I want to monitor employees interactions inside companies. In the case the company is using Gmail, I was thinking about using https://developers.google.com/admin-sdk/email-audit/.
But i still have some questions regarding the "lawful" purpose and I'm wondering if Email Audit is the right API if my purpose is to monitor in real-time emails knowing there will be at least 10 000 emails/day to monitor.
If you check the Usage Limits and Quotas:
Limits and quotas protect the Google infrastructure from an automated process that uses the Email Audit API in an inappropriate way. Excessive requests from an API might result from a harmless typo, or may result from an inefficiently designed system that makes needless API calls. Regardless of the cause, blocking traffic from a specific source once it reaches a certain level is necessary for the overall health of the Google Apps system. It ensures that one developer's actions cannot negatively impact the larger community.
To answer you question, if your goals falls under this description - Google Apps Email Audit API Developer's Guide:
The Google Apps Email Audit API allows Google Apps administrators to audit a user's email, email drafts, and archived chats. In addition, a domain administrator can retrieve account login information and download a user's mailbox. This API can be used only for lawful purposes in accordance with your Customer Agreement.
Then the answer would be yes, it is the appropriate API to use. If you are thinking about the 10000 emails/day, you might want to check if it is reasonable to ask for quota increase.
Hope this helps!
Related
I am looking for a job as a system analyst and in interviews I come across tasks like this.
Imagine that you are working on a credit scoring system that decides whether a user is creditworthy. The user fills an application form and receives notification (say, in SMS) with the scoring result. Apart from the data provided by the user the system utilizes their credit bureau information.
What questions will you ask to clarify the task and what microservices will you propose to create for this system?
It is obvious that the solution I propose is too simple or not enough detailed, so I will be most grateful for the help.
I usually suggest that there will be 4 microsevices:
Service requesting information about the user from the bank database;
Service requesting credit bureau information;
Service performing scoring;
Service sending notifications.
Some questions that come to mind about clarify the task. Would be...
What is the intended use of the credit scoring system? Is it intended to be used by a financial institution to decide whether to grant a loan, or is it intended for some other purpose?
Who will be responsible for maintaining and updating the system? Will there be a dedicated team of developers and analysts working on the system, or will it be the responsibility of a single individual or department?
What data sources will be used to generate the credit scores? Will the system rely solely on information from the user's credit bureau, or will it also incorporate data from other sources, such as bank account information or employment history?
How will the system handle users who do not have a credit bureau file? Will there be a process in place to handle these cases, or will the system simply reject these users?
Based on the information, I came up with the same microservices as you.
A user data service that stores and manages information about users, including their personal and financial information.
A credit scoring service that calculates credit scores based on the data provided by the user and other sources.
A notification service that sends SMS messages to users with their credit scores and any other relevant information.
A data integration service that manages the flow of data between the different microservices and external data sources.
This is just one possible solution, and the specific services involved would be dependent on finding out more information on the business requirements.
I have two-step authentication on facebook. I just tried to log in from my home PC but didn't write second step code.
I've got notification that somebody (me) was trying to login to my account and location was so precise (within 2 meters).
I wondered how facebook detects location so precisely only based on IP?
Today geolocation is in the core business of Marketing companies, there's a very developped market of customer data, so tons of mobile apps and services collect data such as usual IP addresses, personal information, interests, locations.
That information gets reselled to data brokers, aggregated, corrected. And then Facebook or others can buy that data, merge it, implement corrections and so and get tables for matching IPs and locations that are not public, it seems.
However they offer a high level API to perform market targeting which seems to use that data:
https://developers.facebook.com/docs/marketing-api/buying-api/targeting#location
In your case it was precise because they may have a good dataset based on your privacy settings experience, not only with facebook but with other geo-located apps. In my case their guess is wrong by hundreds of Km, because I was behind a corporate proxy.
In Mandrill, if you create a new API key and do not limit its API calls, whoever you give that key to can use it to log into the web interface with full access - billing information, account information, the works.
After playing around, it looks like you can disable the web interface login functionality by ticking "Only Allow This Key To Use Certain API Calls" and then selecting at least one API call. Doesn't matter which one.
