I've read through all of the relevant pages in the Admin ADK Directory API documentation and several questions on stackoverflow, and I'm still stuck.

I'm trying to use Google Apps Script (container-bound within the Script Editor of a Google Sheet) to create a group. I am the super admin of my Google Apps domain, and the scripts will be running as me.

Here's what I did in the Script Editor so far:

1. Went to Resources - Advanced Google Services... - turned on the Admin Directory API

2. Clicked the link below that for the Google Developers Console and enabled the Admin SDK

3. Took working code that I have which I use to set user's email signatures (which was adapted from this blog post, and modified it for creating groups instead:

   function createGroupTest() {
   
     var t = new Date();
     t = t.getTime();
   
     createGroup("AAA Test Group " + t, "aaa.testgroup." + t + "@mydomain.com" , "test@mydomain.com", "test");
   
   }
   
   function createGroup(groupName,groupEmail,owner,description) {
   
     var requestBody = '{"email": "'+groupEmail+'","name": "'+groupName+'","description": "'+description+'"}';
   
     var scope="https://www.googleapis.com/auth/admin.directory.group";
     var fetchArgs=googleOAuth_("Groups",scope);
     fetchArgs.method="POST";
     fetchArgs.contentType="application/json";
     fetchArgs.payload=requestBody;
   
     var url = 'https://www.googleapis.com/admin/directory/v1/groups';
   
     UrlFetchApp.fetch(url, fetchArgs);
   
   }
   
   
   function googleOAuth_(name,scope) {
     var oAuthConfig = UrlFetchApp.addOAuthService(name)
     oAuthConfig.setRequestTokenUrl("https://www.google.com/accounts/OAuthGetRequestToken?scope="+scope);
     oAuthConfig.setAuthorizationUrl("https://www.google.com/accounts/OAuthAuthorizeToken");
     oAuthConfig.setAccessTokenUrl("https://www.google.com/accounts/OAuthGetAccessToken");
     oAuthConfig.setConsumerKey(consumerKey);
     oAuthConfig.setConsumerSecret(consumerSecret);
     return {oAuthServiceName:name, oAuthUseToken:'always'};
   }
   

When I run that, I get this response:

Request failed for returned code 403. Truncated server response: { "error": { "errors": [ { "domain": "usageLimits", "reason": "dailyLimitExceededUnreg", "message": "Daily Limit for Unauthentica... (use muteHttpExceptions option to examine full response) (line 60, file "Main")

When I add fetchArgs.muteHttpExceptions=true; the error output changes to Failed to authenticate for service: Groups.

Figured it out:

1. Went to Resources - Advanced Google Services...
2. Clicked the link for the Google Developers Console
3. Clicked on the Credentials section in the sidebar
4. Clicked Create New Key under Public API access
5. Clicked Browser Key
6. Added "?key=" followed by the key that it generated to the end of the url string

So the complete url string looked like this:

var url = 'https://www.googleapis.com/admin/directory/v1/groups?key=XXXXXXXXXXX-XXXXXXXXXXXXX-XXXXXXXXXXXXX';