I am looking for information on Google Apps APIs.
Is it possible to terminate the user's active session using the Google Apps API? If yes, can you please provide me the details on how to do that.
I am using Directory API to access list of groups and update memberships of users: https://developers.google.com/admin-sdk/directory/v1/reference/groups. Can the same API be used to access and update the membership of collaborative groups also?
Thanks.
No. This is an open Feature Request here. Would be an awesome feature :)
Not sure what you mean by a 'collaborative group'. That being said, any admin-managed group (created in the Admin console) can have its membership modified by the Directory API.
Regarding question 2, yes you can update group memberships of any groups in your Google Apps domain including Collaborative Inbox style groups. You would use the "Directory API: Group Members" endpoint, documented here:
https://developers.google.com/admin-sdk/directory/v1/guides/manage-group-members
Related
Is it possible to get global tenant settings via a graph api endpoint? For example, if I want to programmatically determine if my tenant's sharepoint settings limit external sharing by domain, is there a graph api endpoint for this? Based on my research I have yet to find an endpoint that gives me access in either v1 or beta (https://learn.microsoft.com/en-us/graph/api/reportroot-getonedriveactivityuserdetail?view=graph-rest-1.0)
It does seem possible to gather this information via powershell using the SharePoint Online module by doing
Get-SPOTenant | fl SharingDomainRestrictionMode,SharingAllowedDomainList
For added context here is the same setting in the sharepoint admin center:
If admin center endpoints (SharePoint, OneDrive, Azure AD, etc.) are not currently available in the graph api are they on the future roadmap?
Thank you in advance for any insight you can provide.
Currently it is not supported and its not under road map.
Please raise user voice.
I need to set group permissions by inheriting from another already existing group but it has to be coded. I've managed to create a group but I haven't found a way to edit their permissions, is there any way to do it using either Client libraries or the API resources?
I believe it should be possible to do it using SecurityHttpClient's function SetAccessControlListsAsync() or something similar to it but I'm not sure how to implement it.
It seems you are looking for Access Control Entries - Set Access Control Entries API, which is used to add or update ACEs in the ACL for the provided token.
More details, you can refer to the documentation below:
https://learn.microsoft.com/en-us/rest/api/azure/devops/security/?view=azure-devops-rest-5.0
I don't think it is possible for the APIs at the moment. I also can not find APIs which are used to set the permission for the group.
#Cece Dong - MSFT, in your response, the API is for security namespace of the organization, but it is not for a group. In another word, I can not find any relationship with the security namespace and group. I created a group in my project, but when i use this API to query all the security namespaces, i can not get the relative group info.
I am trying use Google Drive Rest API. My use case is, I have a google domain with some users and one admin. And I need to access and manipulate all users data from admin account.
Is it possible?
If possible can any one say how?
You have to use a Service Account to authorize your requests. Here you can find a guide that explains how. I'd recommend reading the documentation carefully as using service accounts may be quite dangerous.
Is it possible to retrieve a list of ga_account_id and ga_profile_id from only the 'starred' profiles by my analytics account programatically?
I've read through the API docs and can't see how this is possible.
You can do this with the Management API . I strongly recommend the account summary's report as its just one request and will return everything you need.
GET /management/accountSummaries
I have an application which wants to provide customization for users once they log in. Simple things like displaying a profile image and job title. This information is available in the Google Apps Profiles API, but the domain-admins are concerned about overreach with the scope. In particular, they don't want to approve the application if it has write access when it isn't needed.
The regular scope (with read/write) for the API according to the API Documentation is https://www.google.com/m8/feeds/profiles and I have tried all of the following with no luck
https://www.google.com/m8/feeds/profiles.readonly
https://www.google.com/m8/feeds/profiles.read
https://www.google.com/m8/feeds/profiles/#readonly
https://www.google.com/m8/feeds.readonly
https://www.google.com/m8/feeds.read
https://www.google.com/m8/feeds/#readonly
What scope can I specify in order to get read-only access to the Profile data? If I'm barking up the wrong tree entirely, where should I be looking?
Any non-admin user can access the GAL programmatically, see:
https://github.com/google/gfw-deployments/blob/master/apps/shell/gal/gal_feed.sh
I don't believe this api call is documented or supported officially. Note that the Global Address List is a compilation of user profiles, groups and shared contacts. If you don't want to see groups and shared contacts you'll need to figure out how to parse them out.
You need the user account under whose credentials the code is running to be either:
super admin or
to be listed under CPanel > Domain Settings > Admin Roles > [...put it in a created/user role...] > "Provisioning APIs" > Users - create/update/read/delete (as required, ticked ON). For example, for read only access to the Profiles API, set it there to 'read'.
I wrestled with this myself. I was not able to get this to work either.