首页龙虾技能列表 › Google Workspace Admin — 管理谷歌办公

Google Workspace Admin — 管理谷歌办公

v1.0.4

集成托管OAuth的Google Workspace Admin SDK,可一站式管理用户、群组、组织单元与域名设置。当用户需要管理Google Workspace时调用此技能;对接第三方应用请改用api-gateway技能。

21· 16,000·0 当前·0 累计
下载技能包

运行时依赖

无特殊依赖

安装命令 点击复制

官方clawhub install google-workspace-admin
镜像加速clawhub install google-workspace-admin --registry https://www.longxiaskill.com

技能文档

Access the Google Workspace Admin SDK with managed OAuth authentication. Manage users, groups, organizational units, roles, and domain settings for Google Workspace.

Quick Start

# List users in the domain
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer&maxResults=10')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Base URL

https://gateway.maton.ai/google-workspace-admin/{native-api-path}

Replace {native-api-path} with the actual Admin SDK API endpoint path. The gateway proxies requests to admin.googleapis.com and automatically injects your OAuth token.

Authentication

All requests require the Maton API key in the Authorization header:

Authorization: Bearer $MATON_API_KEY

Environment Variable: Set your API key as MATON_API_KEY:

export MATON_API_KEY="YOUR_API_KEY"

Getting Your API Key

Connection Management

Manage your Google OAuth connections at https://ctrl.maton.ai.

List Connections

python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections?app=google-workspace-admin&status=ACTIVE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Create Connection

python <<'EOF'
import urllib.request, os, json
data = json.dumps({'app': 'google-workspace-admin'}).encode()
req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Get Connection

python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Response: 

{
  "connection": {
    "connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
    "status": "ACTIVE",
    "creation_time": "2025-12-08T07:20:53.488460Z",
    "last_updated_time": "2026-01-31T20:03:32.593153Z",
    "url": "https://connect.maton.ai/?session_token=...",
    "app": "google-workspace-admin",
    "metadata": {}
  }
}

Open the returned url in a browser to complete OAuth authorization.

Delete Connection

python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Specifying Connection

If you have multiple Google Workspace Admin connections, specify which one to use with the Maton-Connection header:

python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

If omitted, the gateway uses the default (oldest) active connection.

API Reference

Users

List Users

GET /google-workspace-admin/admin/directory/v1/users?customer=my_customer&maxResults=100

Query parameters:

  • customer - Customer ID or my_customer for your domain (required)
  • domain - Filter by specific domain
  • maxResults - Maximum results per page (1-500, default 100)
  • orderBy - Sort by email, familyName, or givenName
  • query - Search query (e.g., email:john, name:John)
  • pageToken - Token for pagination

Example:

python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer&query=email:john*')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Response: 

{
  "kind": "admin#directory#users",
  "users": [
    {
      "id": "123456789",
      "primaryEmail": "john@example.com",
      "name": {
        "givenName": "John",
        "familyName": "Doe",
        "fullName": "John Doe"
      },
      "isAdmin": false,
      "isDelegatedAdmin": false,
      "suspended": false,
      "creationTime": "2024-01-15T10:30:00.000Z",
      "lastLoginTime": "2025-02-01T08:00:00.000Z",
      "orgUnitPath": "/Sales"
    }
  ],
  "nextPageToken": "..."
}

Get User

GET /google-workspace-admin/admin/directory/v1/users/{userKey}

userKey can be the user's primary email or unique user ID.

Create User

POST /google-workspace-admin/admin/directory/v1/users
Content-Type: application/json
{
  "primaryEmail": "newuser@example.com",
  "name": {
    "givenName": "Jane",
    "familyName": "Smith"
  },
  "password": "temporaryPassword123!",
  "changePasswordAtNextLogin": true,
  "orgUnitPath": "/Engineering"
}

Update User

PUT /google-workspace-admin/admin/directory/v1/users/{userKey}
Content-Type: application/json
{
  "name": {
    "givenName": "Jane",
    "familyName": "Smith-Johnson"
  },
  "suspended": false,
  "orgUnitPath": "/Sales"
}

Patch User (partial update)

PATCH /google-workspace-admin/admin/directory/v1/users/{userKey}
Content-Type: application/json
{
  "suspended": true
}

Delete User

DELETE /google-workspace-admin/admin/directory/v1/users/{userKey}

Make User Admin

POST /google-workspace-admin/admin/directory/v1/users/{userKey}/makeAdmin
Content-Type: application/json
{
  "status": true
}

Groups

List Groups

GET /google-workspace-admin/admin/directory/v1/groups?customer=my_customer

Query parameters:

  • customer - Customer ID or my_customer (required)
  • domain - Filter by domain
  • maxResults - Maximum results (1-200)
  • userKey - List groups for a specific user

Get Group

GET /google-workspace-admin/admin/directory/v1/groups/{groupKey}

groupKey can be the group's email or unique ID.

