Google Apps domain administrators can programmatically create and manage users, groups, nicknames and organization units using the Provisioning API.
Support for OAuth 2.0 in the Provisioning API allows Google Apps domain administrators to authorize access to the API without sharing their passwords. After the administrator agrees to grant access, an OAuth 2.0 token makes sure that an application gets access to the right scope of resources for API calls.
We have recently added a new sample to the Python client library to demonstrate authorization with OAuth 2.0 for an application combining the Provisioning API and the Email Settings API. This sample app iterates through each user on a domain and creates an e-mail filter to mark all messages from outside the domain as “read.” For a step-by-step walkthrough of the sample, have a look at our new article: OAuth 2.0 with the Provisioning and the Email Settings API.
We would be glad to hear your feedback or any questions you have on the Google Apps Domain Info and Management APIs forum.