# Gmail
Gmail (opens new window) is a popular email service used by both consumers and businesses alike.
The Gmail connector enables you to build powerful automation around Gmail and connect with other applications.
# API version
This connector uses Gmail API v1 (opens new window).
# How to connect to Gmail on Workato
The Gmail connector supports OAuth2.0 and service account for authentication.
TIP
The minimum scopes required to successfully establish a connection are:
https://www.googleapis.com/auth/userinfo.emailhttps://www.googleapis.com/auth/gmail.labelshttps://www.googleapis.com/auth/gmail.send
If "read email permission" is set to Yes, we will also request for the following permissions:
https://www.googleapis.com/auth/gmail.readonlyhttps://www.googleapis.com/auth/gmail.modify
Lastly, if you're connecting via service account, you will need to ask your Google Workspace Admin to grant the service account domain-wide authority delegation (opens new window) with the necessary scopes and permission to impersonate the user email entered during connection setup.
# OAuth2.0
When prompted, follow the on-screen connection instructions and login to your Google account to connect.
Based on Google's updated security policies, Gmail triggers or download attachment actions can only be used by paid G Suite accounts. Before you link your account, and if you intend to use the Gmail New email trigger or Download attachment action, you must add Workato's Gmail connector app to the allowlist, and grant it read permission. The following section will guide you through the required steps.
# Service Account
You can also authenticate to Gmail using a Google Cloud service account. A service account is a special type of Google account that is associated with your Google Cloud Project that can be used to run API requests on your behalf. Service accounts can be used in Gmail to ensure that the solution will continue running even if individual users' permissions change. Read more about service accounts here (opens new window).
To create a service account, you need to log into your Google Cloud Platform (GCP) console. Follow the guide here (opens new window) to create a new service account in your GCP project. Follow this guide (opens new window) to add a new private key and download the key in JSON format. Note that after you download the key file, you cannot download it again.
| Input field | Description |
|---|---|
| Connection name | Name of the connection |
| Location | Where the connection is organized inside your project |
| Authentication type | Choose "Service account" to authenticate using a Google service account |
| GCP project service account email | The email address of the service account |
| Private key | Enter the private key obtainable from the downloadable JSON. Include both the -----BEGIN PRIVATE KEY----- to -----END PRIVATE KEY-----\n |
| User email | The email address of the user account to impersonate. Workato will perform actions on behalf of the impersonated email via the authenticated service account |
| Read email permission | Based on Google's updated security policies, Gmail triggers or download attachment actions can only be used by paid G Suite account |
TIP
Once authenticated, the service account will impersonate the user email entered during connection setup.
# Add Workato Gmail connector to the allowlist
Check out (opens new window) Google’s detailed instructions for managing OAuth-based access to connected apps. Below is a step-by-step guide for adding Workato Gmail Connector app for your GSuite account to the allowlist.
# Step 1. Login to the Admin Console of your Google Workspace
You must be signed in as a super administrator (opens new window) of your Google Workspace to complete the actions listed below.
Login to Admin Console of your Google Workspace
# Step 2. Navigate to the API controls in Security Settings
From the Admin console home, go to Security > API Controls. This might be located at the bottom of the page.
API Controls
# Step 3. Navigate to Manager Third-Party App Access
Select Trusted Apps
Select "Configure new app" and "OAuth App Name Or Client ID" in the dropdown.
Configure new app
Fill in the OAuth 2.0 Client ID for the Workato Gmail Connector.
763335457294-gp4359qrjgu7vl96eit0p2n725197oki.apps.googleusercontent.com
Fill in the OAuth 2.0 Client ID
Select the available OAuth client ID
Select the available OAuth client ID
Select the "Trusted" option for app access
Select trust level for the Workato app
Lastly, set Read email permission to Yes and select Link your account.
Select Yes for read email permission
Last updated: 1/11/2024, 5:16:00 AM