INTEGRATED EMAIL MANAGEMENT SYSTEM BASED GOOGLE APPLICATION PROGRAMMING INTERFACE USING OAUTH 2.0 AUTHORIZATION PROTOCOL

Google Apps is a service provided by Google that allows users to use Google products with their own domain names. Among the products offered by Google Apps are email (Gmail), Docs (Google Drive), and Classroom services. In addition, Google Apps also provides Application Programming Interface (API) services that can be used by developers to take advantage of various features provided by Google. Universitas Ubudiyah Indonesia (UUI) is one of the universities that use Google Apps service for managing student emails. At present, UUI student email management through Google Apps is still not integrated with academic information system data. As a result, UUI must allocate special resources for managing student emails manually. Based on these problems, this study proposes an integration system for UUI student email management using the Google Apps API. This system is designed using PHP programming. The Google Apps API authentication method uses OAuth 2.0. The results of this study indicate that student email management on Google Apps can be done through campus academic information systems. With this system, students can activate email independently without having to be registered manually to the Google Apps page by the campus email managers.


Introduction
Google Apps is a service that allows users to use various Google products using custom domain names. Google Apps provided some services such as email, classroom, calendar, google drive and site services. In addition, Google Apps also provides Application Programming Interface (API) that can be used by application developers to access various services provided by Google (Treude & Aniche, 2018). API is a collection of commands/functions that can be utilized so that a system can interact with other systems (Lensakom, 2016).
Universitas Ubudiyah Indonesia (UUI) is one of the universities that use Google Apps for student email services. At present, the email management of UUI campus has not been integrated with the campus academic information system so the data of student email users must be manually registered into the Google Apps portal. This situation requires the campus to allocate special time and resources in order to manage student email data. With the increasing number of students, of course, time and resources required to do so will be even greater in the future.
Based on these problems, this study proposes a design for UUI student email management integration system using the Google Apps API. This system development uses PHP programming and MySQL database (database used in UUI academic information systems). PHP is the most popular web-based programming language in use today (W3Techs, 2019). PHP is included in the server-side scripting programming language that can be used for web-based application development (Munadi, Musliyana, Arif, Azmi, & Syahrial, 2016;Zuhar Musliyana, Arif, & Munadi, 2016). As well as MySQL which is an open-source and also has a large user community (Perkasa & Setiawan, 2018;Tongkaw & Tongkaw, 2017). The Google Apps API authentication method used in this study is OAuth 2.0 (Xie, Huang, Yang, & Yang, 2016) The results of this study indicate that the proposed system can handle the process of managing student emails integrated with UUI academic information system data. The system designed can integrate email services from Google Apps with the campus academic information system so students can activate email independently without having to be manually registered to the Google Apps page by the campus email managers.

Theoretical Basis
This section will explain some related theoretical bases from similar studies that have been carried out and also from other related literature regarding problems and solutions proposed in the study.

Google API Services
Google is a top information technology company. It is also one of the successful company with its innovations through the Loon project for spreading internet networks to remote areas a few years ago (Zulfan & Chaidir, 2016). In the digital field, Google provides many services, including API provided by Google Framework. Currently, Google provides various APIs that can be used by users/application developers to be able to use Google services through third-party applications such as email services, Google Maps, Google Classroom, and Google Docs (Hairah & Budiman, 2017;Treude & Aniche, 2018).
API is a collection of program/function codes that serve as a connector between applications, both the same and different platforms (Hradil & Sklenák, 2017;Lensakom, 2016). API services can be used by writing certain syntax/commands through programs provided by providers to be able to access certain services provided. In more detail, the concept of API can be seen in figure  1.

The Protocol of OAuth2
OAuth is the industry-standard protocol that focuses on providing thirdparty application authorization services to access resources stored on servers (Xie et al., 2016). This protocol continues to be developed starting from the first version until the version which is widely used now, i.e. OAuth2. OAuth server works by authenticating and authorizing (Ferry, Raw, & Curran, 2015;Jung & Jung, 2017). If both processes are successful, the client will be given a token code by the OAuth server. Then the client can access the data source provided by the Resource Server using token access via an API.
Resource Server in the OAuth2 protocol consists of several parts, namely Authentication Components, Consent Components, and Token Management (Febrian, 2017).
1. Authentication Component is the component that is responsible for providing the login page to the user.
2. Consent Component is the component to provide approval information for third-party applications to access information from users. 3. Token Management is the component that provides a function to check/validate token code that has been provided by the OAuth Provider to users. The working of OAuth2 can be easily understood through the Grant Type scheme. This scheme explains the mechanisms of access provision to resources on a server as shown in figure 2 (Febrian, 2017)  In Figure 2, there are several stages in the mechanism of OAuth2 Grant Type, namely: 1. Authorization Code At this stage, the client/user will send an authorization code request via the '/auth' endpoint. The purpose of this process is to get token code access 2. Get the Token At this stage, client/user requests to get access to the token code which can later be used to access resource. This process is done by making requests via endpoints/tokens using the POST method via HTTP basic. Data sent via HTTP basic at this stage are username and password of the client (third party application) and also the authorization code parameter (which is obtained at the first stage). Furthermore. OAuth server will check the validity of the data sent by the client, if it is a valid client, then will get access from the OAuth server.

