Using administrative access to impersonate other domain usersΒΆ


This feature is only available for Google Apps users. It is not available for Google consumer accounts (e.g. Gmail accounts.)

Usually, requests sent to the Documents List API are of the form:

In this case, default indicates to the API that it should act as the currently authorized user. For 3-Legged OAuth, AuthSub, and ClientLogin, it is obvious who the currently authorized user is, because the authorization token is only valid for a single user. When using 2-Legged OAuth, the user you’re authorized as for a request is specified by the xoauth_requestor_id URL parameter. This is only supported for active (non-suspended) users. If a user is suspended, it is not possible to authorize requests as that specific user via a URL that specifies default.

Administrative users may make API requests that act on behalf of other users in the same domain by replacing default in the API URL with the username of the user to impersonate (e.g. In order to utilize this feature, the request must be authorized as an administrative user of the same domain (e.g.


An example request URI to impersonate while authorized as using 3-Legged OAuth, AuthSub, or ClientLogin would look like this:


An example request URI to impersonate while authorized as using 2-Legged OAuth would look like this:


To send any of these requests while impersonating another user, you must set the xoauth_requestor_id on the client.

client =
client.xoauth_requestor_id = user@yourdomain
# All future requests will take place against the user
print client.GetResources()

Previous topic

Creating resources

Next topic


This Page