Author Archives: Google Apps Developer Blog Editor

Enhancements to coursework in the Classroom API

Posted by Greg Zecchini, Google Classroom Software Engineer

Hundreds of education developers use the Classroom API to integrate their applications with Google Classroom. Last year, we announcedthe ability for external applications to read and write assignments. We've received a lot of feedback from developers who began integrating assignments with Classroom, and they said that they wanted to do even more.
Today, we're making the coursework endpoints more robust, with additional management capabilities. Applications can now:
  • Create and update questions
  • Modify and delete coursework
  • Add Drive items and YouTube videos to coursework and student submissions
Flat Education, a collaborative music notation app, already integrates with Classroom to let teachers quickly synchronize rosters and assignments, and design music activities accessible to students with just one click from Google Classroom. Flat has been piloting the new API functionality to create a more seamless integration. Flat CTO Vincent Giersch notes, "the support of Google Drive in the Google Classroom API is simply great: all the music scores created with G Suite for Education accounts on Flat being already Drive files, we can now directly add our Drive files in the assignments and students submissions. This will make possible for teachers and students to use Google Classroom with Flat as they would do with Google Docs."


In case you missed it, we've also made other recent updates to managing parents and guardians with the API. Classroom sends daily or weekly email summaries to guardians, and applications using the API to manage guardians can now detect if guardian visibility is enabled for a course, and list all guardians and guardian invitations in a domain.

For more details on what you can build with coursework, review the documentation, the FAQ, and ask questions on Stack Overflow. As always, let us know what you're building using the #withClassroom hashtag on Twitter or Google+. We look forward to working together to make it even easier for teachers and students to use the tools they love with Classroom.

Formatting text with the Google Slides API

Posted by Wesley Chun (@wescpy), Developer Advocate, G Suite

It's common knowledge that presentations utilize a set of images to impart ideas to the audience. As a result, one of the best practices for creating great slide decks is to minimize the overall amount of text. It means that if you do have text in a presentation, the (few) words you use must have higher impact and be visually appealing. This is even more true when the slides are generated by a software application, say using the Google Slides API, rather than being crafted by hand.

The G Suite team recently launched the first Slides API, opening up a whole new category of applications. Since then, we've published several videos to help you realize some of those possibilities, showing you how to replace text and images in slides as well as how to generate slides from spreadsheet data. To round out this trifecta of key API use cases, we're adding text formatting to the conversation.

Developers manipulate text in Google Slides by sending API requests. Similar to the Google Sheets API, these requests come in the form of JSON payloads sent to the API's batchUpdate() method. Here's the JavaScript for inserting text in some shape (shapeID) on a slide: 

{
    "insertText": {
        "objectId": shapeID,
        "text": "Hello World!\n"
}

In the video, developers learn that writing text, such as the request above, is less complex than reading or formatting because both the latter require developers to know how text on a slide is structured. Notice for writing that just the copy, and optionally an index, are all that's required. (That index defaults to zero if not provided.)

Assuming "Hello World!" has been successfully inserted in a shape on a slide, a request to bold just the "Hello" looks like this: 

{
    "updateTextStyle": {
        "objectId": shapeID,
        "style": {
            "bold": true
        },
        "textRange": {
            "type": "FIXED_RANGE",
            "startIndex": 0,
            "endIndex": 5
        },
        "fields": "bold"
}
If you've got at least one request, like the ones above, in an array named requests, you'd ask the API to execute them with just one call to the API, which in Python looks like this (assuming SLIDES is your service endpoint and the slide deck ID is deckID): 
SLIDES.presentations().batchUpdate(presentationId=deckID,
        body=requests).execute()

To better understand text structure & styling in Google Slides, check out the text concepts guidein the documentation. For a detailed look at the complete code sample featured in the DevByte, check out the deep dive post. To see more samples for common API operations, take a look at this page. We hope the videos and all these developer resources help you create that next great app that automates producing highly impactful presentations for your users!

Modifying email signatures with the Gmail API

Posted by Wesley Chun (@wescpy), Developer Advocate, G Suite

The Gmail API team introduced a new settings feature earlier this year, and today, we're going to explore some of that goodness, showing developers how to update Gmail user settings with the API.

