Invoking Google Cloud Run Function

Hi Everyone, i am new here and i would really appreciate some help.
I have managed to deploy several workflows with no problem but i am struggling invoking a google cloud run function using the HTTP node. I have a self hosted n8n instance.

Problem

I want to invoke a google cloud run function using the HTTP node.

I set up the credentials for the HTTP node as Google Service account api. I followed the instructions in the documentation and i checked that the service account has the required permissions by invoking the function from the gcloud console authenticating as the service account. It worked fine.

From the HTTP node however i cannot invoke it as i get a 401 Unauthorized Error.
In the credentials i set up client email private key (pasted everything including the final \n) and included as scope the URL of the service in the form of https://SERVICE.run.app as explained here: Troubleshoot Cloud Run issues  |  Cloud Run Documentation  |  Google Cloud

Also, i can use a service account just fine to connect to, for example, google sheets.

Question

Is there something i am missing. Is invoking a cloud run function which requires authentication at all possible?

Thank you for all the help!

Hi! Yes, you can call an authenticated Google Cloud Run function using n8n’s HTTP Request node, but there are a few important things to keep in mind.

The Google Service Account credentials in n8n are made for Google APIs that work directly with service accounts (like Sheets or Drive). However, Cloud Run is a little different—it requires an ID token for authentication (not an OAuth2 access token), unless you’ve allowed unauthenticated invocations.

Here’s what’s happening:

• The HTTP Request node in n8n, even with Google Service Account credentials, generates OAuth2 access tokens, but Cloud Run expects an ID token instead.
• That’s why you might be seeing a 401 Unauthorized error—it’s the wrong kind of token for Cloud Run.

What you need to do:
To call a secured Cloud Run service, you’ll need to:

1. Generate an ID token for your specific Cloud Run service URL (this is called the “audience”).
2. Add that ID token as a Bearer token in your HTTP Request node’s Authorization header.

At the moment, n8n doesn’t natively generate ID tokens for custom audiences like Cloud Run. So, you’ll need to generate the ID token outside of n8n (for example, with a custom script using the google-auth-library, or by calling Google’s OAuth2 token endpoint directly), and then inject it into your HTTP Request.

In short:
The 401 error is happening because Cloud Run wants an ID token and n8n is sending an OAuth2 access token. It is possible to call authenticated Cloud Run services from n8n—you just need to handle generating and passing the right token yourself.

The steps to make this work as explained by Msquare_Automation are to use the service account key to generate a token and set the audience to the cloud function URL.

As i understand it however there is no way to do this natively in n8n as there is no way of generating the token without using a google cloud library.

What i ended up doing was to create a proxy cloud function which requires no authentication. I then built an authentication method handled by n8n inside this function (you can use basic auth for example). This function then handles the token exchange and calls the “deeper” cloud function. It then return the outcome of the deep function.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.