Live data policy
Reports show connected data or a clear unavailable state.
This prototype now shows only live API results, locally imported settings, or explicit limitation messages. If Google does not expose a data source to this browser app, the related report says so instead of inventing metrics.
Quick start
Minimum path to real users and groups.
- Create a Google Cloud OAuth Client ID for a web application.
- Enable the Admin SDK API.
- Add this page origin to Authorized JavaScript origins. Use your Cloudflare Pages origin or a local HTTP origin such as http://127.0.0.1:8877.
- Paste the Client ID into Config > Google Auth, save, then Connect Google.
Users
Click Refresh data after connecting.
| Name | Status | Org unit | Last login | Created | Storage | ID | |
|---|---|---|---|---|---|---|---|
| No live user data loaded. | |||||||
Groups
Directory group inventory.
| Name | Description | Aliases | ID | |
|---|---|---|---|---|
| No live group data loaded. | ||||
Email Log Search limitation
Why this report is empty until a source is configured.
Google Workspace Email Log Search exists in the Admin Console and can export CSV/Sheets, but this browser app does not have a documented public API that returns the same message-level inbound inventory. This page stays empty until you connect a real source such as an exported CSV, BigQuery/Gmail log pipeline, or a backend service that you explicitly add.
Supported sources to add
Real-only options.
1. Import Email Log Search CSV exported from Admin Console.
2. Add a Cloudflare Worker/backend connector to a log store.
3. Use Gmail API per delegated mailbox only when your policy allows it.
Current records
No message source is connected.
0 records loaded. This is intentional.
Routing rule API status
What can be shown live from this static app.
The Admin SDK Directory and Reports APIs do not expose a simple browser endpoint for reading all Admin Console Gmail routing, default routing, content compliance, spam bypass, and gateway rules. This report will remain empty unless you import a rules export or add a privileged backend connector.
Routing rules
Real imported or connected rules only.
| Rule | Type | Scope | Action | Source |
|---|---|---|---|---|
| No routing rules loaded. | ||||
Mailing-list data source required
List-Unsubscribe headers are message metadata, not Directory data.
This page needs real Gmail message/header data or an Email Log Search export that includes enough sender/list metadata. Suspended account unsubscribe actions should stay delegated and auditable; the app will not re-enable accounts or impersonate users silently.
Admin activity events
Requires admin.reports.audit.readonly.
| Time | Actor | Event | Application | Raw summary |
|---|---|---|---|---|
| No live admin activity loaded. | ||||
Task queue
No tasks have been created.
0 tasks. Tasks will be created from actual API findings, imported logs, or user action.
Google OAuth settings
Stored only in this browser.
The Customer ID field is not your Workspace display name. Leave it as my_customer unless you know the exact ID from Google, such as C03dgdwre. If a value contains spaces, Glow GWS will use my_customer for API calls.
Setup instructions
For a superadmin browser profile.
1. In Google Cloud Console, create or select a project under your Workspace organization.
2. Enable Admin SDK API. This covers Directory and Reports endpoints used here.
3. Configure OAuth consent. For your own Workspace, choose Internal if available.
4. Create OAuth Client ID > Web application. JavaScript/browser apps use a Client ID, not a client secret.
5. Add Authorized JavaScript origins: your Cloudflare Pages origin, and any local HTTP origin you use for testing. file:// has no normal web origin, so use a local server or paste a token manually for file mode.
6. Add the scopes shown here to the consent screen. Workspace API access can also be blocked by Admin Console API controls until trusted.
7. Use my_customer or your Workspace customer ID, for example C03dgdwre. Do not use the display name such as Glow Church.
Email gateway
Configuration only; sending needs a backend/proxy to protect credentials.
Twilio SMS gateway
All required Messaging API fields.
Import / export
Works from file mode and Cloudflare Pages.
Export includes app settings and gateway structure, but replaces Google, Twilio, and email authentication values with examples. Import can load real authentication values when you deliberately provide them.
Current storage
Browser localStorage key.
API request and response log
Persists until cleared.
| Time | Method | URL | Status | Duration | Response / error |
|---|---|---|---|---|---|
| No API activity logged. | |||||