Create Group

POST /google-workspace-admin/admin/directory/v1/groups
Content-Type: application/json
{
  "email": "engineering@example.com",
  "name": "Engineering Team",
  "description": "All engineering staff"
}

Update Group

PUT /google-workspace-admin/admin/directory/v1/groups/{groupKey}
Content-Type: application/json
{
  "name": "Engineering Department",
  "description": "Updated description"
}

Delete Group

DELETE /google-workspace-admin/admin/directory/v1/groups/{groupKey}

Group Members

List Members

GET /google-workspace-admin/admin/directory/v1/groups/{groupKey}/members

Add Member

POST /google-workspace-admin/admin/directory/v1/groups/{groupKey}/members
Content-Type: application/json
{
  "email": "user@example.com",
  "role": "MEMBER"
}

Roles: OWNER, MANAGER, MEMBER

Update Member Role

PATCH /google-workspace-admin/admin/directory/v1/groups/{groupKey}/members/{memberKey}
Content-Type: application/json
{
  "role": "MANAGER"
}

Remove Member

DELETE /google-workspace-admin/admin/directory/v1/groups/{groupKey}/members/{memberKey}

Organizational Units

List Org Units

GET /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits

Query parameters:

  • type - all (default) or children
  • orgUnitPath - Parent org unit path

Get Org Unit

GET /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits/{orgUnitPath}

Create Org Unit

POST /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits
Content-Type: application/json
{
  "name": "Engineering",
  "parentOrgUnitPath": "/",
  "description": "Engineering department"
}

Update Org Unit

PUT /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits/{orgUnitPath}
Content-Type: application/json
{
  "description": "Updated description"
}

Delete Org Unit

DELETE /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits/{orgUnitPath}

Domains

List Domains

GET /google-workspace-admin/admin/directory/v1/customer/my_customer/domains

Get Domain

GET /google-workspace-admin/admin/directory/v1/customer/my_customer/domains/{domainName}

Roles

List Roles

GET /google-workspace-admin/admin/directory/v1/customer/my_customer/roles

List Role Assignments

GET /google-workspace-admin/admin/directory/v1/customer/my_customer/roleassignments

Query parameters:

  • userKey - Filter by user
  • roleId - Filter by role

Create Role Assignment

POST /google-workspace-admin/admin/directory/v1/customer/my_customer/roleassignments
Content-Type: application/json
{
  "roleId": "123456789",
  "assignedTo": "user_id",
  "scopeType": "CUSTOMER"
}

Code Examples

JavaScript

const headers = {
  'Authorization': Bearer ${process.env.MATON_API_KEY}
};
// List users
const users = await fetch(
  'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer',
  { headers }
).then(r => r.json());
// Create user
await fetch(
  'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users',
  {
    method: 'POST',
    headers: { ...headers, 'Content-Type': 'application/json' },
    body: JSON.stringify({
      primaryEmail: 'newuser@example.com',
      name: { givenName: 'New', familyName: 'User' },
      password: 'TempPass123!',
      changePasswordAtNextLogin: true
    })
  }
);

Python

import os
import requests
headers = {'Authorization': f'Bearer {os.environ["MATON_API_KEY"]}'}
# List users
users = requests.get(
    'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users',
    headers=headers,
    params={'customer': 'my_customer'}
).json()
# Create user
response = requests.post(
    'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users',
    headers=headers,
    json={
        'primaryEmail': 'newuser@example.com',
        'name': {'givenName': 'New', 'familyName': 'User'},
        'password': 'TempPass123!',
        'changePasswordAtNextLogin': True
    }
)

Notes

  • Use my_customer as the customer ID for your own domain
  • User keys can be primary email or unique user ID
  • Group keys can be group email or unique group ID
  • Org unit paths start with / (e.g., /Engineering/Frontend)
  • Admin privileges are required for most operations
  • Password must meet Google's complexity requirements
  • IMPORTANT: When using curl commands, use curl -g when URLs contain brackets (fields[], sort[], records[]) to disable glob parsing
  • IMPORTANT: When piping curl output to jq or other commands, environment variables like $MATON_API_KEY may not expand correctly in some shell environments. You may get "Invalid API key" errors when piping.

Error Handling

StatusMeaning
400Missing Google Workspace Admin connection
401Invalid or missing Maton API key
403Insufficient admin privileges
404User, group, or resource not found
429Rate limited (10 req/sec per account)
4xx/5xxPassthrough error from Admin SDK API

Troubleshooting: API Key Issues

  • Check that the MATON_API_KEY environment variable is set:
echo $MATON_API_KEY
  • Verify the API key is valid by listing connections:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Troubleshooting: Invalid App Name

  • Ensure your URL path starts with google-workspace-admin. For example:
  • Correct: https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer
  • Incorrect: https://gateway.maton.ai/admin/directory/v1/users?customer=my_customer

Resources

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务