In the past few months, Google has become increasingly aggressive about allowing developers access to Gmail through its API. Recently, it has become clear that we as a company need to change how we interact with Gmail.
From the beginning, we need you to understand one thing about Gmail: it's email on training wheels; a free platform that includes basic organizational and storage features but which was never really designed or intended for use by professionals anywhere near the enterprise level. We have reached the point at which things become so obnoxious that, even when it's free, it's a bad deal. As a result of Google's recent decisions and a lot of other variables we're about to detail below, we must permanently part ways with Gmail by the end of the year.
You should know that this really isn't our decision to make, however, and we’re happy to furnish you with the details as to why. Basically (and you can read more about it here), under increased regulatory pressure from Congress, Google has decided that from now on, developer access to its API for Gmail is conditional upon what they're calling a "security audit." There are many consequences associated with this development, and not just for TCWorkflow.
API stands for Application Programming Interface, and it's just a tech term for the secret decoder ring or passcode that gets you into the clubhouse. APIs are neither inherently bad nor good, and in this case, to be clear, we're only talking about what's happening with the API for Gmail. In the past, Google had been handing out access (allegedly) pretty indiscriminately, to the point that some really bad actors came in and started manipulating the situation, using their access through the Gmail API to scan entire inboxes, harvesting them for addresses and data so that they could propagate phishing scams. Or worse. We're not arguing about that, because it's a problem for everybody. However, Congress got involved, issuing a subpoena to Google and ultimately finding that Google's policy about access to their Gmail API was getting out of control. Google has therefore decided that everybody in the clubhouse needs to either pay to prove who they are or get out. The problem is, they've chosen to go about it in perhaps the most ridiculous and arcane fashion imaginable.
The "security audit"
Google has decided that the only way to comply with Congress is to perform "security audits" on certain developers actively using the Gmail API. Further, only Google determines which firms will be required to undergo this additional scrutiny. Still further, these "security audits" are to be performed exclusively by companies Google chooses and authorizes. Sounds okay, right? Maybe. But because Google is so important, and because if anything unpleasant were to happen to it the sun would explode, there are only two firms in the whole world that the Goog actually finds trustworthy enough to perform a task of such awful magnitude. The price for an "audit" from one of these two (really just the managed deployment of a proprietary code-scanning tool; decidedly not worth even close to the asking price) is anywhere from $15,000 to $75,000, and potentially higher, at their sole discretion. We think that the price of an audit could be radically lowered if a little competition (or independent oversight) were to be introduced, but Google won't allow anyone else to play. If you asked us, we would say that it smells like Monopoly money, but nobody did. Oh, and did we mention that the audits must be performed annually? We didn’t mention that? Dang. We should have. Because these things matter.
Speculators opine that this little Gmail API security audit bugaboo is going to put a real damper on the developer community. We agree. There's nothing like the disincentive of a five-figure impost to throw cold water in the face of independent initiative. Sure, there are people out there abusing the Gmail API, but we've never been one of them. When the good guys have to pay the penalty and the bad guys walk, it's time to consider major course corrections. Thankfully, we are really good at making the smart move when it's time to do so.
Enter G Suite
These developments got us brainstorming about a workaround. It’s simply not an option for us to abandon our users. You depend on Gmail to keep your business running, and we want to continue leading the way in workflow automation and transaction management. As we considered all of this and more, the simplest solution became abundantly clear: G Suite.
Comparing Gmail to G Suite is like comparing a Chevy Tahoe to a Cadillac Escalade: They're the same thing, but the badges are different, and one simply does what it does so much better. If you're still using Gmail in a professional setting— still using it as a poor man's backup, patent-pending, and public notary— perhaps it's time to consider a more professional solution. Let's have a look at the four main benefits of switching to G Suite. At the end of this list, you're probably going to wonder why you haven't upgraded yet.
- Ownership. Instead of firstname.lastname@example.org, you get to use your own domain name. That means you'll get email@example.com, which is a huge step up in legitimizing your business, crafting a professional image that sets you apart from the crowd. You'll also be able to control all the files you share with everyone on your G Suite team, so if somebody leaves or gets canned, you don't have to track down both them and their laptop in the dark of night to recover what's yours. It's extremely haphazard in a corporate environment to grant access to documents created and maintained on a private Gmail account. G Suite, with the capability to build your accounts off your domain name and not Google's, is a huge advantage.
