Search code examples
google-apigoogle-oauthgmail-apidelegationgoogle-api-nodejs-client

Gmail API domain-wide delegation

I am using Gmail API and I am trying to fetch emails from all users under company. But when I run code such as:

function runAPI(auth) {
  var gmail = google.gmail('v1');
  gmail.users.threads.list({auth: auth, userId: '108800016305523828361'},'',function(err, response){
    if (err) {
      console.log("The API returned an error: " + err);
      return;
    }
    var threads = response.threads;
    console.log(threads);
  })
}

I get error:

The API returned an error: Error: Delegation denied for xxxx@xxxxx.com

In admin console I did this:

enter image description here

As client name I used id from the client_secret.json file. And for scope, I gave it all permissions.

How do I properly setup domain wide delegation for Gmail API ?

Solution

  • The setup is fine, however in your code you're doing it wrong.

    This code:

    gmail.users.threads.list({auth: auth, userId: '108800016305523828361'},'',function(err, response)

    specifically.

    userId should be "me" however before you can call the Gmail API you need to use the service account "JWT flow" in your code to retrieve an oauth2 credential for the Gmail user you want to access as described in the Preparing to make an authorized API call service account domain-wide delegation doc.

    Specifically this uses your service account's private key to request to get a credential for the user you desire (set the user's email in your domain that you want to access in the setServiceAccountUser(user@example.com) function in the request). Then you can use that GoogleCredential in your call to the Gmail API.