Email continues to be a dominant form of communication, personally and professionally, and our email signature serves as both a lightweight introduction and a business card. It's also a way to slip-in a sprinkling of your personality. Wouldn't it be interesting if you could automatically change your signature whenever you wanted without using the Gmail settings interface every time? That is exactly what our latest video is all about.

If your app has already created a Gmail API service endpoint, say in a variable named GMAIL, and you have the YOUR_EMAIL email address whose signature should be changed as well as the text of the new signature, updating it via the API is as pretty straightforward, as illustrated by this Python call to the GMAIL.users().settings().sendAs().patch() method: 

signature = {'signature': '"I heart cats."  ~anonymous'}
GMAIL.users().settings().sendAs().patch(userId='me',
        sendAsEmail=YOUR_EMAIL, body=signature).execute()

For more details about the code sample used in the requests above as well as in the video, check out the deepdive post. In addition to email signatures, other settings the API can modify include: filters, forwarding (addresses and auto-forwarding), IMAP and POP settings to control external email access, and the vacation responder. Be aware that while API access to most settings are available for any G Suite Gmail account, a few sensitive operations, such as modifying send-as aliases or forwarding, are restricted to users with domain-wide authority.

Developers interested in using the Gmail API to access email threads and messages instead of settings can check out this other video where we show developers how to search for threads with a minimum number of messages, say to look for the most discussed topics from a mailing list. Regardless of your use-case, you can find out more about the Gmail API in the developer documentation. If you're new to the API, we suggest you start with the overview page which can point you in the right direction!

Be sure to subscribe to the Google Developers channel and check out other episodes in the G Suite Dev Show video series.

Generating slides from spreadsheet data

Posted by Wesley Chun (@wescpy), Developer Advocate, G Suite

The G Suite team recently launched the very first Google Slides API, opening up a whole new set of possibilities, including leveraging data already sitting in a spreadsheet or database, and programmatically generating slide decks or slide content based on that data. Why is this a big deal? One of the key advantages of slide decks is that they can take database or spreadsheet data and make it more presentable for human consumption. This is useful when the need arises to communicate the information reflected by that data to management or potential customers.

Walking developers through a short application demonstrating both the Sheets and Slides APIs to make this happen is the topic of today's DevByte video. The sample app starts by reading all the necessary data from the spreadsheet using the Sheets API. The Slides API takes over from there, creating new slides for the data, then populating those slides with the Sheets data.

Developers interact with Slides by sending API requests. Similar to the Google Sheets API, these requests come in the form of JSON payloads. You create an array like in the JavaScript pseudocode below featuring requests to create a cell table on a slide and import a chart from a Sheet:


var requests = [
   {"createTable": {
       "elementProperties":
           {"pageObjectId": slideID},
       "rows": 8,
       "columns": 4
   }},
   {"createSheetsChart": {
       "spreadsheetId": sheetID,
       "chartId": chartID,
       "linkingMode": "LINKED",
       "elementProperties": {
           "pageObjectId": slideID,
           "size": {
               "height": { ... },
               "width": { ... }
           },
           "transform": { ... }
       }
   }}
];
If you've got at least one request, say in a variable named requests (as above), including the Sheet's sheetID and chartID plus the presentation page's slideID. You'd then pass it to the API with just one call to the presentations().batchUpdate() command, which in Python looks like the below if SLIDES is your API service endpoint:
SLIDES.presentations().batchUpdate(presentationId=slideID,
       body=requests).execute()

Creating tables is fairly straightforward. Creating charts has some magical features, one of those being the linkingMode. A value of "LINKED" means that if the Sheet data changes (altering the chart in the Sheet), the same chart in a slide presentation can be refreshed to match the latest image, either by the API or in the Slides user interface! You can also request a plain old static image that doesn't change with the data by selecting a value of "NOT_LINKED_IMAGE" for linkingMode. More on this can be found in the documentationon creating charts, and check out the video where you'll see both those API requests in action.

For a detailed look at the complete code sample featured in the video, check out the deep dive post. We look forward to seeing the interesting integrations you build with the power of both APIs!

