According to https://developers.google.com/admin-sdk/directory/v1/reference/users
relations[].value string The name of the person the user is related to. writable
However, if I try to create a relation of type "manager" with the value "John Smith", I get the following error:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 400 Bad Request
{
"code" : 400,
"errors" : [ {
"domain" : "global",
"message" : "Invalid Email: John Smith",
"reason" : "invalid"
} ],
"message" : "Invalid Email: John Smith"
}
Through trial and error, I've determined that the only value that will be accepted is an email address in the domain of the user you are attempting to update (it does not have to be a valid email address, i.e. an email address not used by one of the users registered in the domain).
Is this a bug in the API, or is it a deficiency in the documentation?
The interesting thing is that we have a client who has a few people with relations of type manager defined that have values that are not email addresses (i.e. "John Smith"). So, I'm thinking this may be a problem in the API.
This is expected behavior and allows direct linking of an employee with their manager. If you wish to use free form text, use a custom type or one of the other types.
Update: The new user search functionality allows searching for a user's manager by email address externalId. This search is dependent on the manager being set to an email address as is required by the operation.
Related
I have G Suite for my domain, and I have a Google group in this G Suite whose members could be domain users or external e-mail addresses.
I need to check via Google API that particular address is a member of this group.
I found the following two methods: hasMember and list, however neither of them is good for my purpose. The former method seems to work with domain users only, so if I pass external email as memberKey parameter to this method, it just returns HTTP status code 400 and response looking like this:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Missing required field: memberKey"
}
],
"code": 400,
"message": "Missing required field: memberKey"
}
When I pass email that is in my domain, I get HTTP code 200 and response looking like this:
{
"isMember": false
}
The latter method returns me all the addresses within the group, including external ones, but it does not scale to really large groups.
Are there any other methods (or other ways to use these methods) that I could use to solve my problem?
I have been successful in creating a new Account User from following this tutorial: https://forge.autodesk.com/en/docs/bim360/v1/reference/http/users-POST/#example, and have used the PATCH method to set their status to active on Postman.
I would like to set their role and access_level but I am having trouble doing so. I have followed the link below to try and perform this function, but it requires the user to already be a BIM 360 Project Admin for it to work.
https://forge.autodesk.com/en/docs/bim360/v1/reference/http/projects-project_id-users-user_id-PATCH/
I also tried following the next link below to add a User to a project, but I am getting errors that I am unsure how to fix.
https://forge.autodesk.com/en/docs/bim360/v1/reference/http/projects-project_id-users-import-POST/
URI: https://developer.api.autodesk.com/hq/v2/accounts/:account_id/projects/:project_id/users/import
Method: PATCH
Authorization: *******************************************
Content-Type: application/json
x-user-id: {{user_id}}
Body:
{
"email": "john.smith#mail.com",
"services": {
"document_management": {
"access_level": "account_admin"
}
},
"company_id": ************************************,
"industry_roles": [
************************************
]
}
(The id for industry_role is IT).
Error:
{
"code": 1004,
"message": "this user doesn't exist."
}
I am unsure how I am getting this error since the User Id used for x-user-id is the same user_id associated with the email given in the request body. Is there a way to fix this or another method I can use?
The x-user-id header is not for specifying the user to import but rather:
x-user-id
string
In a two-legged authentication context, the app has access to all users specified by the administrator in the SaaS integrations UI. By providing this header, the API call will be limited to act on behalf of only the user specified.
Remove this field if that's not what you intended.
Verify the user id and email match each other via /GET users and /GET users:userid.
And be sure to provide either the user's email or the user ID and don't provide them both:
Note that you need to specify either an email, or a user_id. However, you cannot specify both.
See doc here
The Google Directory API https://developers.google.com/admin-sdk/directory/v1/reference/users/get
returns following kind of organizations data for a User. However in the Apps Admin console I can not find where the corresponding organisations name "Company Title" is defined. From where does it come from or how to edit that data? This is also inconsistent, since for some Users in this same domain the "name" field is missing completely?
"organizations": [
{
"name": "Company Title",
"title": "Software Developer",
"primary": true,
"type": "work",
"department": "The SW department"
}
],
I'm not particular about the Apps Admin console but you can update a user account if there are data that has to be changed.
To update a user account, use the following PUT request and include the authorization described in Authorize requests. The userKey can be the user's primary email address, the unique user id, or one of the user's alias email addresses. For the request and response properties, see the API Reference.
