API

This method allows you to create and authenticate a mail server via your mail provider’s API.

  1. In the Mode field, select API.
  2. Select your Mail Provider from the available options: Microsoft or Google.
  3. In the From Address field, enter the email address that will be used to send out notifications, alerts, etc., from M365 Manager Plus.
  4. In the Admin Mail Address field, enter the email addresses, separated by commas, to which the email notifications must be sent.
  5. If your mail provider is Microsoft, provide the Tenant ID, Client ID, and Client Secret in the respective fields. In M365 Manager Plus, the Azure Cloud is considered the default Azure environment. You can modify the Azure environment settings by clicking the Choose the appropriate Azure environment link.

    6. Note: To learn how to find your Azure tenant ID, client ID, and client secret, click here.

  6. If your mail provider is Google, upload the JSON private key file.

    7. Note: To learn how to get your JSON private key file, click here.

  7. Click Save settings to save your mail server configuration.

Steps to find your Azure tenant ID, client ID, and client secret for API mail server configuration

  1. Log in to portal.azure.com.
  2. Open Azure Active Directory.
  3. Under Manage, click App registrations → New registration.

  4. Enter a Name of your choice and choose the Supported account types. (If you’re unsure about the supported account types, select Accounts in this organizational directory only.)
  5. Click Register to register the application.

  6. In the left pane, click API permissions → Add a permission.

  7. Click Microsoft Graph → Application permission.
  8. Search Mail and select the permission Mail.Send. Click Add permissions.

  9. Click Grant admin consent.

  10. Copy the Application (client) ID and Directory (tenant) ID displayed.
  11. In the left pane, click Certificates & secrets → New client secret.

  12. Provide a Description for the client secret. In the Expires field, choose the validity of the client secret and click Add.
  13. The client secret will be generated. Copy the string displayed under Value.
  14. You can now paste the client secret when configuring an Azure application in M365 Manager Plus.

Steps to download the JSON private key for API mail server configuration

  1. Log in to console.developers.google.com.
  2. Expand the left sidebar and click IAM & Admin.
  3. Open the Service Accounts page.
  4. In the dashboard, select any existing project or click New Project from the project dropdown list.

    5. Note: If you are selecting an existing project, skip to step 13.

  5. Click CREATE PROJECT.

  6. Enter the Project name and Location. Click CREATE.

  7. Click + CREATE SERVICE ACCOUNT button from the top navigation bar.

  8. Under Service account details, type a Service account name, Service account ID, and Service account description, then click CREATE AND CONTINUE.

  9. If required, you can also select the IAM roles to be granted to the service account using the Grant this service account access to project option.
  10. Click Save.
  11. If required, you can add the users or groups that are allowed to use and manage the service account.
  12. Click Done.
  13. Click the email address for the service account you created.
  14. Click the KEYS tab.
  15. In the ADD KEY dropdown list, select Create new key.

  16. Select key type as JSON.
  17. Click Create.

Your new public and private key pair will be generated and downloaded to your machine. Please keep the private key safe as this will be the only copy, and you cannot generate the same private key again.

Once you have downloaded the JSON private key, you’ll have to:

Enable Gmail API service

  1. Log in to console.cloud.google.com.
  2. Select the project you created from the dropdown menu.

  3. Click APIs & Services and choose + ENABLE APIS AND SERVICES.

  4. Select Gmail API and click Enable.

Delegating domain-wide authority to the service account

  1. Log in to the Google Workspace domain's Admin console as a super administrator.
  2. Navigate to Main menu → Security → Access and data control → API controls.
  3. In the Domain wide delegation pane, select MANAGE DOMAIN WIDE DELEGATION.

  4. Click Add new.
  5. In the Client ID field, enter the service account's client ID. You can find your service account's client ID on the Service accounts page.
  6. In the OAuth scopes (comma-delimited) field, enter Google Mail API's URI: (https://mail.google.com). You can also list other scopes that your application should be granted access to, by using commas as a delimiter to separate them.
  7. Click Authorize.

Your application now has the authority to make API calls as users in your domain (to impersonate users). When you prepare to make authorized API calls, specify the user to impersonate as.

Navigate to next Previous Topic Next Topic Navigate to next

Copyright © 2023, ZOHO Corp. All Rights Reserved.