Formatting cells with the Google Sheets API

Posted by Wesley Chun (@wescpy), Developer Advocate, G Suite
At Google I/O earlier this year, we launched a new Google Sheets API (click here to watch the entire announcement). The updated API includes many new features that weren't available in previous versions, including access to more functionality found in the Sheets desktop and mobile user interfaces. Formatting cells in Sheets is one example of something that wasn't possible with previous versions of the API and is the subject of today's DevByte video.
In our previous Sheets API video, we demonstrated how to get data into and out of a Google Sheet programmatically, walking through a simple script that reads rows out of a relational database and transferring the data to a new Google Sheet. The Sheet created using the code from that video is where we pick up today.

Formatting spreadsheets is accomplished by creating a set of request commands in the form of JSON payloads, and sending them to the API. Here is a sample JavaScript Object made up of an array of requests (only one this time) to bold the first row of the default Sheet automatically created for you (whose ID is 0): 

{"requests": [
    {"repeatCell": {
        "range": {
            "sheetId": 0,
            "startRowIndex": 0,
            "endRowIndex": 1
        },
        "cell": {
            "userEnteredFormat": {
                "textFormat": {
                    "bold": true
                }
            }
        },
        "fields": "userEnteredFormat.textFormat.bold"
    }}
]}
With at least one request, say in a variable named requests and the ID of the sheet as SHEET_ID, you send them to the API via an HTTP POST to https://sheets.googleapis.com/v4/spreadsheets/{SHEET_ID}:batchUpdate, which in Python, would be a single call that looks like this: 
SHEETS.spreadsheets().batchUpdate(spreadsheetId=SHEET_ID,
        body=requests).execute()

For more details on the code in the video, check out the deepdive blog post. As you can probably guess, the key challenge is in constructing the JSON payload to send to API calls—the common operations samples can really help you with this. You can also check out our JavaScript codelab where we guide you through writing a Node.js app that manages customer orders for a toy company, featuring the toy orders data we looked at today but in a relational database. While the resulting equivalent Sheet is featured prominently in today's video, we will revisit it again in an upcoming episode showing you how to generate slides with spreadsheet data using the new Google Slides API, so stay tuned for that!

We hope all these resources help developers enhance their next app using G Suite APIs! Please subscribe to our channel and tell us what topics you would like to see in other episodes of the G Suite Dev Show!

Introducing the Google Slides API

Posted by Wesley Chun, Developer Advocate, G Suite

At Google I/O 2016, we gave developers a preview of the Google Slides API. Since then, the gears have been cranking at full speed, and we've been working with various early-access partners and developers to showcase what you can do with it. Today, we're happy to announce that the Slides API v1 is now generally available and represents the first time that developers have ever been able to programmatically access Slides!

The Slides API breaks new ground, changing the way that presentations are created. No longer do they require manual creation by users on their desktops or mobile devices. Business data on inventory items like retail merchandise, homes/property, hotels/lodging, restaurants/menus, venues/events, and other "cataloged" assets can be instantly turned into presentations based on pre-existing slide templates. Traditionally, the sheer amount of data (and of course time[!]) that went into creating these slide decks made it unwieldy if done by hand. Applications leveraging the API can easily generate presentations like these, customized as desired, and in short order.

Developers use the API by crafting a JSON payload for each request. (We recommend you batch multiple commands together to send to the API.) You can think of these as actions one can perform from the Slides user interface but available programmatically. To give you an idea of how the new API works, here are what some requests look like for several common operations: 

// create new slide (title & body layout)
{
    "createSlide": {
        "slideLayoutReference": {
            "predefinedLayout": "TITLE_AND_BODY"
        }
    }
},
// insert text into textbox
{
    "insertText": {
        "objectId": titleID,
        "text": "Hello World!"
    }
},
// add bullets to text paragraphs
{
    "createParagraphBullets": {
        "objectId": shapeID,
        "textRange": {
            "type": "ALL"
        }
    }
},
// replace text "variables" with image
{
    "replaceAllShapesWithImage": {
        "imageUrl": imageURL,
        "replaceMethod": "CENTER_INSIDE",
        "containsText": {
            "text": "{{COMPANY_LOGO}}"
        }
    }
}

If you're interested in seeing what developers have already built using the API, take a look at our initial set of partner integrations by Conga, Trello, Lucidchart, Zapier and more, as described in detail in our G Suite blog post.