PUT https://www.googleapis.com/admin/directory/v1/users/userKey
You can try the REST API to retrieve all or children organization units.
To retrieve all sub-organization units under an organization unit or to retrieve the immediate children sub-organization units under an organization unit, use the following GET request and include the authorization described in Authorize requests. For the request and response properties, see the API Reference.
GET https://www.googleapis.com/admin/directory/v1/customer/my_customer
/orgunits?orgUnitPath=full org unit path&type=all or children
Here is a sample response to the List of Org unit/s
{
"kind": "directory#orgUnit",
"name": "sales",
"description": "The corporate sales team",
"orgUnitPath": "/corp/sales",
"parentOrgUnitPath": "/corp",
"blockInheritance": false
}
You can also try using the Update an organization unit:
To update an organization unit, use the following PUT request and include the authorization described in Authorize requests. For the request and response properties, see the API Reference:
PUT https://www.googleapis.com/admin/directory/v1/customer/customerId/orgunits/orgUnitPath
You can compare the values in the REST API and Admin Console.
Hope it helps!
I'm building REST API.
I have following structure
GET /user/{id} - get
POST /users - Create user
PUT /users/{id} - Update user
DELETE /users/{id} - Delete user
The problem is following. As I got from many tutorials/articles - it is bad practice to use action in URL. But what to do with such actions like:
check email (is unique)
recover user by email
?
Assume user registration. User submits form ( POST /users ) and I need to check if email is unique. Do I need to do it in same api method and return validation errors as response body?
Or do I need to create something like
POST /users/email
And what about user recovering by email? Where do I need to do it? Because recover is verb
POST /users/recover
I'm not sure, that I'm doing it right and I can't find correct explanation for that situation.
Validating the e-mail and registering the user
If you want, you can have an endpoint to check whether an e-mail is already registered or not. It's up to your requirements. So, you can have something as following and then send the e-mail which will be validated in the request payload:
POST /users/email/validation
{
"email": "mail#example.com"
}
The endpoint above can be invoke, for example, when the user completes the e-mail field of your account registration form.
However, do not forget checking if the e-mail is already registered when creating a user:
POST /users
{
"firstName": "John",
"lastName": "Doe",
"email": "mail#example.com",
"password": "123456"
}
If an e-mail is already registered, you could consider returning a 409 Conflict status code and a payload that includes enough information for a user to recognize the source of the conflict.
Recovering the password
I'm unsure if this is your requirement, because of this I posted a comment asking for clarification. I presume you are trying to recover the password of a user, assuming the user has no more access to their account.
If so, you could have an endpoint as following and then send the e-mail of the user in the request payload:
POST /users/password/recovery
{
"email": "mail#example.com"
}
Then your server can send a link with a token to the e-mail specified in the payload. Only send the e-mail if the e-mail specified in the payload is registered in your application, of course.
The link should take the user to a page where they will enter the new password and, when submitting, an endpoint to replace the password of the user will be invoked, sending the token and the new password to the server:
PUT /users/password?token=SomeValueGoesHere
{
"password": "654321"
}
So I want to get users email address with my server-side code.(I can get it on client side) My apps scope is set to:
"scopes":["public_profile","email"]}
What I'm able to-do at the moment is verify that the users token is valid. But I'd like to request the email as well - just to make sure on server side, that i can log the person in to my website.
I use this address to verify the token belongs to my app:
https://graph.facebook.com/debug_token?input_token=%REPLACE%&access_token=%REPLACE%
How should my request look like if I'd like to next ask for users email on server side?
Appears another option (once/if you know the token belongs to your app) is:
https://graph.facebook.com/me&access_token=USER_ACCESS_TOKEN
by default it only returns id, if you want more, ex email:
https://graph.facebook.com/me?fields=email&access_token=USER_ACCESS_TOKEN
which returns both id and email.
One solution is:
https://graph.facebook.com/v2.1/<user_id>?access_token=<your_app_access_token>
will return:
{
"id": "<id>",
"email": "mihkel\u0040gmail.ee",
"first_name": "Mihkel",
"gender": "male",
"last_name": "Lastname",
"link": "https://www.facebook.com/app_scoped_user_id/<id>/",
"locale": "en_US",
"name": "Mihkel Lastname"
}
if you need only email you can set fields=email parameter :)
You need USER ACCESS TOKEN to get user mail Id,
you can the access token from the response of API call
response.authResponse.accessToken;