# Gmail

Gmail (opens new window) is a popular email service used by both consumers and businesses alike.

The Gmail connector enables you to build powerful automation around Gmail and connect with other applications.

# API version

The Gmail connector uses the Gmail REST API v2 (opens new window).

# How to connect to Gmail on Workato

The Gmail connector supports OAuth2.0 and service account for authentication.

TIP

The minimum scopes required to successfully establish a connection are:

  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/gmail.labels
  • https://www.googleapis.com/auth/gmail.send

If "read email permission" is set to Yes, we will also request for the following permissions:

  • https://www.googleapis.com/auth/gmail.readonly
  • https://www.googleapis.com/auth/gmail.modify

Lastly, if you're connecting via service account, you will need to ask your Google Workspace Admin to grant the service account domain-wide authority delegation (opens new window) with the necessary scopes and permission to impersonate the user email entered during connection setup.

# OAuth2.0

When prompted, follow the on-screen connection instructions and login to your Google account to connect.

Based on Google's updated security policies, Gmail triggers or download attachment actions can only be used by paid G Suite accounts. Before you link your account, and if you intend to use the Gmail New email trigger or Download attachment action, you must add Workato's Gmail connector app to the allowlist, and grant it read permission. The following section will guide you through the required steps.

# Service Account

You can also authenticate to Gmail using a Google Cloud service account. A service account is a special type of Google account that is associated with your Google Cloud Project that can be used to run API requests on your behalf. Service accounts can be used in Gmail to ensure that the solution will continue running even if individual users' permissions change. Read more about service accounts here (opens new window).

To create a service account, you need to log into your Google Cloud Platform (GCP) console. Follow the guide here (opens new window) to create a new service account in your GCP project. Follow this guide (opens new window) to add a new private key and download the key in JSON format. Note that after you download the key file, you cannot download it again.

Getting GCP Project service account email

Input field Description
Connection name Name of the connection
Location Where the connection is organized inside your project
Authentication type Choose "Service account" to authenticate using a Google service account
GCP project service account email The email address of the service account
Private key Enter the private key obtainable from the downloadable JSON. Include both the -----BEGIN PRIVATE KEY----- to -----END PRIVATE KEY-----\n
User email The email address of the user account to impersonate. Workato will perform actions on behalf of the impersonated email via the authenticated service account
Read email permission Based on Google's updated security policies, Gmail triggers or download attachment actions can only be used by paid G Suite account

TIP

Once authenticated, the service account will impersonate the user email entered during connection setup.

# Add Workato Gmail connector to the allowlist

Check out (opens new window) Google’s detailed instructions for managing OAuth-based access to connected apps. Below is a step-by-step guide for adding Workato Gmail Connector app for your GSuite account to the allowlist.

# Step 1. Login to the Admin Console of your Google Workspace

You must be signed in as a super administrator (opens new window) of your Google Workspace to complete the actions listed below.

Login to Google admin console Login to Admin Console of your Google Workspace

# Step 2. Navigate to the API controls in Security Settings

From the Admin console home, go to Security > API Controls. This might be located at the bottom of the page.

API permissions API Controls

# Step 3. Navigate to Manager Third-Party App Access

Select Trusted Apps Select Trusted Apps

Select "Configure new app" and "OAuth App Name Or Client ID" in the dropdown.

Trusted Apps Configure new app

Fill in the OAuth 2.0 Client ID for the Workato Gmail Connector.

763335457294-gp4359qrjgu7vl96eit0p2n725197oki.apps.googleusercontent.com

Fill in the OAuth 2.0 Client ID Fill in the OAuth 2.0 Client ID

Select the available OAuth client ID

Add to save changes Select the available OAuth client ID

Select the "Trusted" option for app access

Add to save changes Select trust level for the Workato app

Lastly, set Read email permission to Yes and select Link your account.

Select Yes for read email permission Select Yes for read email permission


Last updated: 5/17/2024, 2:35:03 AM