Google Apps Security and Compliance Services Web Services Application Programming Interface Guide, Early Access Version 1.5 User Manual

User Sync API

43

This chapter has several code examples showing how to use the User Sync
API service. It is important to remember these are simple examples. Google is
not liable for any errors in this manual or any harm to your systems resulting
from reliance on this manual. But we would appreciate your feedback. Please
send your comments, feedback, and suggestions to
[email protected].

Authorization

•

AuthElem -- The AuthElem struct sets the authorization credentials for each
request. You must have an administrator account and password. An
AuthElem is required and contains:

•

apiKey -- A unique customer and product ID. This is a required
parameter for each web service client application, except for the test
operation. See “API License Key” on page 19.

Possible API Infrastructure exceptions are AdminBlockException,
MalformedKeyException, NoSuchKeyException.

•

email -- A valid Message Securityservice administrator email address
of type string. This is a required parameter for each web service client
application.

•

pword -- An administrator PMP password of type string

If the organization is configured for POP authorization, always use the
administrator’s email login and password which will be in the PMP
format. An end user’s POP password will fail.

•

xauth -- The XAuth password is a Auth String which is used for an
organization configured to use xauth authorization, and is held in the
authentication_data field. Do not URL escape the XAuth password
when used with a web service. URL escapes are only required for
EZCommand solutions. To enable XAuth, enter a support ticket.

Default: The xauth token is off.

Note:

The pword and xauth tokens are mutually exclusive. Use one or the

other but not both in your AuthElem instance. If using the PMP password
policies, the maximum password age must be set to null. For more
information, see The Batch and Service Management API Reference Guide
’s password_policy display and password_policy update organization fields.

To validate your AuthElem credentials without the need to call another
operation, see “User Sync API checkauth Operation” on page 46.

•

An administrator’s authorization record, on the Message Securityservice
side, must have:

•

Read and modify settings for the User Settings, Change Address, Add
Users, Delete Users, Sender Lists, Email Aliases, Organization
Management, and Edit Organizations privileges.

•

The authorization record must be assigned to a parent organization
above the user’s organization or the organization where the user is
being added, modified, or deleted. And these privileges are required for
any new organization where the user is being moved. See The
Message SecurityAdministration Guide, “Administrators” chapter for
more information about authorization records.