A Developer’s Guide to G Suite Email Audit API

G Suite Email Audit API enables G Suite admins to audit a user's email, email drafts and archived chats. Also additionally, a domain admin can download a user's mailbox as well. This API can only be used for lawful purposes in accordance with one’s Customer Agreement. This API only applies to G Suite, Education, and ISPs accounts. It’s not used with a G Suite or Gmail account that is not hosted by the G Suite products.

It supports the Google Data API protocol. This conforms to the Atom Publishing Protocol (AtomPub) editing and publishing model. The AtomPub HTTP requests utilize the Representational Set Transfer (RESTful) design approach to the web services.

Audience

This document is intended for programmers or developers who need to write client applications that, for lawful auditing purposes, can audit a G Suite user's mailbox.

This document assumes that you are a G Suite domain administrator and that you know the general concepts behind the Google Data API protocol. It also assumes that you are familiar with your G Suite Admin console found at admin.google.com.

Email Monitors Management

A monitored email scenario includes 3 types of users. They are -

• Administrator — Any domain admin can create, retrieve, delete and update an email monitor using the Email Audit API monitor resource. Also, an admin can use the API to download the mailbox. These operations can only be done within the domain over which the admin has authority.

• Source user — The source user is the user who receives or sends messages that are being audited by the monitoring destination user. Any domain admin or account user can be a source user. The source user must be in the same domain as the administrator and destination user.

• Destination user — The destination user is the auditor who receives the audited email messages from the mailbox.

Destination users get access to Blind carbon copies (Bcc) of all incoming and outgoing email messages including inbound and outbound attachments, forwarded messages, and email messages sent from mobile devices.

As an option, a domain administrator can enable additional auditing features for the destination users. The optional features include auditing of saved email drafts, archived chats with other users who can be in or outside of the domain.

Even though the destination user receives a Bcc of the message, the Bcc association is not visible in the message headers that are accessible in the admin user's account.

Each audited email message is sent to the destination user as an email attachment. Also, the domain administrator can configure these messages to be either the messages or only the message headers.

This destination user must have an active email account in the monitored domain. This must be the same domain associated with the administrator and source user.

A destination user can be an administrator or a user within the domain. The users can switch roles to become a source user audited by another destination user who, in turn, receives copies of all audited email messages sent to the first destination user.

A domain admin creates one audited email monitor for one unique 'destination user - source user' pair. In other words, the audit relationship is one destination user to one source user. Each audit is done using an API monitor resource. Using multiple API monitors, a destination user can audit numerous users in the domain. Also, using multiple API monitors, many destination users can audit one source user.

Updating API Monitor

If an additional API monitor is created or an existing API monitor is updated for a 'destination user - source user' pair, the monitor which was the last created, supersedes any pre-existing monitors for this pair. Basically, this is how you update an API monitor.

Conclusion

Email has become an integral part of almost every business. While email is an incredibly powerful business tool, with the growth in its adoption and use, comes a number of issues which need to be addressed and potential risk which need to be assessed as well as mitigated. This is why performing an email audit is indispensable for any organization using email.

So with G Suite Email Audit API, it must be acknowledged that life of the admins has become much easier in terms of analyzing and auditing email messages of all users in the respective G Suite account.