Possible to "swap" OAuth2 Gmail API scopes? - gmail-api

We have an app in the Google Apps Marketplace that currently uses the Email Settings API:
https://apps-apis.google.com/a/feeds/emailsettings/2.0/
We use this to get a user's email signature.
This is being discontinued later this year, so we now want to move to the Gmail API and use this scope:
https://www.googleapis.com/auth/gmail.settings.basic
We already have the Gmail "compose" scope, however this doesn't allow us to retrieve the signature.
We have over 250 businesses using our software and changing the scopes within the Marketplace SDK will trigger an enormous amount of stress / effort / confusion if end-customers have to re-authorise our App. We'd prefer not to inconvenience the end-customer when we're essentially asking for capabilities that are lesser than what we already had through the old Email Settings API.
Is there any way we can just "swap" and downgrade scopes, or add the new scope without customer intervention? Google have done similar things in the past with deprecated APIs.
EDIT: in case it matters, we're accessing the Gmail API using a service account so we can access the details of any user like we could with the Email Settings API.
(If the answer is "no", I'm hoping an official Google person will see this and take this idea away for consideration. Alternatively, allow us to retrieve signature settings with the "compose" scope since appending a signature to an email you're sending is a genuine use-case.)

Related

Is OAuth 2.0 required for accounts.locations.reviews.list "My Business API"?

I have a React Application which is going to leverage Google My Business API to get review data of a business.
I was expecting to use the API-KEY via REST approach however Authorization Scope mentions that OAuth 2.0 is required to use this API.
After I read more about OAuth's purpose, it seemed like it is more for application's which require access to a user's data and therefore would required a consent screen verified by google.
For my use-case however, all I need is access to all google reviews for a business and nothing related to the visiting users.
Can someone recommend an approach for this? (I don't want a pop-up/consent request when a user visits as I don't need user data.)
After much research, it seems that if you want to retrieve ALL REVIEWS for your business you will have to use Google's My Business API. This API requires you to use OAUTH2 for authentication which means (although you will not be querying a visiting user's data) visiting users will be required to provide consent pop up screen.
This leaves you with the places API as the next best option:
REST GET endpoint maps.googleapis.com/maps/api/place/details/json?placeid={your place ID}&fields=review&key={YOUR API KEY}
Although this only returns google's top 5 "most helpful" reviews, its pretty much the only way to get reviews without a consent screen unless you want to scrape data which is not ideal for many reasons...

API to retrieve contacts datas from SalesForce

From my app, I want to use SalesForce APIs to get datas about contacts (first/last name, mobile phone, email).
1/ is it free $ to use SalesForce APIs ?
2/ Where can I have access to the information about this specific API request ?
Many Thanks
"It depends"
You're paying for user license(s) already, in that sense the API requests are free. Accessing the Developer Edition / trailhead playground app is truly free. Then there are things like Essential Edition, Platform Edtion or whatever's the name - there's no API access in them out of the box. API is available in Enterprise, Unlimited etc. You need to check the edition you're planning to connect to.
And then... well, there are rolling 24h limits of API requests. Very forgiving in sandboxes, bit more strict in production (where they increase with every user license you buy or you can purhase extra "bandwidth")
It also depends how will you make these requests. Will you have 1 dedicated integration user or will every user of your web app log in to SF via your app and then you're piggybacking on them in a way (which is useful if your org has complex sharing rules for example and you need to be sure user sees in your app only the data they're allowed to see in core Salesforce).
Which brings us to how to connect. You have SOAP API and REST API. Depending on your programming language there are ready-made connectors for .NET, PHP, Python, Java... Regardless which you choose there will be at least 2 http calls needed. 1 to log in and get session id back, 1 to run actual query.
With SOAP API you pass username & password in login call, get XML message back with session id and endpoint (base url to use from now on). And then you'd query. SELECT FirstName, LastName, MobilePhone, Email FROM Contact or whatever you need.
With REST API there are more options, there's similar username-password flow but there are also more secure ways where your app never sees the user's password, user enters it on SF login screen and is redirected back to you. This is very good if you're making a web app or mobile app. You'd need to read up about all OAuth2 flows available.
Again - there's a chance you can say "don't care" and just use say https://pypi.org/project/simple-salesforce/

