Skip to main content

Cyware Orchestrate

Generate Credentials File for Gmail API

You must generate a credentials file to authenticate with the Gmail API. For more information on the usage of the credentials file, see Credentials File.

Steps

To generate a credentials file for Gmail API, do the following:

  1. Create a Project

  2. Create a Service Account and Add Keys

  3. Authorize Service Account to Access User's Data

Create a Project

You must create a project in the Google Cloud Console to manage APIs, permissions for Google Cloud resources, and more. For more information on creating projects in Google Cloud Console, see Create Projects.

Steps

To create a project in the Google Cloud Console, do the following:

  1. Sign in to the Google Cloud Console

  2. Click Select a Project and click New Project.

  3. Enter the project name, organization, and location. 

  4. Click Create.

Create a Service Account and Add Keys

You must create a service account and add keys to generate a credentials file. A service account is identified by its email address, which is unique to the account. For more information on service accounts, see Service Accounts.

Steps

To create a service account and add keys, do the following:

  1. From the main menu, go to the API and Services > Credentials.

  2. Click Create Credentials and select Service Account.

  3. Enter service account details such as service account name, service account ID, and service account description. 

  4. Click Create and Continue.

  5. (Optional) Grant the service account access to the project by selecting a role.

  6. (Optional) Grant users access to this service account.

  7. Go to Service Accounts and select the service account that you have created. 

  8. Go to the Keys tab and click Add Key.

  9. Click Create New Key, select the key type as JSON, and click Create. Download the generated file since you cannot recover the credentials later. 

Authorize Service Account to Access User's Data

As a super administrator, you must use domain-wide delegation to authorize the service accounts to access your users' data without requiring each user to give consent. For more information on domain-wide delegation, see Domain Wide Delegation.

Before you Start

  • Ensure that your Google Workspace account has super admin privileges.

  • Ensure that you have the client ID of the service account. You can find your service account's client ID in the service account page.

Steps 

To authorize the service account to access the user's data, do the following:

  1. Go to the domain administration panel and sign in with your super admin account.

  2. From the main menu, go to Security > Access and data control and select API controls.

  3. Click Manage Domain Wide Delegation and click Add New to add a new client ID.

  4. Enter the client ID of the service account and enter https://mail.google.com/ in the OAuth Scopes and click Authorize.