Use the Google Cloud Identity API for Google Groups

As an admin you can use the Admin SDK API to manage your domain and manage your Google Groups, but now Google also create a dedicated entry in the Cloud Identity API to manage Groups.

Find in this article some REST and Apps Script code to query the Cloud Identity API.

Helper functions

To use the API we need to helper functions in order to get some parameters for querying it.

function getCustomerId(){
  var me = AdminDirectory.Users.get(Session.getEffectiveUser().getEmail())
  Logger.log(me.customerId)
  return me.customerId
}

Customer ID is needed to retrieve all groups of your domain.

function getGroupName(email){
  var url = "https://cloudidentity.googleapis.com/v1beta1/groups?parent=customers/"+getCustomerId();
  var param = {
    method      : "get",
    headers     : {"Authorization": "Bearer " + ScriptApp.getOAuthToken()},
//    muteHttpExceptions:true,
  };
  var pageToken ;
  do{
    var page = JSON.parse(UrlFetchApp.fetch(url,param).getContentText());
    if(page.groups && page.groups.length > 0){
      for(var i = 0; i< page.groups.length;i++){
        if(page.groups[i].groupKey.id === email){
          return page.groups[i].name
        }
      }
    }
    pageToken = page.nextPageToken
  }while(pageToken)
  throw "Can't find Group Name for the email specified";
}

To get user in a groups or manage the group you will need its group name and it is not the email so you will need to find it.

List and get users for a groups

Here the code to list Groups of your domain with the Cloud Identity API.

function listGoogleGroups() {
  var url = "https://cloudidentity.googleapis.com/v1beta1/groups?parent=customers/"+getCustomerId();
  var param = {
    method      : "get",
    headers     : {"Authorization": "Bearer " + ScriptApp.getOAuthToken()},
//    muteHttpExceptions:true,
  };
  var pageToken ;
  var results = [];
  do{
    var page = JSON.parse(UrlFetchApp.fetch(url,param).getContentText());
    if(page.groups && page.groups.length > 0){
      for(var i = 0; i< page.groups.length;i++){
        var group = page.groups[i]
        results.push([group.name,group.groupKey.id,group.displayName])
       
      }
    }
    pageToken = page.nextPageToken
  }while(pageToken)
  Logger.log(results);
}

And here the code to get the user in a groups with the Cloud Identity API

function getGroupsMemberships(){
  var email = 'support@cloud34.fr';
  var url = 'https://cloudidentity.googleapis.com/v1beta1/'+getGroupName(email)+'/memberships';
   var param = {
    method      : "get",
    headers     : {"Authorization": "Bearer " + ScriptApp.getOAuthToken()},
//    muteHttpExceptions:true,
  };
  var pageToken ;
  var results = [];
  results.push(['Email','Role','Id'])
do{
    var page = JSON.parse(UrlFetchApp.fetch(url,param).getContentText());
    if(page.memberships && page.memberships.length > 0){
      for(var i = 0; i< page.memberships.length;i++){
        var user = page.memberships[i]
        results.push([user.preferredMemberKey.id,user.roles[0].name,user.name])
      }
    }
    pageToken = page.nextPageToken
  }while(pageToken)
  Logger.log(results);
}

The cloud identoty API is a more generic API than the Admin SDK that is why you can’t go directly find details by email but it will provide more features of you are for example using groups in a GCP application.

Find the code on GithHub : link