Skip to main content
Google Cloud Platform

Learn how to create a Google Cloud Platform integration to enable the use of Google steps in Torq automated workflows.

Updated over a month ago

To use Google steps in your workflows, you'll need to create a GCP service account and delegate authority to that account for the services (scopes) you want to use in Torq, for example, Drive, Vault, Workspace, etc. Google Steps requires a bearer token for authentication. For example, if you want to execute the Google Drive step List all files, you'll first need to execute the Google Drive step Generate a bearer token and use that token as an input parameter for the step List all files.

A bearer token is valid for one hour.

Configure a GCP Service Account

Perform these steps in your GCP console to create a service account with organization-wide access. If you want to access only an individual's information, follow this guide.

Create a Project

A service account needs to be created within a project. You can skip to the next step if you already have a project.

  1. Go to IAM & Admin > Service Accounts.

  2. Click CREATE PROJECT.

  3. Type a meaningful name for the project.

  4. Select the Organization.

  5. Select the Location.

  6. Click CREATE.

Create a Service Account and Credentials

  1. Go to IAM & Admin > Service Accounts.

  2. Click +CREATE SERVICE ACCOUNT.

  3. Configure the service account settings:

    • Enter a meaningful name.

    • Enter a description.

    • (Optional) Modify the service account ID. You can keep the default service account ID.

  4. Click DONE.

Add a Key for the Service Account

You should be directed to the Service Accounts page, where the service account you created should appear in the table.

  1. Locate the service account you created, and in the Actions section, click the menu icon.

  2. Select Manage keys.

  3. Click Add Key > Create new key.

  4. Select JSON and click CREATE.

  5. Save the file. You will use it when creating the GCP integration in Torq.

Enable GCP Domain-Wide Delegation

  1. Go to Service Accounts.

  2. Locate the service account you created, and in the Actions section, click the menu icon.

  3. Select Manage details.

  4. Under the DOMAIN-WIDE DELEGATION section in Advanced Settings, copy the client ID. You will need this when delegating domain-wide authority to the service account.

  5. Click View Google Workspace Admin Console and continue with the instructions in the next section.

Authorize the Service Account

For Torq to access your Google users' data (impersonating), you need to authorize the service account in your GCP admin console.

  1. Go to your Google Workspace domain's Admin console.

  2. Select Security > Access and Data control > API controls from the main menu.

  3. In the Domain-wide delegation pane, select Manage Domain-Wide Delegation.

  4. Click Add New.

  5. Paste the Client ID that you copied in the previous step.

  6. In the OAuth Scopes field, enter a comma-separated list of the scopes you want to use in Torq.
    Refer to the complete list of OAuth 2.0 scopes for Google APIs. For example, these are the scopes available for Gmail.

    • Use these scopes for read/write access to Gmail, Drive, Sheets, and Workspace:

      https://mail.google.com/,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.activity,https://www.googleapis.com/auth/spreadsheets,https://www.googleapis.com/auth/admin.directory.user.security,https://www.googleapis.com/auth/admin.directory.user,https://apps-apis.google.com/a/feeds/groups/,https://www.googleapis.com/auth/apps.alerts

  7. Click Authorize.

Enable APIs

After authorizing access to the services, you have to enable the API for each service.

  1. Go to your GCP console.

  2. From the main menu, select APIs & Services > Enabled APIs & services.

  3. Click + Enable APIs and Services.

  4. In the API Library, select the service for which you want to enable the API, for example, Gmail.

  5. Click Enable.

Create a GCP Integration in Torq

Perform these steps in Torq.

  1. Go to Build > Integrations > Steps > Google Cloud Platform, and click Add.

  2. Enter a meaningful name for the integration.

  3. Upload the credentials file (JSON) you generated in a previous step.

  4. Click Add.

Did this answer your question?