 200 Если webResource.insert() не может проверить домен, он возвращает код ошибки уровня HTTP 400 Повторите вызов webResource.insert() с задержкой, пока домен не будет успешно проверен.
Соберите всё воедино
В следующем примере показан полный код для настройки учетной записи клиента Google Workspace:
Python
"""This is a basic example of provisioning a Google Workspace customer. """ import sys from apiclient.discovery import build from apiclient.http import HttpError from oauth2client.service_account import ServiceAccountCredentials ############## REPLACE WITH YOUR OWN VALUES #################### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com' ################################################################ # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ] credentials = ServiceAccountCredentials.from_json_keyfile_name( JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER) reseller_service = build( serviceName='reseller', version='v1', credentials=credentials) directory_service = build( serviceName='admin', version='directory_v1', credentials=credentials) verification_service = build( serviceName='siteVerification', version='v1', credentials=credentials) # Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'verificationMethod': 'DNS_TXT' }).execute() print(response) # Determine if customer domain already has Google Workspace try: response = reseller_service.customers().get( customerId=CUSTOMER_DOMAIN).execute() print('Customer already exists if call succeeds') sys.exit() except HttpError as error: if int(error.resp['status']) == 404: print('Domain available for Google Workspace creation') else: raise # Create customer resource response = reseller_service.customers().insert( body={ 'customerDomain': CUSTOMER_DOMAIN, 'alternateEmail': 'marty.mcfly@gmail.com', 'postalAddress': { 'contactName': 'Marty McFly', 'organizationName': 'Acme Corp', 'postalCode': '10009', 'countryCode': 'US', } }).execute() print(response) # Create first admin user response = directory_service.users().insert( body={ 'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN, 'name': { 'givenName': 'Marty', 'familyName': 'McFly', }, 'password': 'Timecircuit88' }).execute() print(response) # Promote user to admin status response = directory_service.users().makeAdmin( userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={ 'status': True }).execute() # Create subscription resource response = reseller_service.subscriptions().insert( customerId=CUSTOMER_DOMAIN, body={ 'customerId': CUSTOMER_DOMAIN, 'skuId': '1010020027', 'plan': { 'planName': 'ANNUAL_MONTHLY_PAY', }, 'seats': { 'numberOfSeats': 5, }, 'renewalSettings': { # only relevant for annual plans 'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY' } }).execute() print(response) # Verify domain and designate domain owners response = verification_service.webResource().insert( verificationMethod='DNS_TXT', body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN] }).execute() print(response)
Java
// OAuth2 and HTTP import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; import com.google.api.client.http.HttpResponseException; import com.google.api.client.json.jackson2.JacksonFactory; // Directory API import com.google.api.services.admin.directory.Directory; import com.google.api.services.admin.directory.DirectoryScopes; import com.google.api.services.admin.directory.model.User; import com.google.api.services.admin.directory.model.UserMakeAdmin; import com.google.api.services.admin.directory.model.UserName; // Reseller API import com.google.api.services.reseller.Reseller; import com.google.api.services.reseller.ResellerScopes; import com.google.api.services.reseller.model.Address; import com.google.api.services.reseller.model.Customer; import com.google.api.services.reseller.model.RenewalSettings; import com.google.api.services.reseller.model.Seats; import com.google.api.services.reseller.model.Subscription; // Site Verification API import com.google.api.services.siteVerification.SiteVerification; import com.google.api.services.siteVerification.SiteVerificationScopes; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource; // Java library imports import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Arrays; import java.util.List; /** * This is a basic example of provisioning a Google Workspace customer. */ public class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes private static final