Hi I'm trying to use google cloud identity apis in order to retrieve the list of users registered with CI under my organization. I've tried first with this api https://cloud.google.com/identity/docs/reference/rest/v1/groups/list passing the organization ID as parent field but I got the following error:
{
"error": {
"code": 400,
"message": "Request contains an invalid argument.",
"status": "INVALID_ARGUMENT"
}
}
I've also tried with https://cloud.google.com/identity/docs/reference/rest/v1/groups/get passing "groups/" as name but this time I got this output:
{
"error": {
"code": 403,
"message": "Error(2017): User does not have permission to get group 'groups/abcpi1tg3uve2ab' (or it may not exist).",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ResourceInfo",
"resourceType": "cloudidentity.googleapis.com/Group",
"resourceName": "groups/abcpi1tg3uve2ab",
"owner": "domain:cloudidentity.googleapis.com",
"description": "Error(2017): User does not have permission to get group 'groups/abcpi1tg3uve2ab' (or it may not exist)."
}
]
}
}
and I'm using the same account I use to log into Admin console.
I'm testing the apis via apis explorer with a superadmin user.
Can anyone please tell me what I'm doing wrong and what the "parent" required field exactly mean in the first api?
There seem to be some issue with this cloud identity methods, I was not able to make them work properly.
I suggested some other ways that has been tested to retrieve this groups information:
I ran some tests and it seems there is some issue with cloud identity Method to get the groups, please use this other method from Gsuite to get the Groups from Identity.
Also I tes some interesting function to retrieve this groups that will help you, please take a look to it.
I successfully find a way to use it.
For instance, I tried to use membership lookup, and after struggling a bit.
You have to uncheck API Key.
And group_id is not the email's group but the id that you can find in the Admin console. Look like something like that: 028g0dx5903cNq
Related
I tried to get list of my google group from this page: reference/members/list
And used the group ID/Name/Email as groupKey value, but get only this response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Resource Not Found: groupKey"
}
],
"code": 404,
"message": "Resource Not Found: groupKey"
}
}
I wonder am I specified wrong key or what is wrong? I haven't used google apis before, just want to try.
I haven't tried that api in my code, just wanted to try in "sandbox" before.
You are getting error 404 which means no resources available or cannot find the resources for the given groupKey.
Create a group in G suite
Add at least one user. No need to do that if you already created. But make sure that you have created the group.
Come back to Google APIs Explorer
Provide group's email ID as value.
Complete your authentication & authorization using G suite credentials. You may be logged in using your personal email ID. Make sure you have completed authorization using G suite account.
you will get the list of members from the group
Before tried to list all the members from the group (list members), just try to get one member (get members). It will help you in some cases.
I'm part of an organization that created and still actively uses a Google Group. When Google started it's G-Suite service for organizations, got on board with having a proper Google organization. The problem is, now when members join and leave the organization, there's this nuisance task that requires someone to add them or remove them from the legacy Google Group.
That group, as far as I can tell, is dissociated with the G-suite organization. We do have an Administrator account (from the G-suite organization) among the Managers of the Google Group, FWIW. The Google Group has an email address that ends "#googlegroups.com".
So I tried using this Google tool to just examine the Google Group using the aforementioned Administrator account from G-Suite, and it just gives back a 404 with this response body:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Domain not found."
}
],
"code": 404,
"message": "Domain not found."
}
}
Is there any way to accomplish what I'm trying to do (automate the aforementioned nuisance task).
Ultimately, I think this is the set of APIs that I will need to use, and I've tested very basically that they work for a Google Group that is actually part of the G-Suite organization (i.e. has the same email domain).
I chatted to Google support and the word I got was basically, no dice. Legacy / free Google Groups are, from what I understand, not supported for API access.
I want to get the IAM policy for a user using
https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy
When I enter a userid into the resource field though, I get
{
"error": {
"code": 400,
"message": "Invalid JSON payload received. Unknown name \"body_resource\": Cannot find field.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"description": "Invalid JSON payload received. Unknown name \"body_resource\": Cannot find field."
}
]
}
]
}
}
What should I put in the request body to get the IAM policy for this user? Or is the error wrong and Users just dont have resource policies like this?
