I'm trying to find out how Google Cloud Messaging should be setup for businesses.
Currently I'm using my private Google account to manage the Google Developer Console and create a GCM project for my application. But what if I where e.g. a consultant agency developing an app for a customer, how would GCM be setup then?
I'm trying to answer the following questions:
Is there a way to create a Google account for Business that should be used instead?
Is it still free of charge?
Should the customer have and manage this account or do I as a developer/provider of the app manage this account?
Thanks in advance
From the documentation:
Google Cloud Messaging (GCM) is a free service that enables developers to send messages between servers and client apps.
Your Questions:
Is there a way to create a Google account for Business that should be
used instead?
Gcm does not require a special type of Google Account. Once you can create a Project in the Google Developer Console then you can use GCM with that project.
Is it still free of charge?
Yes it is free, even in business use cases.
Should the customer have and manage this account or do I as a developer/provider of the app manage this account?
This is up to you, it would depend on what the future relationship between the developer and the owner of the application is.
Related
As an ios/android app developer, my pain point is having clients sign up for the various 3rd party accounts needed for their app to work (e.g. google cloud, mapbox, firebase, etc.), however with 2-factor authentication (2fa) being a requirement on most accounts, it makes it difficult to get into these accounts easily as the developer (since 2fa requires a code being sent to the client which must be entered in a limited time period).
Has anyone found an easy solution for working with 3rd party accounts for their clients especially when 2fa is being used?
Well, at least Google Cloud and Firebase in this case have the option to add additional users under a given role. In this case you would likely want the client to be Owner of the project, and ask them to invite you as a developer, this way you can sign in with your own Google account (either gmail or your personal if you use google workspace), hence bypassing the need for 2FA.
In general, there are things that you don't really want access to as developer, such as billing information, so it makes sense to ask for limited access. Both Firebase and GCP have predefined roles for this, you can do some research on them to find out which makes the most sense for you and advice your client.
Read more about the roles here:
GCP: https://cloud.google.com/iam/docs/understanding-roles
Firebase: https://firebase.google.com/docs/projects/iam/roles
Side note:
If you are working as a freelancer, I would recommend to never create accounts for your clients, if you are working with specific service, ask your client to setup the account (this will primarily protect you, if the client backs out or the server costs for development build up if the project is taking long time to finish)
I am looking to implement a hangouts chat bot for my customers. I am fairly new to the Google ecosystem, so I apologize in advance if some of this is obvious.
Here is my basic confusion:
It looks like in order to access the REST api the chat api requires a service account.
Does this mean that I will have to ask every customer to create a service account using their Google cloud account?
Corollary to the above is: Does every GSuite account have a Google cloud platform account associated with it?
If the service account has to be created, would the customer somehow need to share the private key for that account with me in order for my application to make calls on behalf of the service account.
My end goal is to give my customers a seamless experience where they can choose to
Install my bot in the Google Chat app for their GSuite domain
At the time of install get some information about their domain
Whenever a message is sent to the bot (DM or Room), identify who the message is coming for and in which GSuite domain, and reply accordingly.
Is this possible? Am I missing some very obvious Google concepts?
Thanks in advance.
If your customers have a normal email they can't connect with you. For more information refer this link
Considerations
The service account is used from your bot to access the Google REST APIs. It has a service account for your Google Cloud Project. There is no need for every user to have an service account enabled nor for them to give your their private key (never share private keys).
Approach
You can build and deploy Google Chat Bots directly using Google Apps Script. For your application I suggest you to use the tutorial in this page: https://developers.google.com/hangouts/chat/quickstart/apps-script-bot
Reference
Creating new Bots
In our SAAS application, we decided to use Google Sheets API, to generate docs and to give permission for editing documents online in Google Docs web and mobile application.
Here, do we need all of our customers have to be Google Accounts? Is there a better way to create users at the backend of our customers to connect directly from our app?
Unless you're using a service account (which isn't ideal for scaling apps), you ought to use google login, which requires a google account.
Google Drive API question,
I am writing an application that can view a users' Google Drive files and folders from their google account (can be individual or part of an enterprise).
So on my Google Drive enterprise, I have created an API application. So I have an API key and Secret key stored in my application.
Now I want to use OAuth to authenticate the user so that they can approve my application to read their files. The users will not be part of my enterprise. They can be individual Google accounts, or they can be a single user from an some other enterprise account.
Is this possible? Or are there technical/security reasons this is not allowed?
I just got off the phone with wonderful Google api support agent, and I have my answer:
Yes this is possible to do. however due to the recent phishing attack, Google has put in place new security features that affect the following APIs:
Google drive
Gmail
Contacts
Directory Admin SDK
Here are the new rules:
There is a new security form we will need to fill out and be approved before we will be able to be approved as a trusted app that is able to access these api's using OAuth2 authentication.
Google has provided a feature that many enterprises use that allows an enterprise to completely disable the ability to access these api's using oauth2. So even though we have been approved from step1, we may still get an error for some enterprises who have directly blocked this; however, they can white list us in order to allow it from our enterprise if admin's prefer, while still blocking general use for others.
See links:
https://support.google.com/a/answer/7281227
https://developers.google.com/drive/v3/web/about-auth
https://developers.google.com/identity/protocols/OAuth2
https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/
I'm just getting started porting my old code over to the new google apps json service but I'm not clear on the oauth.
I'm looking at:
https://developers.google.com/admin-sdk/directory/v1/guides/prerequisites
It says:
"Set up a new project in the Google APIs Console and activate Admin SDK service for this project. See the Google APIs Console Help in the upper right corner of the Console page for more information about creating your API project. "
My product gets installed at each client location. Do I create the app using my key then distribute this to my customers or do I use their key in my app that runs at their site? Do I also need to enable the admin SDK in addition to enabling API access?
Do I create the app using my key then distribute this to my customers or do I use their key in my app that runs at their site?
Do they have access to the source code? If true then it will be known to them.
Whether it is your key (an API project owner by you) or theirs depends on the kind of software you offer (tailored or common service (webapp?)) and who will be responsible of the quotas, billing (if needed) and maintenance.
Do I also need to enable the admin SDK in addition to enabling API access?
Yes.
FYI:
API projects can hold up to 20 accounts
Users can own several projects (don't know how many)
Projects can be shared with other users or Groups