Classroom API - Cross Domain Enrollments

Question

   We have an integration that automatically creates Classrooms and enrolls students in Google Classroom by API.    When classes, students and teachers are under the same domain, we have no problem.

   However, in our company we have two domains. Students are in one domain (xxx.com) and teachers in another domain (aaa.com).    When enroll a user as a teacher (aaa.com) in a class created in the domain (xxx.com), we have the following error:

{"message": "The caller does not have permission", "domain": "global": "The caller does not have permission" "," reason ":" forbidden "}]," status ":" PERMISSION_DENIED "}}

   In Admin Console (admin.google.com), we configure white list in both domains.

   In developers panel (console.developers.google.com) we have already created the service accounts and released access to the Classroom API scopes in both Admin COnsole (admin.google.com - Security> Advanced settings> Authentication> Manage API client access)

When registrations are made through the Google Classroom interface, we have no problems, even with cross-domain.

Is there any way to perform this cross-domain integration by the classroom API?

Answer 1

You need to follow this help page - Control which classes users in your domain can join to let other domains join the class.

When you whitelist domains for Classroom, you’re allowing users in trusted domains to join classes in your domain. It also allows your users to join classes in the domains that you trust. For whitelisted domains to work properly in Classroom, the G Suite administrators of both domains need to make changes in the Google Admin console.

Subdomains and domain aliases aren't included when you whitelist a domain, so whitelist these separately if needed. For example, if you whitelist the domain abbeycollege.com, and then get abbeyschool.com, you need to whitelist abbeyschool.com to grant access to that organization, too.

Hope this helps.