Google Workspace Admin
2026-03-25
新闻来源:网淘吧
围观:67
电脑广告
手机广告
购买adidas上京东官方旗舰店。
Google Workspace 管理员
通过托管的 OAuth 身份验证访问 Google Workspace Admin SDK。管理 Google Workspace 的用户、群组、组织单位、角色和域设置。
快速开始
# 列出域中的用户
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer&maxResults=10')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF基础 URL
https://gateway.maton.ai/google-workspace-admin/{原生-api-路径}替换{native-api-path}为实际的 Admin SDK API 端点路径。网关将请求代理到admin.googleapis.com并自动注入您的 OAuth 令牌。
身份验证
所有请求都需要在 Authorization 标头中包含 Maton API 密钥:
Authorization: Bearer $MATON_API_KEY环境变量:将您的 API 密钥设置为MATON_API_KEY:
export MATON_API_KEY="您的_API_密钥"获取您的 API 密钥
- 请登录或在maton.ai
- 前往maton.ai/settings
- 复制您的API密钥
连接管理
在以下地址管理您的Google OAuth连接:https://ctrl.maton.ai。
列出连接
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections?app=google-workspace-admin&status=ACTIVE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF创建连接
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'app': 'google-workspace-admin'}).encode()
req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF获取连接
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF响应:
{
"connection": {
"connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
"status": "ACTIVE",
"creation_time": "2025-12-08T07:20:53.488460Z",
"last_updated_time": "2026-01-31T20:03:32.593153Z",
"url": "https://connect.maton.ai/?session_token=...",
"app": "google-workspace-admin",
"metadata": {}
}
}在浏览器中打开返回的url以完成OAuth授权。
删除连接
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF指定连接
如果您有多个 Google Workspace 管理员连接,请使用Maton-Connection请求头指定要使用的连接:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF如果省略此请求头,网关将使用默认的(最早创建的)活跃连接。
API 参考
用户
列出用户
GET /google-workspace-admin/admin/directory/v1/users?customer=my_customer&maxResults=100查询参数:
customer- 客户 ID 或my_customer表示您自己的域(必需)domain- 按特定域名筛选maxResults- 每页最大结果数(1-500,默认 100)orderBy- 排序依据电子邮件,姓氏, 或名字查询- 搜索查询(例如,email:john*,name:John*)页面令牌- 用于分页的令牌
示例:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer&query=email:john*')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF响应:
{
"kind": "admin#directory#users",
"users": [
{
"id": "123456789",
"primaryEmail": "john@example.com",
"name": {
"givenName": "John",
"familyName": "Doe",
"fullName": "John Doe"
},
"isAdmin": false,
"isDelegatedAdmin": false,
"suspended": false,
"creationTime": "2024-01-15T10:30:00.000Z",
"lastLoginTime": "2025-02-01T08:00:00.000Z",
"orgUnitPath": "/Sales"
}
],
"nextPageToken": "..."
}获取用户
GET /google-workspace-admin/admin/directory/v1/users/{userKey}用户密钥可以是用户的主电子邮件地址或唯一用户ID。
创建用户
POST /google-workspace-admin/admin/directory/v1/users
Content-Type: application/json
{
"primaryEmail": "newuser@example.com",
"name": {
"givenName": "Jane",
"familyName": "Smith"
},
"password": "temporaryPassword123!",
"changePasswordAtNextLogin": true,
"orgUnitPath": "/Engineering"
}更新用户
PUT /google-workspace-admin/admin/directory/v1/users/{userKey}
Content-Type: application/json
{
"name": {
"givenName": "Jane",
"familyName": "Smith-Johnson"
},
"suspended": false,
"orgUnitPath": "/Sales"
}修补用户(部分更新)
PATCH /google-workspace-admin/admin/directory/v1/users/{userKey}
Content-Type: application/json
{
"suspended": true
}删除用户
DELETE /google-workspace-admin/admin/directory/v1/users/{userKey}将用户设为管理员
POST /google-workspace-admin/admin/directory/v1/users/{userKey}/makeAdmin
Content-Type: application/json
{
"status": true
}群组
列出群组
GET /google-workspace-admin/admin/directory/v1/groups?customer=my_customer查询参数:
customer- 客户ID 或my_customer(必需)domain- 按域名筛选maxResults- 最大结果数(1-200)用户密钥- 列出特定用户的群组
获取群组
GET /google-workspace-admin/admin/directory/v1/groups/{groupKey}groupKey可以是群组的电子邮件地址或唯一ID。
创建群组
POST /google-workspace-admin/admin/directory/v1/groups
Content-Type: application/json
{
"email": "engineering@example.com",
"name": "工程团队",
"description": "所有工程人员"
}更新群组
PUT /google-workspace-admin/admin/directory/v1/groups/{groupKey}