EDIT: To be clear, I get this error no matter what I put in the resource field
I think right now the UI for this API is broken and doesn't work from the browser, I get the same error.
You can however try calling it from the API explorer, or by making the call using the api client libraries as shown in the examples at the bottom of the page you linked.
The in-page explorer did have a bug, but the fix is rolling out now.
This was caused by an issue with how the GAPI library calls APIs with a parameter called 'resource', so it should only have affected pages with such a parameter in their method.
I am working with the Google Directory API to retrieve all of the groups that a person is part of for role based privileging in the app I'm working on.
https://developers.google.com/admin-sdk/directory/v1/guides/manage-groups#get_all_member_groups
Our Admin is able to successfully retrieve a list of groups that he is a part of, using the API Explorer, but I am not. I am getting the error below and I'm assuming it is because I am not an Admin.
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}
],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
How do we retrieve the groups a user belongs to? Is there any way to supply an Admin Credentials to retrieve the groups a user belongs to?
There's no way for regular users to programmatically retrieve their group membership. I'd recommend creating a delegated admin with priveledges to read groups via the API but nothing else. Also, when doing the OAuth 2.0 request, only the readonly groups scope is needed. Share these credentials with any users that need to get their group membership or have your app make the api call as the delegated user on their behalf.
I'm trying to build an application that will help manage different ad accounts for different customers (multiple businesses, so it has to handle multiple ad accounts). I'm looking at the ads API documentation for ad account groups, and the examples aren't working in the graph API explorer. Things like GET requests to
https://graph.facebook.com/v2.4/<AD_ACCOUNT_GROUP_ID>/users
(from Facebook's documentation here) are returning the following error:
{
"error": {
"message": "(#275) Ad account cannot be determined for this request",
"type": "OAuthException",
"code": 275
}
}
As best as I can tell, the documentation is incorrect - I think it can't tell the difference between an ad account ID and an ad group ID (I know this pattern is also used for things like managing custom audiences which is why I'm guessing it thinks it should be seeing an add account ID). Is there a better guide on updating ad account group membership via the API I can reference, or an endpoint I can substitute in for Facebook's official documentation?
First off please note at this time, you can still use v2.3 Facebook graph calls, prior versions have been deprecated by Facebook.
You will get this error. If you try older graph versions:
{
"error": {
"message": "(#2635) You are calling a deprecated version of the Ads API. Please update to the latest version.",
"type": "OAuthException",
"code": 2635
}
}
At the time of this writing you can use v2.3 calls and it still works.
Next I presume you want to know all the users, within accounts so the first thing to do is to get the list of accounts... Then iterate through each.. on an ad account basis.
Look up the api call to get a list of ad accounts, for a Facebook user id.
You will need the ad_read permission on the token in order to get the list.
Your api call should then look like this to get the users on each account.
Notice I put act_ in front of the actual account id. This is required and tells Facebook you are dealing with an ad account.
https://graph.facebook.com/v2.3/act_999998730499999/users?access_token=CAZZZZZpCZBjEBAJmcyfqbcluGAJZCtqfv4kI6CtLC7JGHaJ7IO2ImGCfkQFZC9NXCAZC2CAbtEdQcWMYFpqsFAkgJVqNqjnKGQkMrukyl53WZBIdq7vofFYyxvaTJTsWVOQhWTrjNoox0QqRCt3vGaDsRGHLBFDxqKLfXOcDKfS1oppj1nDjKdPe2GHYrHirlBkhxWS95MNgW7ajZZZZZ
Note: I have added ZZZZZs and 9999s in places to disguise my actual account and token.
The token used must be the ad account holder's token for the app. The user must have authorized the app for the ad_read permission on this token creation for the call to work.
The result looks like this:
{
"data": [
{
"name": "Joe Programmer",
"permissions": [
1,
2,
3,
4,
5,
7
],
"role": 1001,
"id": "999995304499999"
}
]
}
When using the development access of the Facebook Ads API, you need to specify which adaccounts you are going to use and you must own the adaccounts.
See the following guide:
https://developers.facebook.com/docs/reference/ads-api/access#standard_accounts