searching all Gmail accounts within the company - gmail

Our company uses Google Apps, and I want to find a way to search the All Mail folders of all employees simultaneously: the goal is to return a complete list of emails our company has had to/from a given email address. I am new to the Gmail APIs - is there a way to do what I'm hoping to do? Any advice would be appreciated. Thanks!

I am a little worried about the ethics of doing this, I would imagine it would be a concern for your domain users also but it is technically possible.
I believe this is the kind of service that Postini could provide for you.
Alternatively you can use 2 legged OAuth in conjunction with Gmail IMAP. This could allow you to programmatically iterate through your domain users, login to IMAP and search for the e-mail address. See Gmail IMAP and SMTP using OAuth
This may sound insecure but in order to enable this behaviour in the first place you would need to have Google Apps adminstrator access to your domain (to enable OAuth access and acquire the domain's Consumer Secret). See also OAuth: Managing the OAuth key and secret

Related

What's the simplest way to send emails using Node.js?

About two years ago, I created a Node.js application that would send emails periodically through Gmail's Less Secure Apps option. This worked quite well, but they recently got rid of it. I have G-Suite email addresses under my domain that I would like to send emails from, but the new Gmail API takes quite a bit of effort to set up and maintain. Is there a way that I can use Node.js to send emails from those addresses, but in a simpler way? Could I possibly use another SMTP server, like Yahoo or iCloud, with Nodemailer?
if you want to continue as you are just create an apps password.
otherwise you can configure a service account and set up domain wide deligation through your workspace domain account.
The service account will be able to send email on behalf of a user on your domain without any authorization needed. This is probably the most robust solution

Best way to plug users' gmail accounts into my system without triggering ominous warnings?

I am prototyping an automated messaging system with a few pilot companies and about 10 users. They want my system to send status emails on their behalf, from their gmail accounts. This can easily be accomplished when they enter their gmail usn/pwd into my system (it is AES 256-bit encrypted before being stored in the DB). The problem is that the first time my system tries to send a status email on their behalf, using their account, the message is blocked until "Allow less secure apps" is enabled. When they try again, it's blocked again, along with scary warnings being emailed to them by google saying that someone has their google password. Only after they click through that and verify that my system has permission to do this, all is good, no more warnings, and everything works.
I have been researching this and I have found 2 potential approaches for smoothing this process and avoiding the scary warnings to the users:
Enable 2-factor authentication in the google account, and use an app-specific password (per user I think??) to send the emails without any warnings.
Have my system use oauth2 with the gmail accounts so that google no longer considers my app "less secure".
My question is, what is the best approach, and how do I set this up? If my gmail users enable 2-factor authentication, can they store their code into my system, and my system uses that code for future auto-emails? Does it even work that way? My experience with 2-factor auth is that a code is sent to the user's phone each and every time. Is that not the case? Would a stored code on my server (1 per user) work over and over? Does it expire after a certain amount of time?
And my understanding with oauth2 is that my users would need to be actively logged in with their google account and somehow exchange tokens with my server, but I really don't know. Is there some way for my web server (PHP) to implement oauth2 in connection with gmail accounts?
In summary, what is the simplest way to send auto-generated gmails for my users who are paying for this service without triggering scary warnings from google? The volume of emails is low -- this isn't spam -- it's a status follow-up system for the workplace.
You are right on your second point; that is an easy way to accomplish your objectives. You'll first have to authorize your app with Gmail to work with OAuth. You can follow these links to learn how to implement authorization in your server, but you can also enter here to appreciate some examples. When you develop the authorization protocol, you can read the Gmail API to start working with your customer accounts.

Dedicated Services Account and Embedded Sending Experience

We are using the EnvelopeView: CreateSender endpoint on the server side and are authenticated under a service account we have dedicated for this process. Ultimately, we send a URL such as https://demo.docusign.net/Member/StartInSession.aspx?StartConsole=1&t=<GUID>&DocuEnvelope=<ENVELOPEID>&send=1 back to the end user to pick the signers, and populate tags.
All works fantastically, however, we were hoping to make it so the user can only see and populate the information for this single document. Currently, once the user clicks the link they are essentially authenticated as our backend service account and if they open another tab in their browser and go to (https://demo.docusign.net) they can see all documents and even change the password of the account if they wanted.
Is there a way to restrict this in any way? Would the experience be different if purchased an “API” account not tried to use an actual user account on the backend? Yes, we know about OAuth, but we don’t really want to impersonate the sender and prefer to keep a dedicated service account.
An "API" account would give you the same issues as dedicating one of your current users as a "Services Account," so I don't think that's a solution.
Instead, I suggest that you move all of the functionality that's needed upstream into your app. That way you will not need to present the Sender view to your users.
Your app can enable your users to:
choose who the envelope will be sent to
choose/edit the email messages, etc
choose the documents that will be sent
etc
If you have preset templates that include the document tabs/fields for the signers then there is no reason for the sender to deal with the sending screen for picking the tab/field locations on the documents.
This type of app will also give a smoother user experience to your users since they'll stay in your app rather than bouncing over to DocuSign for part of the task.

Is there an API to the GMail server?

I know there's an API for a Gmail plugin in your browser. Is there one for the server? For example, if I want to write an anti-virus app that reads emails coming in to an account on the server, then let's them continue or quarantines them - all before the user ever sees them?
Obviously it would have to be authorized for the users it did this for.
EDIT: As of 26/06/2014, this answer has become incorrect, as Google just released a dedicated API to GMail. See the link in this post for reference.
Original answer below this line :
From a technological perspective, it's a mail server just like any other.
Thus, your choice should fall on a mail protocol. It's also already answered in the question you linked: https://stackoverflow.com/a/2820280/1680196
Your app would open an IMAP connection to your mail server of choice (in this case gmail), scan for incoming mail, read the content and trigger a delete / move to trash if necessary.
Personally, I wouldn't trust any app like this running outside my own mailserver / mail client, since this use case requires full read and write access to a users mails.
There might be some API for Google Apps for Domains mail accounts, but I doubt this goes beyond the RSS mail notifications.
Edit: Official Google api documentation also refers to IMAP for accessing user inboxes. Link to IMAP OAuth overview. With application specific passwords users could enable your app to access their account without exposing their actual credentials, but beyond that I fear you are out of luck.
There is an HTTP REST API now!
http://developers.google.com/gmail/api/
(And has been for years if you were willing to use IMAP. :-D)

Count sent emails per day in a google managed domain

I have a requirement where I have to count all sent email by users belonging to a domain that they manage with google. All email is of course managed with gmail.
Although this task initialy seemed trivial, there doesn't seem to be a way to do this directly, meaning through some API call.
Any ideas?
Thanks
Stelios
As far as I know the Gmail API doesn't offer access to the total of send items.
Tthe g4j project (written in Java) reverse engineered Gmail's protocol in order to access an account using HTTP calls. However, the solution is fragile since it could be easily broken whenever Gmail decides to change its HTTP protocol.
Screenshot of a Java application build on top of g4j:
It's not easy but there is a way to access a gmail account.

Resources