Directory API Overview
Stay organized with collections
Save and categorize content based on your preferences.
The Directory API is part of the RESTful Admin SDK API that can be used to
programmatically create and manage admin-controlled resources owned by a
Google Workspace account. Some use cases include:
- Creating and managing users and adding administrators.
- Creating and managing groups and group memberships.
- Monitoring devices connected to your domain and taking action on lost
devices.
- Managing your org chart and organization structures.
- Auditing applications your users have granted access to and revoking
unauthorized apps.
Following is a list of common terms used in the Directory API:
- Customer
- The entity that owns the Google Workspace account, represented by the
Customer resource.
- Domain
- If applicable, the DNS domain associated with a Google Workspace account,
represented by the
Domain resource. Not all
accounts have an associated domain.
- Organizational unit (OU)
- A sub-unit of a Google Workspace account's organizational tree, used to
group and sort users for the purpose of applying policies and granting
authorizations. An OU is represented by the
OrgUnit resource.
- Privilege
- The ability of a user to perform an action on a Google Workspace resource.
Applies primarily to admins. A privilege is represented by the
Privilege
resource.
- Role
- A defined collection of privileges that can be assigned to a user or set of
users, represented by the
Role resource.
- Role assignment
- A record indicating which user is granted what roles, and over what scope.
A role assignment is represented by the
RoleAssignment
resource.
- Schema
- A JSON object that defines custom user attributes for your organization,
represented by the
Schema resource.
- User
- An individual end user account with access to Google Workspace apps and
resources, represented by the
User resource.
Next steps
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-28 UTC.
[null,null,["Last updated 2025-08-28 UTC."],[],[],null,["# Directory API Overview\n\n|-------------------------------------------------------------------------------------------------------------------------------------------|\n| Got 5 minutes? Help us improve our Google Workspace documentation by taking a quick [online survey](https://forms.gle/XcqRP3PJiQv9ADuj9). |\n\nThe Directory API is part of the RESTful Admin SDK API that can be used to\nprogrammatically create and manage admin-controlled resources owned by a\nGoogle Workspace account. Some use cases include:\n\n- Creating and managing users and adding administrators.\n- Creating and managing groups and group memberships.\n- Monitoring devices connected to your domain and taking action on lost devices.\n- Managing your org chart and organization structures.\n- Auditing applications your users have granted access to and revoking unauthorized apps.\n\nFollowing is a list of common terms used in the Directory API:\n\n*Customer*\n: The entity that owns the Google Workspace account, represented by the\n [Customer](/workspace/admin/directory/reference/rest/v1/customers) resource.\n\n*Domain*\n: If applicable, the DNS domain associated with a Google Workspace account,\n represented by the\n [Domain](/workspace/admin/directory/reference/rest/v1/domains) resource. Not all\n accounts have an associated domain.\n\n*Organizational unit (OU)*\n: A sub-unit of a Google Workspace account's organizational tree, used to\n group and sort users for the purpose of applying policies and granting\n authorizations. An OU is represented by the\n [OrgUnit](/workspace/admin/directory/reference/rest/v1/orgunits) resource.\n\n*Privilege*\n: The ability of a user to perform an action on a Google Workspace resource.\n Applies primarily to admins. A privilege is represented by the\n [Privilege](/workspace/admin/directory/reference/rest/v1/privileges/list#Privilege)\n resource.\n\n*Role*\n: A defined collection of privileges that can be assigned to a user or set of\n users, represented by the\n [Role](/workspace/admin/directory/reference/rest/v1/roles) resource.\n\n*Role assignment*\n: A record indicating which user is granted what roles, and over what scope.\n A role assignment is represented by the\n [RoleAssignment](/workspace/admin/directory/reference/rest/v1/roleAssignments)\n resource.\n\n*Schema*\n: A JSON object that defines custom user attributes for your organization,\n represented by the\n [Schema](/workspace/admin/directory/reference/rest/v1/schemas) resource.\n\n*User*\n: An individual end user account with access to Google Workspace apps and\n resources, represented by the\n [User](/workspace/admin/directory/reference/rest/v1/users) resource.\n\nNext steps\n----------\n\n- To learn about developing with Google Workspace APIs, including handling\n authentication and authorization, refer to\n [Get started as a Workspace developer](/workspace/guides/getstarted-overview).\n\n- To learn how to configure and run a simple Directory API app, try the\n [JavaScript quickstart](/workspace/admin/directory/v1/quickstart/js)."]]
