How to get Hangouts Chat api scope for many GSuite domains? - hangouts-chat

I am looking to implement a hangouts chat bot for my customers. I am fairly new to the Google ecosystem, so I apologize in advance if some of this is obvious.
Here is my basic confusion:
It looks like in order to access the REST api the chat api requires a service account.
Does this mean that I will have to ask every customer to create a service account using their Google cloud account?
Corollary to the above is: Does every GSuite account have a Google cloud platform account associated with it?
If the service account has to be created, would the customer somehow need to share the private key for that account with me in order for my application to make calls on behalf of the service account.
My end goal is to give my customers a seamless experience where they can choose to
Install my bot in the Google Chat app for their GSuite domain
At the time of install get some information about their domain
Whenever a message is sent to the bot (DM or Room), identify who the message is coming for and in which GSuite domain, and reply accordingly.
Is this possible? Am I missing some very obvious Google concepts?
Thanks in advance.

If your customers have a normal email they can't connect with you. For more information refer this link

Considerations
The service account is used from your bot to access the Google REST APIs. It has a service account for your Google Cloud Project. There is no need for every user to have an service account enabled nor for them to give your their private key (never share private keys).
Approach
You can build and deploy Google Chat Bots directly using Google Apps Script. For your application I suggest you to use the tutorial in this page: https://developers.google.com/hangouts/chat/quickstart/apps-script-bot
Reference
Creating new Bots

Related

I want to use my Eventbrite account credentials to be able to login in the web app i am developing how do i do it?

I am developing a web application for musicians to grow their fan base for their music.
I want that as a musician if i have a eventbrite account already.
I can directly sign in using the same EventBrite Account Credentials to create an account in my proposed web application.
I did find that Eventbrite provides an API
Link: https://www.eventbrite.com/platform/api
I just want to know will this API help to achieve what i want irrespective of my web app technology stack i am using.
Please help.

Is there an effective way to secure access to my API from Salesforce?

I have built an API to my web application so that customers can access certain functionality without going through the dashboard. I have secured it by providing an API key to each customer that identifies them and restricts the IP address from which they can connect.
I have now had a request from a customer to allow them to access this API from their Salesforce platform. I don't know much about Salesforce, and when I asked them to let me know their IP address so I could create their API key, all they could give me was the list of reserved IP addresses published by Salesforce. This IP space is huge (millions), covering all of Salesforce, meaning that if someone gained access to the API key they'd be able to use it from any Salesforce account.
I have read some things about Salesforce having an OAuth service and having some kind of Application Connect service, but it mostly seems to be designed around allowing 3rd parties to connect to Salesforce - I'm getting a bit bogged down trying to determine if this is any use in my scenario (which requires authentication in the other direction).
I'd be grateful for any insight into whether there's something more specific I can do identify a particular Salesforce customer beyond simply putting dozens of CIDR blocks in my API key. I could ask my customer to identify themselves in the referer header when they call my API, for example, but of course that's trivial to spoof.
Thanks.
IPs can be spoofed too
Salesforce has a concept of "protected custom settings". You could make a "managed package" (Salesforce plugin, but you don't need to distribute it on their appexchange, Google Play/App Store equivalent), install it for the client and then enter the API key to the setting in a way that even client's sysadmins can't read it.
It'd be bit of work to set it up but might pay off if you think you'll get more customers on the platform.
How about a crude but effective iframe? or a link to your page they'd embed somewhere in their app?
Do you have just api keys? If you'd expose OAuth2 endpoint SF users could login to your app and then SF code could use access_token they got back instead of api keys. Or maybe you can protect access with certificate? Calling app would have to sign requests with a certificate. Client could upload it to their SF, you'd upload to your app...
You could demand the API calls to include the user's SF "session id" and you could use that to run some queries against source SF org. Org Id, user's login history etc things that are impossible to tweak even by sysadmins...

How to programmatically create Google service account credentials?

I have a desktop application which I want to create a new service account for each user of my application.
Is there any API for creating the service account users on the fly?
Scenario: For each user, I want to give service account, and give this service account the data that this user needs.
The point is that I want to give every user some specific data from Google Cloud, but I want the user to get it directly from Google. I cannot use the user account, because I am not sure he have google account.
You can use the Google Identity and Access Management (IAM) API to programatically create service accounts.
However, creating a service account for each of your application's users is expensive and not scalable. Perhaps your service can have a single service account and then the service can control which of the resources that the user may access.
There is no Google Api that allows you to control projects on Google Developer console. The only thing that comes close is the Google Cloud Resource Manager API which is extremely limited in what it supports. You cant use it to create a service account.
Answer: The only way to create a new service account is to log in and do it though the Google Developers console.

Google Cloud Messaging Business setup

I'm trying to find out how Google Cloud Messaging should be setup for businesses.
Currently I'm using my private Google account to manage the Google Developer Console and create a GCM project for my application. But what if I where e.g. a consultant agency developing an app for a customer, how would GCM be setup then?
I'm trying to answer the following questions:
Is there a way to create a Google account for Business that should be used instead?
Is it still free of charge?
Should the customer have and manage this account or do I as a developer/provider of the app manage this account?
Thanks in advance
From the documentation:
Google Cloud Messaging (GCM) is a free service that enables developers to send messages between servers and client apps.
Your Questions:
Is there a way to create a Google account for Business that should be
used instead?
Gcm does not require a special type of Google Account. Once you can create a Project in the Google Developer Console then you can use GCM with that project.
Is it still free of charge?
Yes it is free, even in business use cases.
Should the customer have and manage this account or do I as a developer/provider of the app manage this account?
This is up to you, it would depend on what the future relationship between the developer and the owner of the application is.

OAuth2 tokens for use with Google Analytics API

I have a site that I have tagged using Google Analytics. I can see that the stats are being created and I can analyse them using Google Analytics web tool.
I want to extract my tagging data using the Google Analytics API but all the instructions seem to point me towards the developers console to create my OAuth2 token. My site does not appear in the list of apps that is presented, so I can't do the next step of generating my OAuth2 token.
I feel like I must be missing something obvious, but I am hitting brick wall at the moment. How do I get the site to appear so I can see it in the developers console?
The Google Developer console is for registering your application, this way google knows who is using there APIs. Your Google analytics account wont show up here because well that's not how it works.
Create a new project you will get a client_id and client secrete that are used to identify your application. Then you use a programming language to access the API using the client id and client secret.
I am not a java programmer so i cant help you with that. You mentioned that you want to access your own data. I recommend you look in to using a service account. A service account can be used to grant authentication without having to prompt a user for access. This only works when it is your own account you are accessing and the data doesn't belong to another user. Take the service account email address and add it as a user in google analytics at the ACCOUNT level it must be the Account level. then when you use the service account in your code you will have access.
https://developers.google.com/analytics/devguides/reporting/core/v3/quickstart/service-java