React Form send email

I am building a form in react and I wanted to send it to my email when the user clicked the submit button.
I was looking at Microsoft Graph API for sending the email (https://learn.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=javascript), but checking it, seems that it needs a temporary token, so I can't use it as I would need to be changing the token every hour or so.
So, I'm basicaly trying to find an API like the Gmail but for office 365 accounts (https://developers.google.com/gmail/api/guides/sending), as we can create a gcp project and use the keys that it generates for us, instead of using a token like the MS Graph API
Generaly I would use a route in my API, but this site is static, so I do not have any API (neither serverlets, cloud functions or other stuff like it).
Is there any away to send an email through a Microsoft API from my web client in react, using only a token specific to the domain? Or is there a better away to acomplish this same result?
I highly recommend using https://formsubmit.co/. It's free and I personally use it in many projects. Works flawlessly with many features like email templating, captcha, reply_to, etc.
No backend knowledge is required. Can set it up in like 1 minute.
One option would be to authenticate on behalf of the user.
You can also have a small proxy API, dedicated for the purpose of allowing the users to send an email.

Google MBA Service Account get all locations

My company owns several (verified) facilities and using my company's email i can see those locations (business.google.com).
Now, my company would like to fetch the reviews in each location and present it in our company website. Before we're using the Google Place API but since it only returns the latest 5 reviews we opt to using Google My Business API to retrieve a location's complete reviews. We'd like our backend (PHP) to retrieve the reviews so using the same email I created a service account (console.developers.google.com/apis/credentials) because we don't need the end user to allow/interact anything when browsing our website.
Using postman (with my signed JWT) I have managed to get a valid access token
...that I use to retrieve the lists of accounts (mybusinessaccountmanagement.googleapis.com/v1/accounts) I could see the service account itself alone in the response.
Now, I tried calling the account locations api (mybusiness.googleapis.com/v4/accounts/{MY_ACCOUNT_ID_HERE}/locations) but it only returns and empty object response.
Can someone help me resolve this issue. Why my service account can't see the verified locations under my company's email. Is this even possible? Thank you.
Even that this is an older question - I run into the same issue calling the new Google My Business Information v1 API (getting empty results) using a service account.
It seems, that it is not recommended to use Service Accounts, I found this support article on Google: https://support.google.com/business/thread/8281160/cannot-get-access-to-gmb-locations-with-service-account-with-nodejs?hl=en
The "official" recommendation is to use OAuth.
But we finally made it using Service Account. The following steps are necessary to resolve it (at least for us it is working now):
Add a project in Google Cloud Platform
Add and enable the Account Management and Business Information API's.
Add the service account and generate a key (https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount)
Make the Business Profile API request (you need the approval made by Google to be able to make requests against the two API's; otherwise you may run into quota exceeds as "Request per minute" is set to 0 by default). Important: It may take up to 2 weeks until, but we received the approval within about 5 days
Enable domain-wide delegation for the service account using the scope "https://www.googleapis.com/auth/business.manage". More about domain-wide-delegation: https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority)
Add a user identity in GCP. This user also needs to be added in Google My Business for editing locations. When creating your ServiceAccountCredential object, impersonate this user.
Security concerns:
Domain-wide-delegation enables that everyone knowing/having the credentials of the service account could impersonate any person (identity) from withing GCP. At least in this case only for Business Profile API, but anyway, keep this in mind.
Also using private keys for authenticating the service account is not recommended, you should be aware to regularly change / create a new private key or there would be a solution with Identity Workload.
Hope this helps everyone facing the challenge with GMB / GCP / service accounts :-)

Is it possible to set signatures for each approved "send mail as" through the Google Apps Email Settings API?

I have a Google Apps account with two others approved "Send mail as" accounts. In the Gmail settings (web interface) I can set one signature for each of the three email addresses.
Is it possible to do the same through the Googe Apps Email Settings API so that I can automate this for the entire organization?
The API documentation (https://developers.google.com/google-apps/email-settings/#manage_signature_settings) does only mention how to define username, but gives no options for specifying the actual email address for that username to set the signature for.
It's not currently possible, no. The Email Settings API only supports setting the signature for the primary email address.
I think there are some 3rd-party apps that can do this but - and it's a big one - it depends on what program you're sending the mail from.
If you're using Outlook, you can use Exclaimer Signature Manager. The point of that software is to control every user's email signature. You could give them multiple signatures to choose from, thus, deciding which one they need based on their 'Send From' setting.
There are other apps, but I don't think any of them do that.
And if you're emailing in a browser, you're out of luck. I don't know if Exclaimer have or are working on a Google Apps-dedicated product, it may be worth checking.
The newer Gmail API allows setting per-address signatures. See the "Aliases and signatures" guide. Only service accounts that have been delegated domain-wide authority can update signatures for non-primary addresses.

Resources