# Gmail
Gmail (opens new window) is a popular email service used by both consumers and businesses alike. Users can access Gmail on the web and using third-party programs that synchronize email content through POP or IMAP protocols.
The Gmail connector enables you to build powerful automation around Gmail and connect with other applications.
# API version
The Gmail connector uses the Gmail REST API v1 (opens new window).
# How to connect to Gmail on Workato
Workato supports two types of connections to Gmail:
SERVICE ACCOUNT AUTHENTICATION
You can use a service account to authenticate without a personal user account. For consistent use, Workato recommends service account authentication.
# Minimum and default scopes
At a minimum, the See your primary Google Account email address scope is required to establish a connection.
If no scopes are specified, Workato requests the following by default:
- See your primary Google Account email address
- See and edit your email labels
- Send email on your behalf
- View your email messages and settings
- Read, compose, and send emails from your Gmail account
If connecting with a service account, ensure your Google Workspace Admin grants domain-wide authority delegation (opens new window) to the service account. This allows it to impersonate the user email entered during connection setup, with the necessary scopes and permissions.
# OAuth 2.0 authentication
Complete the following steps to set up an OAuth 2.0 connection:
Sign in to your Workato account and navigate to the project where you plan to add your Gmail connection.
Click Create > Connection, then select Gmail as your connection.
Provide a Connection name that uniquely identifies the Gmail connection instance.
Click the Authentication type menu and select OAuth 2.0.
Optional. Click Advanced settings and select additional OAuth 2.0 scopes. If left blank, the following scopes are requested:
- See your primary Google Account email address
- See and edit your email labels
- Send email on your behalf
- View your email messages and settings
- Read, compose, and send emails from your Gmail account
Click Sign in with Google and sign in to your Google account to complete the setup.
# Service account authentication
A Google service account is a specialized Google account associated with a Google Cloud Project (GCP) that can run API requests on your behalf.
Service accounts provide the following benefits:
- Continuous operation: Service accounts ensure that operations continue even if individual user permissions change.
- Dedicated permissions: Service accounts can only access projects that you share with them.
- Dedicated API quotas: You can manage a service account's API quotas through GCP and request quota increases directly from Google.
Refer to the Google service account documentation (opens new window) to learn more about service accounts.
Obtain a GCP Project service account email
# Set up a Google service account
Complete the following steps to set up a Google service account:
Create a service account (opens new window) in your GCP project.
Go to IAM & Admin > Service accounts. Ensure your dashboard is scoped to the project that contains your service account.
Check the scope of your dashboard.
Click the Email of the service account you intend to use.
Click the Email of the service account you intend to use.
Copy the service account's Email and save it to configure your connection later.
Copy the account's Email.
Go to the KEYS tab.
Generate a private key (opens new window) and download it in JSON format. You can only download the key once.
Open the JSON file, then copy the entire private key from -----BEGIN PRIVATE KEY----- to -----END PRIVATE KEY-----\n (inclusive) and save it to configure your connection later.
# Connect to a service account in Workato
Complete the following steps to set up a service account connection:
Sign in to your Workato account and navigate to the project where you plan to add your Gmail connection.
Click Create > Connection, then select Gmail as your connection.
Select the Service account option from the Authentication type drop-down menu and enter the following information:
| Connection field | Description |
|---|---|
| Connection name | Give this connection a unique name that identifies the Gmail connection instance. |
| GCP project service account email | Provide the service account's email address. |
| Private key | Copy and paste the private key obtained from the downloadable JSON. Include both the -----BEGIN PRIVATE KEY----- to -----END PRIVATE KEY-----\n |
| User email | Provide the email address of the user account to impersonate. Workato performs actions on behalf of the impersonated email through the authenticated service account. |
| OAuth 2.0 scopes | Select additional OAuth 2.0 scopes to request for this connection. When left blank, a default set of scopes is requested. |
Click Sign in with Google and sign in to your Google account to complete the setup.
SERVICE ACCOUNT USER IMPERSONATION
The service account impersonates the user email entered during connection setup after authentication is complete.
Last updated: 4/11/2025, 9:03:48 PM