List<String> OAUTH2_SCOPES = Arrays.asList( ResellerScopes.APPS_ORDER, SiteVerificationScopes.SITEVERIFICATION, DirectoryScopes.ADMIN_DIRECTORY_USER ); /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static final String CUSTOMER_DOMAIN = "example.com"; public static final String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ public static void main(String[] args) throws IOException, GeneralSecurityException, FileNotFoundException { // Instantiate services with authenticated credentials GoogleCredential jsonCredentials = GoogleCredential .fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE)); GoogleCredential credentials = new GoogleCredential.Builder() .setTransport(GoogleNetHttpTransport.newTrustedTransport()) .setJsonFactory(JacksonFactory.getDefaultInstance()) .setServiceAccountScopes(OAUTH2_SCOPES) .setServiceAccountUser(RESELLER_ADMIN_USER) .setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey()) .setServiceAccountId(jsonCredentials.getServiceAccountId()) .build(); Reseller resellerService = new Reseller.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); Directory directoryService = new Directory.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); SiteVerification verificationService = new SiteVerification.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); // Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("INET_DOMAIN") .setIdentifier(CUSTOMER_DOMAIN); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("DNS_TXT") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken()); // Determine if customer domain already has Google Workspace try { resellerService.customers().get(CUSTOMER_DOMAIN).execute(); System.out.println("Customer already exists if call succeeds"); System.exit(0); } catch (HttpResponseException e) { if (e.getStatusCode() == 404) { System.out.println("Domain available for Google Workspace creation"); } else { throw e; } } // Create customer resource Address address = new Address() .setContactName("Marty McFly") .setOrganizationName("Acme Corp") .setCountryCode("US") .setPostalCode("10009"); Customer customer = new Customer() .setCustomerDomain(CUSTOMER_DOMAIN) .setAlternateEmail("marty.mcfly@gmail.com") .setPostalAddress(address); Customer customerResponse = resellerService.customers() .insert(customer).execute(); System.out.println("Created Customer:\n" + customerResponse); // Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName(); name.setGivenName("Marty"); name.setFamilyName("McFly"); User user = new User(); user.setPrimaryEmail(userEmail); user.setPassword("TimeCircuit88"); user.setName(name); User userResponse = directoryService.users().insert(user).execute(); System.out.println("Created User:\n" + userResponse); // Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin(); admin.setStatus(true); directoryService.users().makeAdmin(userEmail, admin).execute(); System.out.println("User promoted to Admin"); // Create subscription resource Seats seats = new Seats() .setNumberOfSeats(5); Subscription.Plan plan = new Subscription.Plan() .setPlanName("ANNUAL_YEARLY_PAY"); RenewalSettings renewalSettings = new RenewalSettings() .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY"); Subscription subscription = new Subscription() .setCustomerId(CUSTOMER_DOMAIN) .setSeats(seats) .setPlan(plan) .setSkuId("1010020027") .setRenewalSettings(renewalSettings); Subscription subscriptionResponse = resellerService.subscriptions() .insert(CUSTOMER_DOMAIN, subscription).execute(); System.out.println("Created Subscription:\n" + subscriptionResponse); // Verify domain and designate domain owners SiteVerificationWebResourceResource.Site verifySite = new SiteVerificationWebResourceResource.Site() .setIdentifier(CUSTOMER_DOMAIN) .setType("INET_DOMAIN"); List<String> owners = Arrays.asList(userEmail); SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() .setSite(verifySite) .setOwners(owners); SiteVerificationWebResourceResource verifyResponse = verificationService.webResource().insert("DNS_TXT", resource).execute(); System.out.println("Site Verification Web Resource:\n" + verifyResponse); } }
C#
