I've just worked through the Gmail API guide on how to sync client applications with a mail account.
https://developers.google.com/gmail/api/guides/sync
What I'd like to know is, is it possible to access messages etc. at a company level, rather than just an individual account? If so, what is the recommended approach to do so?
For instance the Users.messages.list method requires a userId (an email address). Is there an equivalent for company-level?
Thanks!
Hmm, well not messages at a company level but you can get whitelisted for access to the entire domain. That plus hooking into the Admin SDK Directory API to get the emails of everyone in a domain should basically do everything you want.
To get whitelisted for access to entire domain (so people don't have to individually authorize your app), the domain admin can whitelist your developer ID in cpanel for certain scopes for the entire domain. Then you app can simply assert a user's credential and get an Oauth2 token. You'll need a service account and deal with a public/private key pair. For the exact steps/details see: https://developers.google.com/accounts/docs/OAuth2ServiceAccount#formingclaimset
Note that, depending on your language, likely most of the crypto/low level work is already done for you. (I know in python there's a single SimpleJwtCredentialsAssertion (?) method that does pretty much all of it given a key and a username to assert.)