To help you get started, check out the DevByte above from our new series dedicated to G Suite developers. In the video, we demonstrate how to take "variables" or placeholders in a template deck and use the API to generate new decks replacing those proxies with the desired text or image. Want to dive deeper into its code sample? Check out this blogpost. If you're not a Python developer, it'll be your pseudocode as you can use any language supported by the Google APIs Client Libraries. Regardless of your development environment, you can use similar "scaffolding" to generate many presentations with varying content for your users. Stay tuned for more videos that highlight other Slides API features.

The Slides API is available to projects in your Google Developers console today. Developers can find out more in the official documentation which features an API overview plus Quickstarts, sample code in multiple languages and environments, to bootstrap your next project. We look forward to seeing all the amazing slide deck generating applications you build with our first ever API!

Introducing the Google Slides API

Posted by Wesley Chun, Developer Advocate, G Suite

At Google I/O 2016, we gave developers a preview of the Google Slides API. Since then, the gears have been cranking at full speed, and we've been working with various early-access partners and developers to showcase what you can do with it. Today, we're happy to announce that the Slides API v1 is now generally available and represents the first time that developers have ever been able to programmatically access Slides!

The Slides API breaks new ground, changing the way that presentations are created. No longer do they require manual creation by users on their desktops or mobile devices. Business data on inventory items like retail merchandise, homes/property, hotels/lodging, restaurants/menus, venues/events, and other "cataloged" assets can be instantly turned into presentations based on pre-existing slide templates. Traditionally, the sheer amount of data (and of course time[!]) that went into creating these slide decks made it unwieldy if done by hand. Applications leveraging the API can easily generate presentations like these, customized as desired, and in short order.

Developers use the API by crafting a JSON payload for each request. (We recommend you batch multiple commands together to send to the API.) You can think of these as actions one can perform from the Slides user interface but available programmatically. To give you an idea of how the new API works, here are what some requests look like for several common operations: 

// create new slide (title & body layout)
{
    "createSlide": {
        "slideLayoutReference": {
            "predefinedLayout": "TITLE_AND_BODY"
        }
    }
},
// insert text into textbox
{
    "insertText": {
        "objectId": titleID,
        "text": "Hello World!"
    }
},
// add bullets to text paragraphs
{
    "createParagraphBullets": {
        "objectId": shapeID,
        "textRange": {
            "type": "ALL"
        }
    }
},
// replace text "variables" with image
{
    "replaceAllShapesWithImage": {
        "imageUrl": imageURL,
        "replaceMethod": "CENTER_INSIDE",
        "containsText": {
            "text": "{{COMPANY_LOGO}}"
        }
    }
}

If you're interested in seeing what developers have already built using the API, take a look at our initial set of partner integrations by Conga, Trello, Lucidchart, Zapier and more, as described in detail in our G Suite blog post.


To help you get started, check out the DevByte above from our new series dedicated to G Suite developers. In the video, we demonstrate how to take "variables" or placeholders in a template deck and use the API to generate new decks replacing those proxies with the desired text or image. Want to dive deeper into its code sample? Check out this blogpost. If you're not a Python developer, it'll be your pseudocode as you can use any language supported by the Google APIs Client Libraries. Regardless of your development environment, you can use similar "scaffolding" to generate many presentations with varying content for your users. Stay tuned for more videos that highlight other Slides API features.

The Slides API is available to projects in your Google Developers console today. Developers can find out more in the official documentation which features an API overview plus Quickstarts, sample code in multiple languages and environments, to bootstrap your next project. We look forward to seeing all the amazing slide deck generating applications you build with our first ever API!

Peeking into the future of work with Salesforce

Posted by Tom Holman, Product Manager, Google Sheets

Originally posted to Google Cloud

When it comes to redefining how people go about their everyday work, Google and Salesforce have shared a remarkably similar path, with our roots planted firmly in the cloud.

