Marco Cassar

Workflows

Workflows by Marco Cassar

Sort by:

Securely call private Google Cloud Run APIs with JWT authentication (simplified)

## Who it’s for? Anyone who wants a dead-simple, free-tier friendly way to run custom API logic on **Google Cloud Run** and call it securely from n8n—no public exposure, no local hosting. ## What it does Minimal flow: **Set** → **JWT (sign)** → **HTTP (token exchange)** → **HTTP (call Cloud Run with `Authorization: Bearer <id_token>` )**. No caching, no extras—just enough to authenticate and hit your endpoint. ## How to set up General instructions below—see my detailed guide for more info: **[Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)](https://medium.com/@marcocodes/build-a-secure-google-cloud-run-api-then-call-it-from-n8n-88c03291a95f)** Setup: 1. Create a Cloud Run service and enable **Require authentication (Cloud IAM)**. 2. Create a Google **Service Account** with **Cloud Run Invoker** on that service. 3. In n8n, set `service_url`, `client_email`, `token_uri` (`https://oauth2.googleapis.com/token`) in **Set**. 4. Create a **JWT (PEM)** credential from your service account key (paste the full BEGIN/END block). 5. Run the workflow; the second HTTP node calls your Cloud Run URL with the ID token. ## Requirements - Cloud Run service URL (auth required) - Google Service Account with **Cloud Run Invoker** - Private key JSON fields downloaded from Service Account | needed to generate JWT credentials ## More details Full write-up (minimal + modular versions): **[Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)](https://medium.com/@marcocodes/build-a-secure-google-cloud-run-api-then-call-it-from-n8n-88c03291a95f)**

Automatic Google Cloud Run auth with JWT token management (sub-workflow)

## Who it’s for? Anyone calling a **Google Cloud Run** service from n8n who wants a small, reusable auth layer instead of wiring tokens in every workflow. ## What it does / How it works This sub-workflow checks whether an incoming `id_token` exists and is still valid (with a 5-minute buffer). If it’s good, it reuses it. If not, it signs a short-lived JWT with your service account, exchanges it at Google’s token endpoint, and returns a fresh `id_token`. It also passes through `service_url` and an optional `service_path` so the caller can hit the endpoint right away. (Designed to be called via **Execute Workflow** from your main flow.) ## How to set up - Add your **JWT (PEM)** credential using the service account **private_key**. - In **Vars**, set `client_email` (from your key) and confirm `token_uri` is `https://oauth2.googleapis.com/token`. - Call this sub-workflow with `service_url` (and optional `service_path`). Optionally include a prior `id_token` to enable reuse. ## Inputs / Outputs **Inputs:** `id_token` (optional), `service_url`, `service_path` **Outputs:** `id_token`, `service_url`, `service_path` ## Notes - Built for loops: pair with a Merge/Split strategy to attach `id_token` to each item. - Keep credentials in n8n **Credentials** (no keys in nodes). - Full write-up and context: **[Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)](https://medium.com/@marcocodes/build-a-secure-google-cloud-run-api-then-call-it-from-n8n-88c03291a95f)** — by Marco Cassar

Securely call Google Cloud Run APIs with service account auth (main-workflow)

## Who it’s for? Anyone who wants a simple, secure way to call a **Google Cloud Run** endpoint from n8n—without exposing it publicly. People who want a cheap/free-tier way to run custom API logic without hosting n8n or spinning up servers. Example: you’ve got scraping code that needs specific system/python libs—build it into a Dockerfile on Cloud Run, then call it as a secure endpoint from n8n. ## How it works This is a **conjunctive workflow**: the main workflow calls **Service Auth (sub-workflow)** to get a Google **ID token**, merges that auth with your context, then calls your Cloud Run URL with `Authorization: Bearer <id_token>`. Works great for single calls or looping over items. ## How to set up General instructions below—see my detailed guide for more info: **[Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)](https://medium.com/@marcocodes/build-a-secure-google-cloud-run-api-then-call-it-from-n8n-88c03291a95f)** Setup: 1. Create a Cloud Run service and enable **Require authentication (Cloud IAM)**. 2. Create a Google **Service Account** and grant **Cloud Run Invoker** on that service. 3. In n8n, import the workflows and update the **Vars** node (`service_url`, optional `service_path`). 4. Create a **JWT (PEM)** credential from your service account key, then run. 5. Make sure to read the **sticky notes** in the workflows—they contain helpful pointers and optional configurations. ## Requirements - Cloud Run service URL (auth required) - Google Service Account with **Cloud Run Invoker** - Private key JSON fields downloaded from Service Account | needed to generate JWT credentials ## How to customize Change the HTTP method/path/body in **Cloud Run Request**, or drop the **Service Auth (sub-workflow)** into other workflows to reuse the same auth pattern. ## More details Full write-up (minimal + modular flows), screenshots, and more: **[Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)](https://medium.com/@marcocodes/build-a-secure-google-cloud-run-api-then-call-it-from-n8n-88c03291a95f)** — by Marco Cassar