CODEWITHSUNDEEP
phpgoogle-apigoogle-api-php-clientgoogle-admin-sdkgoogle-email-audit-api
Stephan Vierkant
Stephan Vierkant

Reputation: 10164

Download a mailbox using Email Audit (Admin SDK)

I want to download mailbox by using the Admin SDK, but I can't get it working. I can't find what's the Scope I need to define. I'm using a service account.

In order to prepare a download, you have to do a POST request to https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/{domain name}/{source user name}, but there is no audit.mail scope or something like that.

Here is my request:

<?php
$client = new \Google_Client();

$cred = new \Google_Auth_AssertionCredentials(
  '***@developer.gserviceaccount.com',
  array(
      'https://apps-apis.google.com/a/feeds/compliance/audit',
    ),
  file_get_contents($path)
);


$client->setAssertionCredentials($cred);


if($client->getAuth()->isAccessTokenExpired()) {
    $client->getAuth()->refreshTokenWithAssertion($cred);
}
$url = "https://apps-apis.google.com/a/feeds/compliance/audit/publickey/" . $domain;                                                        
$req = new \Google_Http_Request($url, 'POST');
$req->setPostBody($xml);

$token = json_decode($client->getAccessToken(), true);

$req->setRequestHeaders(
    array(
        'Content-Type'=> 'application/atom+xml; charset=utf-8',
        'Authorization'=> 'Bearer ' . $token['access_token'] . '',
    )
);?>

But I get a 403 error: You are not authorized to access this API..

What's the best way to download a mailbox using the PHP API with a service account?

Upvotes: 3

Views: 2076

Answers (1)

Emily
Emily

Reputation: 1474

The email audit api scope is: https://apps-apis.google.com/a/feeds/compliance/audit/

Did you grant third party client access in your admin console for your service account with the appropriate scope? The scope setting have to be set within your code and also in admin console.

Here is complete instruction on how to correctly set up a service account (the example is in drive, so you should change the scope for email audit api in your case)

https://developers.google.com/drive/web/delegation

Make sure you complete the steps for 'Delegate domain-wide authority to your service account'.

Finally, if you take a look at the PHP code sample, you can see that you will need the scope, the user you are trying to impersonate and your service account.

Upvotes: 2

Related Questions