// OAuth2 and HTTP using Google.Apis.Auth.OAuth2; using Google.Apis.Services; // Reseller API using Google.Apis.Reseller.v1; using Google.Apis.Reseller.v1.Data; // Directory API using Google.Apis.Admin.Directory.directory_v1; using User = Google.Apis.Admin.Directory.directory_v1.Data.User; using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName; using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin; //Site Verification API using Google.Apis.SiteVerification.v1; using Google.Apis.SiteVerification.v1.Data; // System imports using System; using System.IO; class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes static string[] OAUTH2_SCOPES = { ResellerService.Scope.AppsOrder, DirectoryService.Scope.AdminDirectoryUser, SiteVerificationService.Scope.Siteverification }; /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static String CUSTOMER_DOMAIN = "example.com"; public static String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ static void Main(string[] args) { GoogleCredential credential; using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read)) { credential = GoogleCredential .FromStream(stream) .CreateScoped(OAUTH2_SCOPES) .CreateWithUser(RESELLER_ADMIN_USER); } var resellerService = new ResellerService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var directoryService = new DirectoryService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var verificationService = new SiteVerificationService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); // Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "INET_DOMAIN", Identifier = CUSTOMER_DOMAIN }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "DNS_TXT", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token); // Determine if customer domain already has Google Workspace try { resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Customer already exists if call succeeds"); Environment.Exit(0); } catch (Google.GoogleApiException e) { if (e.Error.Code == 404) { Console.WriteLine("Domain available for Google Workspace creation"); } else throw e; } // Create customer resource Address address = new Address() { ContactName = "Marty McFly", OrganizationName = "Acme Corp", CountryCode = "US", PostalCode = "10009" }; Customer customer = new Customer() { CustomerDomain = CUSTOMER_DOMAIN, AlternateEmail = "marty.mcfly@gmail.com", PostalAddress = address }; Customer customerResponse = resellerService.Customers.Insert(customer).Execute(); Console.WriteLine("Created Customer:\n{0}", customerResponse); // Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName() { GivenName = "Marty", FamilyName = "McFly" }; User user = new User() { PrimaryEmail = userEmail, Password = "TimeCircuit88", Name = name }; User userResponse = directoryService.Users.Insert(user).Execute(); Console.WriteLine("Created User:\n{0}", userResponse); // Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin() { Status = true }; directoryService.Users.MakeAdmin(admin, userEmail).Execute(); Console.WriteLine("User promoted to Admin"); // Create subscription resource Seats seats = new Seats() { NumberOfSeats = 5 }; Subscription.PlanData plan = new Subscription.PlanData() { PlanName = "ANNUAL_YEARLY_PAY" }; RenewalSettings renewalSettings = new RenewalSettings() { RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY" }; Subscription subscription = new Subscription() { CustomerId = CUSTOMER_DOMAIN, Seats = seats, Plan = plan, SkuId = "1010020027", RenewalSettings = renewalSettings }; Subscription subscriptionResponse = resellerService.Subscriptions .Insert(subscription, CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Created Subscription:\n" + subscriptionResponse); // Verify domain and designate domain owners SiteVerificationWebResourceResource.SiteData verifySite = new SiteVerificationWebResourceResource.SiteData() { Identifier = CUSTOMER_DOMAIN, Type = "INET_DOMAIN" }; string[] owners = { userEmail }; SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() { Site = verifySite, Owners = owners }; SiteVerificationWebResourceResource verifyResponse = verificationService.WebResource.Insert(resource, "DNS_TXT").Execute(); Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse); } }
PHP
