I am able to list the shared contacts in the python API using the listDirectoryPeople method (with the DirectorySourceType DIRECTORY_SOURCE_TYPE_DOMAIN_CONTACT) in the People API.
However, when I try to delete a specific shared contact (by resourceName) using the deleteContact method, I get the error:
"Resource name "people/<resource_string>" is not a valid contact person resource."
I am authenticating my script with a SuperAdmin and using the scopes:
SCOPES = [
'https://www.googleapis.com/auth/contacts',
'https://www.googleapis.com/auth/directory.readonly'
]
Why am I unable to delete shared contacts?
As the scope name directory.readonly suggests, it is read-only, and you can't modify/delete these contacts using this scope in the People API.
In order for Google workspace admins to edit these contacts you need a different API, check out the Shared Contacts API: https://developers.google.com/admin-sdk/domain-shared-contacts
Related
I have been trying to figure out after referring to their official documentation (Google Ads API Document) which is not clear enough
Here is what I have tried till now.
I have created an app where users can log in with their Google Ad words account. I need to fetch their Ad performance reports via REST API.
To make an API request to fetch performance reports, we need the Google Ad Words Account ID of the authenticated user. Currently, as I am testing it with my personal account, I can login to my Ad words Console and get the Ad Words Account ID. But, how do I fetch the Ad Words Account ID dynamically for other users who authenticate via my App?
I tried looking for a way in their official documentation. But I couldn't figure out.
Could someone help me with the REST API URL which needs to be called to fetch the authenticated user's Ad words Account ID.
In addition to previous answer, I guess this is what you are looking for:
https://developers.google.com/adwords/api/docs/guides/first-api-call#create_test_accounts
It explains how to setup Google Ad Words API and get your ID.
According to the documentation here Account overview, you need to list the customers to get the ID. For each user that logs in as long as they do not have access to multiple accounts you should get a single customer and their ID.
CustomerService
CustomerService provides information about your accounts. It has a
getCustomers() method that takes no arguments and returns a list of
Customer objects containing fields such as customerId, currencyCode,
and dateTimeZone. CustomerService also has a mutate() method that can
be used to update various attributes of a customer, including the
autoTaggingEnabled and conversionTrackingSetting fields.
If no clientCustomerId is specified in a request, the response will
contain multiple entries if more than one account is directly
accessible by the authenticated account.
I want to automate virtual server deployment on SoftLayer using API (REST API preferred). The idea is to create a new user in the portal with API access but I want to restrict its access to only some calls: Order Virtual Server or Get virtual servers detail.
But do not allow the user to access other services like: Bare metal ordering, determine next billing and all operations related to billing/invoice.
Is it possible to limit API access for a user for that use case ?
Thank you.
what you can do using the API is the same that you can do using the Softlayer's control portal, You can see all the permission that you can grant to the users by going to:
Account->Users on menu
Click over an created user and click on permissions
There is a permission to allow to your users see the billing items, this permission is called "View Account Summary" so you can disable the permission and your usaer will not be able to see the invoices. For servers there is a permission called "Add server", but this permission is for Bare metal servers, Virtual guests and for the rest of oders if you disable this permission your user will not able to order neither Bare metal servers nor Virtual guest.
Now using the API you just need to use the method:
http://sldn.softlayer.com/reference/services/SoftLayer_User_Customer/addPortalPermission
e.g. using REST:
POST https://$USER:$apikey#api.softlayer.com/rest/v3/SoftLayer_User_Customer/$USERIDOFUSERTOEDITPERMISSION/addPortalPermission
payload:
{ "parameters": [
{
'keyName': 'TICKET_ADD'
}
]}
You can use this method to get the list of all permissions in softlayer:
https://sldn.softlayer.com/reference/services/SoftLayer_User_Customer_CustomerPermission_Permission/getAllObjects
Regards
I am an Azure Global Tenant Admin for our [Premium] Azure AD instance. I have a Web App that requires Group/User Assignment to access. We need to know which Groups and Users have been assigned access. The Azure UI does not let you query this information so I am wondering if there is any way to obtain a list of Groups/Users that have been assigned access to a Web App.
Edit: It looks like the Graph API version 1.5 now supports this. I can download the servicePrincipal ODATA with this URL:
GET string.Format("https://graph.windows.net/{0}/servicePrincipals?api-version=1.5&$filter=appId+eq+'{1}'",
tenant, clientId)
According to this MSDN post, I should be able to use a URL format like
GET string.Format("https://graph.windows.net/{0}/servicePrincipals/{1}/appRoleAssignedTo?api-version=1.5",
tenant, clientId)
However, I am receiving this error:
"Resource 'f4126638-cb47-48df-ad9d-57c0684b6575' does not exist or one of its queried reference-property objects are not present."}
In the second Graph call, I should be using the servicePrincipal's ObjectID returned from the first call instead of the Application's ClientID.
I want to write a small application to verify members of a GitHub organisation.
The app should match the concrete GitHub org members with a database. When someone is not in the database it should remove it from the GitHub org and so on.
My Problem in using the GitHub API is, that the following request only lists public memberships (since I did not authenticate as a user, but I do not want to).
https://api.github.com/orgs/_orgname_/members?client_id=_client_id_&client_secret=_client_secret_
where orgname, _client_id_ and _client_secret_ are replaced with the actual organisation name and a client id/secret pair registered on this organisation.
How can I access the private members without authenticating as a user (only as an app (server2server) )?
You can't -- you need to authenticate as a user and have the right permissions. When you provide client_id and client_secret, you're still making unauthenticated requests:
https://developer.github.com/v3/#increasing-the-unauthenticated-rate-limit-for-oauth-applications
And unauthenticated requests can only be used to read publicly available information.
I have an application which wants to provide customization for users once they log in. Simple things like displaying a profile image and job title. This information is available in the Google Apps Profiles API, but the domain-admins are concerned about overreach with the scope. In particular, they don't want to approve the application if it has write access when it isn't needed.
The regular scope (with read/write) for the API according to the API Documentation is https://www.google.com/m8/feeds/profiles and I have tried all of the following with no luck
https://www.google.com/m8/feeds/profiles.readonly
https://www.google.com/m8/feeds/profiles.read
https://www.google.com/m8/feeds/profiles/#readonly
https://www.google.com/m8/feeds.readonly
https://www.google.com/m8/feeds.read
https://www.google.com/m8/feeds/#readonly
What scope can I specify in order to get read-only access to the Profile data? If I'm barking up the wrong tree entirely, where should I be looking?
Any non-admin user can access the GAL programmatically, see:
https://github.com/google/gfw-deployments/blob/master/apps/shell/gal/gal_feed.sh
I don't believe this api call is documented or supported officially. Note that the Global Address List is a compilation of user profiles, groups and shared contacts. If you don't want to see groups and shared contacts you'll need to figure out how to parse them out.
You need the user account under whose credentials the code is running to be either:
super admin or
to be listed under CPanel > Domain Settings > Admin Roles > [...put it in a created/user role...] > "Provisioning APIs" > Users - create/update/read/delete (as required, ticked ON). For example, for read only access to the Profiles API, set it there to 'read'.
I wrestled with this myself. I was not able to get this to work either.