Use the Token to Access a Resource
At this stage, the client/user accesses the resource using the token that was provided at the previous stage. Access is done through the endpoint address using GET or POST methods, according to the service provided by Resource Server. In the next process, the Resource Server will check the validity of the token sent by the client by sending it to the OAuth server.
OAuth server will check the token code and send the results to the resource server. Furthermore, if the results are valid, the resource server will provide access to the information needed client.

PHP
PHP is a programming language that can be used to design a dynamic website (W3Techs, 2019). This programming language requires a server to compile a program so that it is categorized into server-side scripting programming language (Z. Musliyana, Dwipayana, Helinda, & Maizi, 2018). PHP PHP is the programming language designed for web development and can also be used as a general programming language Zuhar Musliyana et al., 2016). This language is managed by The PHP Group and developed by Rasmus Lerdorf.

MySQL Database
MySQL is a type of database that falls into the Relational Database Management System (RDBMS) category that can be used to manage databases using Structured Query Language (SQL) (Perkasa & Setiawan, 2018;Tongkaw & Tongkaw, 2017). The characteristic of this database that becomes the main concept in the database is that the process of selecting or inputting data can be done easily.

Methodology
This section will explain the system design scheme and the system design stages which consist of designing Data Flow Diagrams (DFD) and Entity Relationship Diagrams (ERD). The next stage is the implementation and testing of the system.

System Design Scheme
The system design scheme proposed in this study can be seen in Figure 3. In figure 3 the proposed system scheme consists of email portal application (client) which is in charge of requesting access to resources (student email data) on google apps through API with OAuth2 authentication using the credential account of student email manager. This process occurs in accordance with the OAuth2 grant type flow mechanism described in the previous section, i,e the request to obtain authorization code, token and the use of the token to access resources on google apps.
After successfully passing OAuth2 authorization and authentication, then the client can make a request for student email data management by sending a request to Google API endpoint that has been provided. When conducting the activation/email creation process via API, the client will check students' identities in the academic database for validation purposes. After the process is successful, the client will save the data in the database of email portal application.

Data Flow Diagram (DFD)
In this study, DFD design is designed to make system modelling based on data flow. This design can be seen in Figure 4.   In Figure 5, email management proposed in this study consists of three main processes, namely creating an email, activating email and changing the email password. All three processes involve both entities, manager and students. But the difference in the data flow is that student entity can only carry out activities to manage student-related data. Unlike the admin entity that can manage email data for all student data.

Entity Relationship Diagram (ERD)
ERD is modelling designed to describe the relationship of data in the system proposed in this study. This ERD diagram consists of three main entities, namely manager, students and email. Relationships between these three entities are defined in the related form, as shown in Figure 6.  Figure 6, the entities of students, faculty, and department are those whose data sources come from the database of UUI campus academic information system. The entities of department and students have a one-to-many relationship where each department has many students. Meanwhile, the entities of faculty and department also have a one-to-many relationship where each faculty can have several departments in it. While the entities of email and manager are additional ones that are added to store the system manager data and student email account information data which will be synchronized to google apps using API.

System Testing Mechanism
At this stage, several related tests will be conducted to evaluate the integration mechanism of Google API proposed in this study, including: 1. The test of Google API 2. The test of data integration of academic information system with the proposed system which includes the student email management by the manager as well as independent email management by students.

Results and Discussion
The Google API test was carried out to ensure all functions provided in API can run properly to minimize errors when implemented on the system.

Integration Results of Google API with academic information system data
The integration of Google API and the system was done to facilitate the manager and students in managing email through the Graphical User Interface (GUI). The results of system design with the integration of Google API and academic information system data can be explained as follows. a. Create new email The part of this function is used to create new student email that will later be sent to Google Apps via API. The interface for making student email via this system can be seen in Figure 9.  Figure 9 is an interface for the process of creating a student email. In figure 8, the student email address that will be created is tes12_api@student.uui.ac.id. After the data is saved and the process is successful, then tes12_api@student.uui.ac.id can be used as shown in Figure 10. This facility provides a function to change student email passwords and also delete email data as shown in Figure 11. Through this service, students can register email independently via a link for email as shown in Figure 12. This facility can be used by students to change their e-mail login password at any time. This interface of this function can be seen in Figure 13 .

System security discussion
Although the proposed system uses the OAuth2 protocol which is widely used today, the security issue is the important thing that needs to be studied. Currently, there are similar studies that discuss safety in OAuth2, including security against phishing (Xie et al., 2016). OAuth2 is a protocol that uses an authentication and authorization process to be able to access data resources.
As in the case study discussed in this study, to be able to manage student email through the campus academic data portal application (third party apps), an email account that has a role/ right to access an email manager on google apps is needed. This account is used to send an access request to student email data resources on google apps via the OAuth2 protocol.
The issue of phishing attacks on OAuth2 occurs on the client-side, namely the method of getting a user an email password that has a role as an account manager on google apps with a certain method. After getting an account, the attacker can send a request to the OAuth2 protocol to get student email data information. Therefore, in this case, third-party apps must be able to provide additional security methods to client's OAuth2 email account, for example, through encryption or other methods. It also needs studies through further research to examine the security issues in the OAuth2 protocol.

Conclusions
Below are some conclusions from this research were the system proposed in this study can be integrated with academic information system data so that students can manage their email accounts independently. And then with this system, student email management can be done quickly and easily without having to manually register email accounts into Google Apps portal so that the process of managing student email becomes more efficient.