⚙️ Securely call private Google Cloud Run APIs with JWT authentication (simplified)
⚡ 257 views · ⚙️ DevOps & CI/CD
Description
Who it’s for?
Anyone who wants a dead-simple, free-tier friendly way to run custom API logic on Google Cloud Run and call it securely from n8n—no public exposure, no local hosting.
What it does
Minimal flow: Set → JWT (sign) → HTTP (token exchange) → HTTP (call Cloud Run with Authorization: Bearer <id_token> ). No caching, no extras—just enough to authenticate and hit your endpoint.
How to set up
General instructions below—see my detailed guide for more info:
Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)
Setup:
- Create a Cloud Run service and enable Require authentication (Cloud IAM).
- Create a Google Service Account with Cloud Run Invoker on that service.
- In n8n, set
service_url,client_email,token_uri(https://oauth2.googleapis.com/token) in Set. - Create a JWT (PEM) credential from your service account key (paste the full BEGIN/END block).
- Run the workflow; the second HTTP node calls your Cloud Run URL with the ID token.
Requirements
- Cloud Run service URL (auth required)
- Google Service Account with Cloud Run Invoker
- Private key JSON fields downloaded from Service Account | needed to generate JWT credentials
More details
Full write-up (minimal + modular versions):
Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)
🔗 Nodes Used
HTTP Request, JWT
📥 Import
Download workflow.json and import into n8n:
Workflow menu → Import from File