google-workspace-adminGoogle Workspace Admin SDK integration with managed OAuth. Manage users, groups, organizational units, and domain settings. Use this skill when users want to administer Google Workspace. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
Install via ClawdBot CLI:
clawdbot install byungkyu/google-workspace-adminAccess the Google Workspace Admin SDK with managed OAuth authentication. Manage users, groups, organizational units, roles, and domain settings for Google Workspace.
# List users in the domain
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer&maxResults=10')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOFhttps://gateway.maton.ai/google-workspace-admin/{native-api-path}Replace {native-api-path} with the actual Admin SDK API endpoint path. The gateway proxies requests to admin.googleapis.com and automatically injects your OAuth token.
All requests require the Maton API key in the Authorization header:
Authorization: Bearer $MATON_API_KEYEnvironment Variable: Set your API key as MATON_API_KEY:
export MATON_API_KEY="YOUR_API_KEY"Manage your Google OAuth connections at https://ctrl.maton.ai.
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections?app=google-workspace-admin&status=ACTIVE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOFpython <<'EOF'
import urllib.request, os, json
data = json.dumps({'app': 'google-workspace-admin'}).encode()
req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOFpython <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOFResponse:
{
"connection": {
"connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
"status": "ACTIVE",
"creation_time": "2025-12-08T07:20:53.488460Z",
"last_updated_time": "2026-01-31T20:03:32.593153Z",
"url": "https://connect.maton.ai/?session_token=...",
"app": "google-workspace-admin",
"metadata": {}
}
}Open the returned url in a browser to complete OAuth authorization.
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOFIf you have multiple Google Workspace Admin connections, specify which one to use with the Maton-Connection header:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOFIf omitted, the gateway uses the default (oldest) active connection.
GET /google-workspace-admin/admin/directory/v1/users?customer=my_customer&maxResults=100Query parameters:
customer - Customer ID or my_customer for your domain (required)domain - Filter by specific domainmaxResults - Maximum results per page (1-500, default 100)orderBy - Sort by email, familyName, or givenNamequery - Search query (e.g., email:john, name:John)pageToken - Token for paginationExample:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer&query=email:john*')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOFResponse:
{
"kind": "admin#directory#users",
"users": [
{
"id": "123456789",
"primaryEmail": "john@example.com",
"name": {
"givenName": "John",
"familyName": "Doe",
"fullName": "John Doe"
},
"isAdmin": false,
"isDelegatedAdmin": false,
"suspended": false,
"creationTime": "2024-01-15T10:30:00.000Z",
"lastLoginTime": "2025-02-01T08:00:00.000Z",
"orgUnitPath": "/Sales"
}
],
"nextPageToken": "..."
}GET /google-workspace-admin/admin/directory/v1/users/{userKey}userKey can be the user's primary email or unique user ID.
POST /google-workspace-admin/admin/directory/v1/users
Content-Type: application/json
{
"primaryEmail": "newuser@example.com",
"name": {
"givenName": "Jane",
"familyName": "Smith"
},
"password": "temporaryPassword123!",
"changePasswordAtNextLogin": true,
"orgUnitPath": "/Engineering"
}PUT /google-workspace-admin/admin/directory/v1/users/{userKey}
Content-Type: application/json
{
"name": {
"givenName": "Jane",
"familyName": "Smith-Johnson"
},
"suspended": false,
"orgUnitPath": "/Sales"
}PATCH /google-workspace-admin/admin/directory/v1/users/{userKey}
Content-Type: application/json
{
"suspended": true
}DELETE /google-workspace-admin/admin/directory/v1/users/{userKey}POST /google-workspace-admin/admin/directory/v1/users/{userKey}/makeAdmin
Content-Type: application/json
{
"status": true
}GET /google-workspace-admin/admin/directory/v1/groups?customer=my_customerQuery parameters:
customer - Customer ID or my_customer (required)domain - Filter by domainmaxResults - Maximum results (1-200)userKey - List groups for a specific userGET /google-workspace-admin/admin/directory/v1/groups/{groupKey}groupKey can be the group's email or unique ID.
