Next problem to solve with Google Marketplace is enabling Provisioning API of Google Apps. During deploying of a web app to Google Apps it would be nice to fetch users list and prepare accounts for them.

Generally for this purpose Google Apps expose Provisioning API. The problem is that it works slightly different when it is used by Google Apps admins (when they do some scripting for themselves) and when it is used by third-party web app providers. So the differences:

• authentication mechanism is different: 2-legged OAuth is used by third-party web app vendors
• normally Provisioning API is available only in Premium Google Apps but for third-party web app providers it is also available in Standard Google Apps (only in read-only mode)

So to enable using Provisioning API one must:

• Prepare web application manifest
• Use properly crafted code for fetching users

Application manifest with Provisioning API scope

To get access to Google Apps data third party web app must declare in manifest that it will use indicated data from Google Apps. The access is granted by administrator during web app installation.

Following manifest example shows what should be added.

)
    return user

This code differs in two things from regular code that is used to retrieve users data from your own Google Apps domain:

• requestor id is not passed to SetOAuthInputParameters method - if it is passed then it will not work
• secret keys are taken from the listing that is present in your vendor profile on Google Apps Marketplace - i.e. these are not keys of Google Apps domain from which normally used to retrieve the data

So this is all that is needed to get access and retrieve data from customers of Google Apps.