That's why we were very excited to share the stage last week at Dreamforce to showcase two integrations that Salesforce built on top of G Suite: Salesforce Lightning for Gmail and Sales Cloud integration with Google Sheets. In addition to existing integrations with Google Calendar, Gmail (for Salesforce IQ), Drive and Contacts, these new offerings will go a long way in helping people work effectively with smarter tools.

Salesforce Lightning for Gmail

Salesforce Lightning for Gmail

At Dreamforce, we showcased the upcoming Lightning for Gmail integration, which brings together our leading CRM and email services.

With this integration, sales reps can now streamline repetitive but important tasks: they can review Salesforce records relevant to their emails, add contacts from their address book into Salesforce, and even create new Salesforce records, all from within Gmail.

A pilot of Lightning for Gmail will be available by the end of this year for free to all Salesforce customers. Interested customers can contact their Salesforce account managers to sign up for the pilot program.

Sales Cloud and Google Sheets

Link any Sales Cloud List View to a source Google Sheet, and view, edit, and delete that data directly.

The Sales Cloud integration with Sheets, meanwhile, makes it easy for sales reps to link any Salesforce List View to a Google Sheet. Users can also view, edit, and delete records within Sheets and sync those changes back to Salesforce. Better still, the integration also supports your business logic and validation rules.

We gave a joint preview of the Sales Cloud and Google Sheets integration at Google I/O this summer, and today are happy to announce that it will be available in beta to all Sales Cloud customers by the end of this year.

We had a blast working with the Salesforce team to bring these new solutions to life.

Increased account security via OAuth 2.0 token revocation

Posted by Michael Winser, Product Lead, Google Apps and Wesley Chun, Developer Advocate, Google Apps

Last week, we clarified the expectations and responsibilities when accessing Google user data via OAuth 2.0. Today, we’re announcing that in order to better protect users, we are increasing account security for enterprise Gmail users effective October 5, 2016. At this time, a new policy will take effect whereby users in a Google Apps domain, while changing their passwords on or after this date, will result in the revocation of the OAuth 2.0 tokens of apps that access their mailboxes using Gmail-based authorization scopes. Please note that users will not notice any specific changes on this date and their applications will continue to work. It is only when a user changes their password from that point moving forward that their Gmail-related tokens become invalid.

Developers should modify their applications to handle HTTP 400 or 401 error codes resulting from revoked tokens and prompt their users to go through the OAuth flow again to re-authorize those apps, such that they can access the user’s mailbox again (additional details below). Late last year, we announceda similar, planned change to our security policy that impacted a broader set of authorization scopes. We later decidednot to move forward with that change for Apps customers and began working on a less impactful update as described above.

What is a revoked token?

A revoked OAuth 2.0 token no longer provides access to a user’s resources. Any attempt to use a revoked token in API calls will result in an error. Any existing token strings will no longer have any value and should be discarded. Applications accessing Google APIs should be modified to handle failed API calls.

Token revocation itself is not a new feature. Users have always been able to revoke access to applications in Security Checkup, and Google Apps admins have the ability to do the same in the Admin console. In addition, tokens that were not used for extended periods of time have always been subject to expiration or revocation. This change in our security policy will likely increase the rate of revoked tokens that applications see, since in some cases the process will now take place automatically.

What APIs and scopes are impacted?

To achieve the security benefits of this policy change with minimal admin confusion and end-user disruption, we’ve decided to limit its application to mail scopes only and to exclude Apps Script tokens. Apps installed via the Google Apps Marketplace are also not subject to the token revocation. Once this change is in effect, third-party mail apps like Apple Mail and Thunderbird―as well as other applications that use multiple scopes that include at least one mail scope―will stop accessing data upon password reset until a new OAuth 2.0 token has been granted. Your application will need to detect this scenario, notify the user that your application has lost access to their account data, and prompt them to go through the OAuth 2.0 flow again.

Mobile mail applications are also included in this policy change. For example, users who use the native mail application on iOS will have to re-authorize with their Google account credentials when their password has been changed. This new behavior for third-party mail apps on mobile aligns with the current behavior of the Gmail apps on iOS and Android, which also require re-authorization upon password reset.

How can I determine if my token was revoked?