POST /google-workspace-admin/admin/directory/v1/groups
Content-Type: application/json
{
"email": "engineering@example.com",
"name": "Engineering Team",
"description": "All engineering staff"
}PUT /google-workspace-admin/admin/directory/v1/groups/{groupKey}
Content-Type: application/json
{
"name": "Engineering Department",
"description": "Updated description"
}DELETE /google-workspace-admin/admin/directory/v1/groups/{groupKey}GET /google-workspace-admin/admin/directory/v1/groups/{groupKey}/membersPOST /google-workspace-admin/admin/directory/v1/groups/{groupKey}/members
Content-Type: application/json
{
"email": "user@example.com",
"role": "MEMBER"
}Roles: OWNER, MANAGER, MEMBER
PATCH /google-workspace-admin/admin/directory/v1/groups/{groupKey}/members/{memberKey}
Content-Type: application/json
{
"role": "MANAGER"
}DELETE /google-workspace-admin/admin/directory/v1/groups/{groupKey}/members/{memberKey}GET /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunitsQuery parameters:
type - all (default) or childrenorgUnitPath - Parent org unit pathGET /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits/{orgUnitPath}POST /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits
Content-Type: application/json
{
"name": "Engineering",
"parentOrgUnitPath": "/",
"description": "Engineering department"
}PUT /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits/{orgUnitPath}
Content-Type: application/json
{
"description": "Updated description"
}DELETE /google-workspace-admin/admin/directory/v1/customer/my_customer/orgunits/{orgUnitPath}GET /google-workspace-admin/admin/directory/v1/customer/my_customer/domainsGET /google-workspace-admin/admin/directory/v1/customer/my_customer/domains/{domainName}GET /google-workspace-admin/admin/directory/v1/customer/my_customer/rolesGET /google-workspace-admin/admin/directory/v1/customer/my_customer/roleassignmentsQuery parameters:
userKey - Filter by userroleId - Filter by rolePOST /google-workspace-admin/admin/directory/v1/customer/my_customer/roleassignments
Content-Type: application/json
{
"roleId": "123456789",
"assignedTo": "user_id",
"scopeType": "CUSTOMER"
}const headers = {
'Authorization': `Bearer ${process.env.MATON_API_KEY}`
};
// List users
const users = await fetch(
'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer',
{ headers }
).then(r => r.json());
// Create user
await fetch(
'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users',
{
method: 'POST',
headers: { ...headers, 'Content-Type': 'application/json' },
body: JSON.stringify({
primaryEmail: 'newuser@example.com',
name: { givenName: 'New', familyName: 'User' },
password: 'TempPass123!',
changePasswordAtNextLogin: true
})
}
);import os
import requests
headers = {'Authorization': f'Bearer {os.environ["MATON_API_KEY"]}'}
# List users
users = requests.get(
'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users',
headers=headers,
params={'customer': 'my_customer'}
).json()
# Create user
response = requests.post(
'https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users',
headers=headers,
json={
'primaryEmail': 'newuser@example.com',
'name': {'givenName': 'New', 'familyName': 'User'},
'password': 'TempPass123!',
'changePasswordAtNextLogin': True
}
)my_customer as the customer ID for your own domain/ (e.g., /Engineering/Frontend)curl -g when URLs contain brackets (fields[], sort[], records[]) to disable glob parsingjq or other commands, environment variables like $MATON_API_KEY may not expand correctly in some shell environments. You may get "Invalid API key" errors when piping.| Status | Meaning |
|--------|---------|
| 400 | Missing Google Workspace Admin connection |
| 401 | Invalid or missing Maton API key |
| 403 | Insufficient admin privileges |
| 404 | User, group, or resource not found |
| 429 | Rate limited (10 req/sec per account) |
| 4xx/5xx | Passthrough error from Admin SDK API |
MATON_API_KEY environment variable is set:echo $MATON_API_KEYpython <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOFgoogle-workspace-admin. For example:https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customerhttps://gateway.maton.ai/admin/directory/v1/users?customer=my_customerGenerated Mar 1, 2026
IT departments can automatically create Google Workspace accounts for new hires by integrating this skill with HR systems. The skill allows setting up user profiles, assigning to organizational units, and configuring email aliases without manual intervention, streamlining the onboarding process.
Administrators can manage group memberships and permissions for different departments like Sales, Engineering, or Finance. The skill enables bulk updates to user roles, suspension of accounts for departed employees, and auditing of access levels to maintain security compliance.
Companies with multiple domains can use this skill to synchronize user directories across different Google Workspace instances. It allows querying users by domain, migrating accounts between organizational units, and ensuring consistent settings for subsidiaries or acquired businesses.
Compliance teams can generate reports on user activities, login times, and administrative changes. The skill facilitates extracting user data, filtering by suspension status or admin roles, and monitoring for unauthorized access to meet regulatory requirements.
Developers can integrate Google Workspace user management into custom applications like CRM or project management tools. The skill provides API endpoints to create, update, or delete users programmatically, enabling seamless data flow between systems.
MSPs can offer Google Workspace administration as a service to multiple clients, using this skill to manage users, groups, and settings across different domains. It enables scalable billing based on user counts or administrative actions, with automation reducing manual overhead.
Companies can develop internal tools for IT teams to automate user lifecycle management, such as onboarding/offboarding workflows. The skill reduces operational costs by minimizing manual admin tasks and integrating with existing HR or identity systems.
Platforms can expose this skill's capabilities to developers through a managed API, charging for usage based on request volume or features. It simplifies OAuth management and provides a reliable gateway for building apps that interact with Google Workspace.
💬 Integration Tip
Ensure MATON_API_KEY is securely stored in environment variables and use the Maton-Connection header to manage multiple Google Workspace instances, especially in multi-tenant applications.
Google Workspace CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs.
Query Google Places API (New) via the goplaces CLI for text search, place details, resolve, and reviews. Use for human-friendly place lookup or JSON output for scripts.
Search for places (restaurants, cafes, etc.) via Google Places API proxy on localhost.
Gmail, Calendar, Drive, Docs, Sheets — NO Google Cloud Console required. Just OAuth sign-in. Zero setup complexity vs traditional Google API integrations.
Google Drive API integration with managed OAuth. List, search, create, and manage files and folders. Use this skill when users want to interact with Google D...
Google Sheets API integration with managed OAuth. Read and write spreadsheet data, create sheets, apply formatting, and manage ranges. Use this skill when users want to read from or write to Google Sheets. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).