- Scalability. It's much easier to grow quickly when you don't have to download and upload documents all the time just to be able to share them, email them, or control access to them. G Suite gives you access to a host of apps and capabilities (like video conferencing and security and admin controls) that allow you to administrate your business the way you need to. Plus, in regard to compliance, and especially as you grow, G Suite is a proper business account that shows authorities you are in control of your operation. And your data.
- Backup. When you send stuff through Gmail, it's got a backup to the backup, right? Wrong. Stuff disappears in the black hole of the internet all the time, especially when you have a bajillion cooks in your kitchen. The best way to control your data is to control your data, and G Suite offers that possibility while Gmail does not. You'll have a company account with clear ownership tiers of all your documents and data, and you can back up all of it to another provider (like AWS, for instance) that is unaffiliated with Google. When you've got so much riding on your data, it's simply best practice to keep it well protected by siloing it off.
- Upgrading is easy. It's like flicking a switch, really, and you'll still have access to everything you have access to through Gmail, only you'll be doing things at the pro level. Think Chevy v. Cadillac. Click here for more detailed info. Gmail is free, sure, but anybody can trade at that level. G Suite starts at only $6 per user per month. As a cost of doing business at the pro level, that's ridiculously low.
Long story short, at a minimum of $15,000 just to get in the door as a developer, Google’s Gmail API has effectively been priced out of the market. It's the same story for a lot of other independent developers too. There is a better way, however. G Suite is more secure, more professional, and it has more features. And remember: Google's other APIs (Google Contacts, Google Drive, and Google Calendar) are still good to go, and nothing about your experience with these products will change with us. The only thing that's changing is Gmail, and as we said, it's not our choice to make. We're not gonna toe the line on a five-figure bill, we're not even kind of interested in passing that on to our customers, and we're especially not interested in playing ball with giants when there's a better move right in front of us.
Deadline To Switch: December 31, 2019
Our switch to G Suite, and a bunch of other tech stuff that’s under the hood, would no doubt bore the pants off of you. Essentially, the old Gmail and its API access are going away forever December 31. We strongly urge you to upgrade to G Suite well before that date. G Suite will be required for access to our system after December 31, 2019, but you'll want to go ahead with an upgrade as soon as you can.
Here’s the deal: The old system is untenable for us and absolutely must be phased out. We’re giving you time to transition, but really, the sooner the better. Switching to G Suite means you're migrating to a better experience. If you've not upgraded by December 31, because of liabilities with the Gmail API that are simply beyond our control, your account will be locked until you make the migration.
How to make the switch?
So, how do you make the switch from Gmail to G Suite? And what will it mean? Below is a video on how to launch your G Suite experience, and following that, a step by step guide with screenshots to assist you.
IMPORTANT: Enter the following Client ID when prompted: 1084955996800-gvgmuoern0kmrn8qpkve2r8514gnaa5m.apps.googleusercontent.com
Following is the step by step guide:
1. Login to G Suite, then locate and click on the Security icon ("Manage security features") on your admin control panel.
2. On your security page, find the API Permission link at the bottom.
3. Give TCWorkflow permission to access Gmail, Drive, Calendar, and Contacts.
4. Click the link at the bottom of the permissions page that says Trusted Apps.
5. Click the big yellow button on the Trusted Apps page.
6. Choose Web Application from the drop-down menu. In the OAuth2 Client ID field, enter the following value (copy and paste): 1084955996800-gvgmuoern0kmrn8qpkve2r8514gnaa5m.apps.googleusercontent.com
4. Click Add, then you're all done!
To sum up
We are changing the way you connect to email via Google. We must require you to upgrade to G Suite because we cannot use the Gmail API after December 31 without incurring heavy fees that would cripple our company and/or force us to raise rates too high. We believe, however, that making this change now will accrue to both you and us as a huge benefit through a more professional, secure connection.
Our philosophy around here is that whenever a door closes, there’s got to be another way. Challenges are opportunities, not the end of the road. In fact, they're just the beginning. And we’re glad you’re with us.