// https://developers.google.com/api-client-library/php/ require_once 'vendor/autoload.php'; // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes $OAUTH2_SCOPES = [ Google_Service_Reseller::APPS_ORDER, Google_Service_SiteVerification::SITEVERIFICATION, Google_Service_Directory::ADMIN_DIRECTORY_USER, ]; ######### REPLACE WITH YOUR OWN VALUES ############### $JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; $RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; $CUSTOMER_DOMAIN = 'example.com'; $CUSTOMER_SITE = 'https://www.example.com/'; ###################################################### $client = new Google_Client(); $client->setAuthConfig($JSON_PRIVATE_KEY_FILE); $client->setSubject($RESELLER_ADMIN_USER); $client->setScopes($OAUTH2_SCOPES); $resellerService = new Google_Service_Reseller($client); $directoryService = new Google_Service_Directory($client); $verificationService = new Google_Service_SiteVerification($client); // Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'DNS_TXT', 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r ($response); // Determine if customer domain already has Google Workspace try { $response = $resellerService->customers->get($CUSTOMER_DOMAIN); exit('Customer already exists if call succeeds'); } catch(Google_Service_Exception $e) { if ($e->getErrors()[0]['reason'] == 'notFound'){ print ("Domain available for Google Workspace creation\n"); } else { throw $e; } } // Create customer resource $customer = new Google_Service_Reseller_Customer([ 'customerDomain' => $CUSTOMER_DOMAIN, 'alternateEmail' => 'marty.mcfly@gmail.com', 'postalAddress' => [ 'contactName' => 'Marty McFly', 'organizationName' => 'Acme Corp', 'countryCode' => 'US', 'postalCode' => '10009' ] ]); $response = $resellerService->customers->insert($customer); print_r ($response); // Create first admin user $user = new Google_Service_Directory_User([ 'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN, 'password' => 'Timecircuit88', 'name' => [ 'givenName' => 'Marty', 'familyName' => 'McFly', 'fullName' => 'Marty McFly' ] ]); $response = $directoryService->users->insert($user); print_r ($response); // Promote user to admin status $makeAdmin = new Google_Service_Directory_UserMakeAdmin([ 'status' => true ]); $directoryService->users->makeAdmin( 'marty.mcfly@' . $CUSTOMER_DOMAIN, $makeAdmin ); // Create subscription resource $subscription = new Google_Service_Reseller_Subscription([ 'customerId' => $CUSTOMER_DOMAIN, 'skuId' => '1010020027', 'plan' => [ 'planName' => 'ANNUAL_MONTHLY_PAY' ], 'seats' => [ 'numberOfSeats' => '5' ], 'renewalSettings' => [ 'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY' ] ]); $response = $resellerService->subscriptions->insert( $CUSTOMER_DOMAIN, $subscription ); print_r ($response); // Verify domain and designate domain owners $body = new Google_Service_SiteVerification_SiteVerificationWebResourceResource([ 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN, ], 'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN] ]); $response = $verificationService->webResource->insert('DNS_TXT', $body); print_r ($response);
Руби
require 'googleauth' require 'google/apis/reseller_v1' require 'google/apis/site_verification_v1' require 'google/apis/admin_directory_v1' # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/admin.directory.user', 'https://reseller.googleapis.com/auth/siteverification', ] ####### REPLACE WITH YOUR OWN VALUES ############### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com/' #################################################### credentials = Google::Auth::ServiceAccountCredentials.make_creds( json_key_io: File.open(JSON_PRIVATE_KEY_FILE), scope: OAUTH2_SCOPES) credentials.sub = RESELLER_ADMIN_USER Google::Apis::RequestOptions.default.authorization = credentials reseller_service = Google::Apis::ResellerV1::ResellerService.new directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new # Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, verification_method: 'DNS_TXT' ) response = verification_service.get_web_resource_token(request) puts response.inspect # Determine if customer domain already has Google Workspace begin reseller_service.get_customer(CUSTOMER_DOMAIN) abort('Customer already exists if call succeeds') rescue Google::Apis::ClientError => ex if ex.status_code == 404 puts 'Domain available for Google Workspace creation' else raise ex end end # Create customer resource customer = Google::Apis::ResellerV1::Customer.new( customer_domain: CUSTOMER_DOMAIN, alternate_email: 'marty.mcfly@gmail.com', postal_address: { contact_name: 'Marty McFly', organization_name: 'Acme Corp', country_code: 'US', postal_code: '10009'}) response = reseller_service.insert_customer(customer) puts response.inspect # Create first admin user user = Google::Apis::AdminDirectoryV1::User.new( name: { given_name: 'Marty', family_name: 'McFly', full_name: 'Marty McFly' }, password: 'Timecircuit88', primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN, ) response = directory_service.insert_user(user) puts response.inspect # Promote user to admin status admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new( status: true ) response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status) # Create subscription resource subscription = Google::Apis::ResellerV1::Subscription.new( customer_id: CUSTOMER_DOMAIN, sku_id: '1010020027', plan: { plan_name: 'ANNUAL_MONTHLY_PAY' }, seats: { number_of_seats: 5, }, renewal_settings: { renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY' } ) response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription) puts response.inspect # Verify domain and designate domain owners webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, owners: ['marty.mcfly@' + CUSTOMER_DOMAIN] ) response = verification_service.insert_web_resource('DNS_TXT', webResource) puts response.inspect
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises const {google} = require('googleapis'); // ############## REPLACE WITH YOUR OWN VALUES #################### const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; const CUSTOMER_DOMAIN = 'example.com'; const CUSTOMER_SITE = 'https://www.example.com/'; // ################################################################ // Full List of scopes: https://developers.google.com/identity/protocols/googlescopes const OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ]; const authJWT = new google.auth.JWT({ keyFile: JSON_PRIVATE_KEY_FILE, scopes: OAUTH2_SCOPES, subject: RESELLER_ADMIN_USER, }); const resellerService = google.reseller({version: 'v1', auth: authJWT}); const directoryService = google.admin({version: 'directory_v1', auth: authJWT}); const verificationService = google.siteVerification({version: 'v1', auth: authJWT}); // Run all the steps one after each other, and exit as soon as one of them fail Promise.resolve() .then(() => { /** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, verificationMethod: 'DNS_TXT', } }).then(({data}) => { console.log(data); return data; }); return getTokenPromise; }) .then(() => { // Determine if customer domain already has Google Workspace const getCustomerPromise = resellerService.customers.get({ customerId: CUSTOMER_DOMAIN }).then(() => { throw new Error('Customer already exists'); }, resErr => { if (resErr.code === 404) { console.log('Domain available for Google Workspace creation'); } else { throw resErr; } }); return getCustomerPromise; }) .then(() => { // Create customer resource const insertCustomerPromise = resellerService.customers.insert({ requestBody: { customerDomain: CUSTOMER_DOMAIN, alternateEmail: 'marty.mcfly@gmail.com', postalAddress: { contactName: 'Marty McFly', organizationName: 'Acme Corp', postalCode: '10009', countryCode: 'US', } } }).then(({data}) => { console.log(data); return data; }); return insertCustomerPromise; }) .then(() => { // Create first admin user const insertUserPromise = directoryService.users.insert({ requestBody: { primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`, name: { givenName: 'Marty', familyName: 'McFly', }, password: 'Timecircuit88', } }).then(({data}) => { console.log(data); return data; }); return insertUserPromise; }).then(() => { // Promote user to admin status const makeAdminPromise = directoryService.users.makeAdmin({ userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`, requestBody: { status: true } }); return makeAdminPromise; }) .then(() => { // Create subscription resource const insertSubscriptionPromise = resellerService.subscriptions.insert({ customerId: CUSTOMER_DOMAIN, requestBody: { customerId: CUSTOMER_DOMAIN, skuId: '1010020027', plan: { planName: 'ANNUAL_MONTHLY_PAY', }, seats: { numberOfSeats: 5, }, renewalSettings: { // only relevant for annual plans renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY', } } }).then(({data}) => { console.log(data); return data; }); return insertSubscriptionPromise; }) .then(() => { // Verify domain and designate domain owners const verifyDomainPromise = verificationService.webResource.insert({ verificationMethod: 'DNS_TXT', requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`], } }).then(({data}) => { console.log(data); return data; }); return verifyDomainPromise; }) .catch(err => { console.error('Error:', err.message); if (err.code) { console.log('Error code:', err.code); } if (err.errors) { console.log('Details:', err.errors); } });