Content-Type: application/json
{
"name": "工程部门",
"description": "更新后的描述"
}删除群组
DELETE /google-workspace-admin/admin/directory/v1/groups/{groupKey}群组成员
列出成员
GET /google-workspace-admin/admin/directory/v1/groups/{groupKey}/members添加成员
POST /google-workspace-admin/admin/directory/v1/groups/{groupKey}/members
Content-Type: application/json
{
"email": "user@example.com",
"role": "MEMBER"
}角色:所有者、管理员、成员
更新成员角色
PATCH /google-workspace-admin/admin/directory/v1/groups/{groupKey}/members/{memberKey}
Content-Type: application/json
{
"role": "MANAGER"
}移除成员
DELETE /google-workspace-admin/admin/directory/v1/groups/{groupKey}/members/{memberKey}组织单元
列出组织单元
GET /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits查询参数:
type-all(默认)或childrenorgUnitPath- 父级组织单元路径
获取组织单元
GET /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits/{orgUnitPath}创建组织单元
POST /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits
Content-Type: application/json
{
"name": "Engineering",
"parentOrgUnitPath": "/",
"description": "Engineering department"
}更新组织单元
PUT /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits/{orgUnitPath}
Content-Type: application/json
{
"description": "更新后的描述"
}删除组织单位
DELETE /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits/{orgUnitPath}域名
列出域名
GET /google-workspace-admin/admin/directory/v1/customer/my_customer/domains获取域名
GET /google-workspace-admin/admin/directory/v1/customer/my_customer/domains/{domainName}角色
列出角色
GET /google-workspace-admin/admin/directory/v1/customer/my_customer/roles列出角色分配
GET /google-workspace-admin/admin/directory/v1/customer/my_customer/roleassignments查询参数:
userKey- 按用户筛选roleId- 按角色筛选
创建角色分配
POST /google-workspace-admin/admin/directory/v1/customer/my_customer/roleassignments
Content-Type: application/json
{
"roleId": "123456789",
"assignedTo": "user_id",
"scopeType": "CUSTOMER"
}代码示例
JavaScript
const headers = {
'Authorization': `Bearer ${process.env.MATON_API_KEY}`
};
// 列出用户
const users = await fetch(
'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer',
{ headers }
).then(r => r.json());
// 创建用户
await fetch(
'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users',
{
method: 'POST',
headers: { ...headers, 'Content-Type': 'application/json' },
body: JSON.stringify({
primaryEmail: 'newuser@example.com',
name: { givenName: 'New', familyName: 'User' },
password: 'TempPass123!',
changePasswordAtNextLogin: true
})
}
);Python
import os
import requests
headers = {'Authorization': f'Bearer {os.environ["MATON_API_KEY"]}'}
# 列出用户
users = requests.get(
'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users',
headers=headers,
params={'customer': 'my_customer'}
).json()
# 创建用户
response = requests.post(
'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users',
headers=headers,
json={
'primaryEmail': 'newuser@example.com',
'name': {'givenName': 'New', 'familyName': 'User'},
'password': 'TempPass123!',
'changePasswordAtNextLogin': True
}
)注意事项
- 使用
my_customer作为您自己域的客户ID - 用户标识可以是主邮箱或唯一用户ID
- 群组标识可以是群组邮箱或唯一群组ID
- 组织单位路径以
/开头(例如,/工程部/前端) - 大多数操作需要管理员权限
- 密码必须满足Google的复杂度要求
- 重要提示:使用curl命令时,请使用
curl -g当URL包含括号时(fields[]、sort[]、records[])用于禁用通配符解析 - 重要提示:当将curl输出通过管道传递给
jq或其他命令时,在某些shell环境中,像$MATON_API_KEY这样的环境变量可能无法正确展开。使用管道时可能会遇到“无效API密钥”错误。
错误处理
| 状态码 | 含义 |
|---|---|
| 400 | 缺少Google Workspace Admin连接 |
| 401 | Maton API密钥无效或缺失 |
| 403 | 管理员权限不足 |
| 404 | 未找到用户、群组或资源 |
| 429 | 请求频率受限(每个账户每秒10次请求) |
| 4xx/5xx | 来自Admin SDK API的透传错误 |
故障排除:API密钥问题
- 请检查
MATON_API_KEY环境变量是否已设置:
echo $MATON_API_KEY- 通过列出连接来验证API密钥是否有效:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF故障排除:无效的应用名称
- 确保您的URL路径以
google-workspace-admin开头。例如:
- 正确示例:
https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer - 错误示例:
https://gateway.maton.ai/admin/directory/v1/users?customer=my_customer
资源
微信扫一扫,打赏作者吧~文章底部电脑广告
手机广告位-内容正文底部
上一篇:Asana
下一篇:healthcheck
