Google API List Delegates and API that are available to service accounts only

Describe the issue/error/question

So, what i wanted to achieve is list delegates per user within the given google workspace domain (over 5k users) and display a report to slack. Every point of my workflow does work as intended apart from the google api request itself:

This API is only accessible via a domain wide delegated service account and gmail node is not covering this endpoint, also google oauth2 api with service account credential setting is not available to http request node.

İ have found a way to work around it through apps script http request using impersonation but apps script itself is what i am trying to get away from to begin with due to limitations.

Is there any way at all to achieve this purely on n8n nodes without any impersonstion need? This is also something GAM does thru api without impersonation but i have no idea how.

Not only this, but there are many api enspoints that work only with service accounts in general.

Thank you,

Information on your n8n setup

  • **n8n version: 0.209.4
  • **Database you’re using (default: SQLite):SQLite
  • **Running n8n with the execution process [own(default), main]: Main
  • **Running n8n via [Docker, npm,, desktop app]: Desktop

Hey @Svedriall,

Welcome to the community :cake:

It looks like using the service account is trickier than a normal credential which could be why it is not available to the HTTP Request node. One thing you could try is manually building out the token generation request with a code node and some HTTP request nodes to get the value.

Another possible option if you have GAM installed on the same machine as n8n is use the execute command node to run the gam command.

Hi @Jon ,

I’ve looked into doing it that way and it was very, very complex and didn’t seem feasible at a first glance (Using OAuth 2.0 for Server to Server Applications  |  Authorization  |  Google Developers). It’d be more than welcome to understand your ideas behind this model and if it can be somehow implemented through n8n in general.

Currently, I’m doing an assesment on local but our n8n instance will live on cloud and our GAM instance is already on cloud as well. So I haven’t gotten to making n8n talk to GAM yet but that’s something I think of exploring as well.

Thank you again and I’m looking forward to your insight on S2S Service Account issue.

Hey @Svedriall,

The bit needed is on that page for making API calls with HTTP / REST it has a bit of information on what needs to be done but it won’t be easy.

You would need to make the JWT to send to then get the token back that you can use in the next node, I suspect using the code node would be needed for that. The way we do this internally if a code example is needed can be found here: n8n/GenericFunctions.ts at master · n8n-io/n8n · GitHub although some tweaks would need to be made and it won’t be a 5 minute job.

Thank you for the responses and guidance. I’m going to dig into this a bit more but I don’t have high hopes that I’ll be able to achieve this to be perfectly honest.

I see that GMail node’s scopes do actually cover the endpoint for users.settings.delegates.list as well, would that be possible to somehow inherit that function for another call or is it really necessary to build the token generator from scratch with a code node?

Hey @Svedriall,

As the token needs to be created you would need to make the generator but in theory the code we have might mostly work as it is. Another option could be to copy the gmail node and add in what you need and run your own version of it as a community node.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.