So I can give full access to the account, or completely disable their ability to log in. Is there any way to customize this further? I would like to be able to limit users to the outbound/inbound UI, or at least prevent them from having the ability to charge many thousands of dollars to the attached credit card. For clarification, my use case is to distribute API keys to contractors or vendors so that all email gets sent through a single account.
I have found very little official Mandrill documentation on this. The only thing that seemed relevant is that if you have a Mailchimp account, you can instead send users there and use the "View Mandrill Reports" functionality. I don't have Mailchimp (nor do I need it), so this seems like an unnecessary hacky workaround.
Different levels of access, other than limiting API calls for API keys isn't currently possible as described in the Mandrill KB here. If someone has access to the web interface, they have access to the account as a whole. This may, of course, change in the future, and would be documented on the blog and in the KB.
I believe you could also restrict access to the web interface by setting up two-factor authentication?
How do you get the total number of users in a Google Apps Domain? I'm aware of the "Retrieve All Users in Domain" call using the Google Provisioning API, but I'd rather not execute such an intensive call just to count up all the users. Is there a simpler way to do this?
I found a solution that isn't as resource-heavy as retrieving all users: The Google Reporting API can be used to get the total number of accounts in a Google Apps domain.
The Google Apps Admin Settings API allows you to retrieve both the current and maximum number of users in the domain:
https://developers.google.com/google-apps/admin-settings/#retrieving_the_current_number_of_users_in_a_domain
this would be preferable to the reports API as it's both lower in traffic and it's closer to real time (reports are only updated every 24 hours so it won't take into account users recently added).
You could try "Retrieve All Nicknames in Domain" which could save some bandwidth as it hopefully really only retrieves the nicknames, although I think this won't get you the exact count because "Retrieve All Nicknames for a User" seems to imply that a user can have multiple nicknames.
If you've got some test domain, also assure that retrieving all users really is too much overhead and keep in mind that depending on what you want to do, you can perhaps build some kind of cache around it that only does a full request after the cache is older than X.
What is google apps and why are so many startup companies using it?
Google Apps is a collection of business software components delivered as a service, saving you from having to install Exchange, Office and the usual business stuff. Plus Google Apps allows people to write their own apps and install them on Google's servers. A lot of companies use Google Apps for email and calendering instead of Exchange these days. It saves costs.
One useful feature of Google apps is that it allows you to use the gmail interface to host email on google's servers for your own domain. So you can send/recieve email with an #example.com address (if your startup was called example.com).
Unlike many apps, the Google Business Apps are intuitive. Calendars, email, file sharing, contacts, and more are simple to use and will work virtually on any internet connected device.
basic benefits of google apps are -
1. It is Cost Efficient - For only $5 a month, you will receive email addresses for your team with your company's name, 30 GB storage you can use for file storage and sharing, online calendars, and the ability to easily create online spreadsheets, slides, text documents, and more. All these great features including admin controls and security from a name you can trust. If you prepay for a year you will actually save $10.
Security - The company is FISMA-Moderate level certified -- this is the same level of certification for the internal email usage within the United State's government. Google is also capable of supporting HIPAA compliance. Google is trusted by millions to virtually secure their email from any threats through routinely checking emails before downloading a document for any threats of viruses, pshing emails, malware and more.
User friendly and intutive interface.
Google Apps are...
“A set of intelligent apps including Gmail, Docs, Drive, and Calendar to connect the people in your company, no matter where in the world they are.”
Source: https://gsuite.google.com/together/
Examples: Google Calendar, Google Drive, Google Hangouts, Google Slides, Google Spreadsheets - those are all web-based applications ("apps").
G Suite is the name given by Google for their collection of applications. Formerly named “Google Apps for Work” and “Google Apps for Your Domain”, G Suite is resource implemented by I.T. Administrators, to enable access to Google Apps, through a domain (and their aliases).
For Example: Rather than using your standard Gmail address (username#gmail.com), users in a business or organization would login to access those web-apps using an email address with their own domain, like (username#example.com).
The interface is the same as for standard Google Account holders, yet G Suite admins have the ability to add some branding, and control features - through the G Suite Admin Console.
I'm going to stop here before this post starts to resemble a pitch - let's just say that I really enjoy the fact that my workplace has implemented G Suite for our organization - it has made my duties, that much easier!