Directory API Overview

The Directory API is part of the RESTful Admin SDK API that can be used to programmatically create and manage admin-controlled resources owned by a Google Workspace account. Some use cases include:

  • Creating and managing users and adding administrators.
  • Creating and managing groups and group memberships.
  • Monitoring devices connected to your domain and taking action on lost devices.
  • Managing your org chart and organization structures.
  • Auditing applications your users have granted access to and revoking unauthorized apps.

Following is a list of common terms used in the Directory API:

Customer
The entity that owns the Google Workspace account, represented by the Customer resource.
Domain
If applicable, the DNS domain associated with a Google Workspace account, represented by the Domain resource. Not all accounts have an associated domain.
Organizational unit (OU)
A sub-unit of a Google Workspace account's organizational tree, used to group and sort users for the purpose of applying policies and granting authorizations. An OU is represented by the OrgUnit resource.
Privilege
The ability of a user to perform an action on a Google Workspace resource. Applies primarily to admins. A privilege is represented by the Privilege resource.
Role
A defined collection of privileges that can be assigned to a user or set of users, represented by the Role resource.
Role assignment
A record indicating which user is granted what roles, and over what scope. A role assignment is represented by the RoleAssignment resource.
Schema
A JSON object that defines custom user attributes for your organization, represented by the Schema resource.
User
An individual end user account with access to Google Workspace apps and resources, represented by the User resource.

Next steps