Both short-lived access tokens and long-lived refresh tokens will be revoked when a user changes their password. Using a revoked access token to access an API or to generate a new access token will result in either HTTP 400 or 401 errors. If your application uses a library to access the API or handle the OAuth flow, then these errors will likely be thrown as exceptions. Consult the library’s documentation for information on how to catch these exceptions. NOTE: because HTTP 400 errors may be caused by a variety of reasons, expect the payload from a 400 due to a revoked token to be similar to the following: 

{
  "error_description": "Token has been revoked.", 
  "error": "invalid_grant"
}

How should my application handle revoked tokens?

This change emphasizes that token revocation should be considered a normal condition, not an error scenario. Your application should expect and detect the condition, and your UI should be optimized for restoring tokens.

To ensure that your application works correctly, we recommend doing the following:

  • Add error handling code around API calls and token refreshes that can detect revoked tokens.
  • Upon detecting a revoked token, disable any application features that rely on Google API access until the user can re-authorize your application. For example, suspend any recurring background jobs that sync data with a Google API which may be affected.
  • Notify the user that access has been revoked and prompt them to re-authorize access to their resources.
    • If your app interacts directly with the user, you will need to prompt the user to re-authorize, i.e., send an email to the user and/or show them an alert the next time they open your application.
    • However, if your app runs independently of the user, say a background app that uses the Gmail API, you'll need to notify the user through email or some other mechanism.
    • Provide a streamlined UI for re-authorizing access. Avoid having users navigate through your application to find the original setting.
    • Note that revoked tokens will result in similar error messages regardless of how the token was revoked. Your messaging should not assume that the token was revoked due to a password change.

If your application uses incremental authorization to accrue multiple scopes in the same token, you should track which features and scopes a given user has enabled. The end result is that if your app requested and obtained authorization for multiple scopes, and at least one of them is a mail scope, that token will be revoked, meaning you will need to prompt your user to re-authorize for all scopes originally granted.

Many applications use tokens to perform background or server-to-server API calls. Users expect this background activity to continue reliably. Since this policy change also affects those apps, this makes prompt notification requesting re-authorization even more important.

What is the timeline for this change?

To summarize, properly configured applications should be expected to handle invalid tokens in general, whether they be from expiration, non-existence, and revocation as normal conditions. We encourage developers to make any necessary changes to give their users the best experience possible. The policy change is planned to take effect on October 5, 2016.

Please see this Help Center article and FAQ for more details and the full list of mail scopes. Moving forward, any additional scopes to be added to the policy will be communicated in advance. We will provide those details as they become available.

Setting Expectations for Accessing User Data via OAuth

Posted by William Denniss, Product Manager, Identity and Authentication
Lavanya Mahendran, Policy Advisor, Google Cloud Platform and Google APIs

Developers have created an exciting ecosystem of mobile and web applications that offer a seemingly infinite array of features and services for consumers to utilize. Today you can download applications that offer to increase your productivity at work, as well as applications that manage your daily expenses or help you meditate, and many more.

We know that our users love using these applications, and we recognize that often Google users want to share their data with these applications to personalize or enhance the experience. Google provides a rich variety of API services that developers may access, and we provide developers the ability to request permission directly from our users when they want to access various categories of user data.

The privacy and security of our users’ data is very important to us, and we’ve always expected developers to treat Google user data with transparency and concern for user choice. Among other things, this means that we’ve long expected developers to get informed consent when they request access to user data, so that users understand what data they are sharing and how it will be used.

We’re always looking for ways to make our requirements more accessible to everyone, including our end-users. To that end, we recently published expanded policy guidelines for developers who wish to access Google user data using our API services. We hope this guidance will help developers and Google users interact in a manner that is informed and overall consistent with user expectations.

Read the full Google API Services User Data policy.

We hope that developers and Google users find this policy guidance helpful. We believe that transparency around the collection and use of Google user data is necessary to ensure informed user consent, but also that it genuinely fosters a helpful and productive dialogue between developers and users that ultimately benefits the entire ecosystem. Google account users can review and manage the apps and websites connected to their Google account from the My Accountpage. If you have any questions or comments, please let us know in the comment section below.