To use Google steps in your workflows, you'll need to create a GCP service account and delegate authority to that account for the services (scopes) you want to use in Torq, for example, Drive, Vault, Workspace, etc. Google Steps requires a bearer token for authentication. For example, if you want to execute the Google Drive step List all files, you'll first need to execute the Google Drive step Generate a bearer token and use that token as an input parameter for the step List all files.
A bearer token is valid for one hour.
Configure a GCP Service Account
Perform these steps in your GCP console to create a service account with organization-wide access. If you want to access only an individual's information, follow this guide.
Create a Project
A service account needs to be created within a project. You can skip to the next step if you already have a project.
Go to IAM & Admin > Service Accounts.
Click CREATE PROJECT.
Type a meaningful name for the project.
Select the Organization.
Select the Location.
Click CREATE.
Create a Service Account and Credentials
Go to IAM & Admin > Service Accounts.
Click +CREATE SERVICE ACCOUNT.
Configure the service account settings:
Enter a meaningful name.
Enter a description.
(Optional) Modify the service account ID. You can keep the default service account ID.
Click DONE.
Add a Key for the Service Account
You should be directed to the Service Accounts page, where the service account you created should appear in the table.
Locate the service account you created, and in the Actions section, click the menu icon.
Select Manage keys.
Click Add Key > Create new key.
Select JSON and click CREATE.
Save the file. You will use it when creating the GCP integration in Torq.
Enable GCP Domain-Wide Delegation
Go to Service Accounts.
Locate the service account you created, and in the Actions section, click the menu icon.
Select Manage details.
Under the DOMAIN-WIDE DELEGATION section in Advanced Settings, copy the client ID. You will need this when delegating domain-wide authority to the service account.
Click View Google Workspace Admin Console and continue with the instructions in the next section.
Authorize the Service Account
For Torq to access your Google users' data (impersonating), you need to authorize the service account in your GCP admin console.
Go to your Google Workspace domain's Admin console.
Select Security > Access and Data control > API controls from the main menu.
In the Domain-wide delegation pane, select Manage Domain-Wide Delegation.
Click Add New.
Paste the Client ID that you copied in the previous step.
In the OAuth Scopes field, enter a comma-separated list of the scopes you want to use in Torq.
Refer to the complete list of OAuth 2.0 scopes for Google APIs. For example, these are the scopes available for Gmail.Use these scopes for read/write access to Gmail, Drive, Sheets, and Workspace:
https://mail.google.com/,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.activity,https://www.googleapis.com/auth/spreadsheets,https://www.googleapis.com/auth/admin.directory.user.security,https://www.googleapis.com/auth/admin.directory.user,https://apps-apis.google.com/a/feeds/groups/,https://www.googleapis.com/auth/apps.alerts
Click Authorize.
Enable APIs
After authorizing access to the services, you have to enable the API for each service.
Go to your GCP console.
From the main menu, select APIs & Services > Enabled APIs & services.
Click + Enable APIs and Services.
In the API Library, select the service for which you want to enable the API, for example, Gmail.
Click Enable.
Create a GCP Integration in Torq
Perform these steps in Torq.
Go to Build > Integrations > Steps > Google Cloud Platform, and click Add.
Enter a meaningful name for the integration.
Upload the credentials file (JSON) you generated in a previous step.
Click Add.