Salesforce to Google REST API Integration

Hi Dev!
Today I would like to introduce Salesforce to Google (Drive, Email, Calendar) REST API integration!
Below you can find step by step configuration.
Note: This article is an example only. You can adjust your requirements using Google APIs documentation.

Overview of REST API Architecture

1. Create App in Google Console

  1. Go to Google Cloud Platform and Log in.
  2. Select Create button to create a new Project (App) [Screen no.1]
  3. Select Project Name and click Create button. [Screen no.2]
  4. Select ENABLED APIS AND SERVICES [Screen no.3]
  5. Choose the needed API. [Screen no.4]
    In that tutorial, I chose Gmail API, Google Drive API, and Google Calendar API
  6. Go to OAuth consent screen. Add Application Name, add Application Logo (if needed) and what is a very important select scope. Scope defined what type of access your app can guarantee. [Screen no.8]
  7. Create credentials, choose for that OAuth client ID.
    Credentials are needed to connect our Google project with Salesforce. [Screen no.9]
  8. Select Web Application, add some Name, leave other fields blank. We don’t know Authorized redirect URLs yet. [Screen no.10]
  9. If everything goes good you should receive a client ID and client secret. [Screen no.11]
1. Create a new Project
2. Select Name and Create
3. Select ENABLED APIS AND SERVICES
4. List of APIs
6. Enable selected API
7. List of selected APIs
8. OAuth app
9. Create credentials
10. Select Web Application
11. Client ID and Client Secret

2. Configure Salesforce Auth. Provider

  1. In Salesforce go to Setup > Auth. Provider > New and select Open ID Connect
  2. Select Name, paste Consumer Key and Consumer Secret. You can find it in Credentials > OAuth 2.0 client IDs. [Screen no.13]
  3. Add endpoints:
    Authorize Endpoint URL > https://accounts.google.com/o/oauth2/v2/auth
    Token Endpoint URL > https://oauth2.googleapis.com/token
    Necessary google endpoints you can find here.
  4. As a default Scope use scopes defined in your google app. e.g emails.
  5. After saving you can find Callback URL in Salesforce Configuration section. Copy the link and paste it in your credentials (Credentials > OAuth 2.0 client IDs). [Screen no.15]
    Remember: “Domain must be added to the authorised domains list before submitting.
  6. Test your connection. Open Test-Only Initialization URL and OAuth-Only Initialization URL.
12. New Auth. Provider
13. Configure Auth. Provider
14. Callback URL
15. Callback URL in App credentials
16. Test connection

3. Create Named Credentials in Salesforce

  1. In Salesforce go to Setup > Named Credentials > New Named Credentials
  2. Select: [Screen no.17]
    Name
    URL – https://www.googleapis.com
    Identity TypeNamed Principal
    Authentication Provider – Auth. Provider defined in the previous step.
    Scope – Space-separated scopes defined in your google app. In my e.g I used https://mail.google.com/
    https://www.googleapis.com/auth/calendar
    https://www.googleapis.com/auth/drive
    Start Authentication Flow on Save – Check it to authorize to your google account.
  3. Authorize to your google account.
    IMPORTANT! We need to open an unsafe connection. [Screen no.18]
  4. Allow for access. [Screen no.19]
  5. If everything is ok, you should be authorized as a user. [Screen no.20]
  6. If you find ” The authentication provider didn’t provide a refresh token. If the access token expires, your org won’t be able to access this named credential. ” that means you don’t have refresh token logic.
    TIP You can add query string parameters to the base URL, if necessary. For example, to get a refresh token from Google for offline access, use https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force. You need the approval_prompt parameter to ask the user to accept the refresh action so that Google continues to provide refresh tokens after the first one.

    IMPORTANT! Go back to Auth. Provider and replace old Authorize Endpoint URL with a new one: [Screen no.21]
    https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force
  7. Check the connection once again. You should be able to see Authorized. [Screen no.22]
17. Configure Named Credentials
18. Authorization
19. Allow for access
20. Authorized as a user
21. New Authorization URL
22. Authorized

4. Remote Site Settings

To make callouts we need to add our endpoint to Remote Site Settings in Salesforce.

  1. Go to Setup > Remote Site Settings > New Remote Site
  2. Fulfill fields, as Remote Site URL use: https://www.googleapis.com [Screen no. 23]
23. Remote Site Settings

5. Make callouts!

Google Drive API
Google Calendar API
Google Mail API

Example code:

public with sharing class GoogleWebService {
     
    public static Http http = new Http();
    public static HTTPResponse response;
    public static HttpRequest request;

    public static void getProfile(String userEmail) {

        request = new HttpRequest();
        request.setMethod('GET');
        request.setEndpoint('callout:GoogleAPI/gmail/v1/users/' + userEmail + '/profile');

        response = http.send(request); 

        System.debug(response.getBody());
    }

    public static void getUserDrafts(String userEmail) {

        request = new HttpRequest();
        request.setMethod('GET');
        request.setEndpoint('callout:GoogleAPI/gmail/v1/users/' + userEmail + '/drafts');

        response = http.send(request); 

        System.debug(response.getBody());
    }

    public static void getMyCalendar() {
        
        request = new HttpRequest();
        request.setMethod('GET');
        request.setEndpoint('callout:GoogleAPI/calendar/v3/users/me/calendarList');

        response = http.send(request); 

        System.debug(response.getBody());
    }

    public static void getFile(String fileId) {

        request = new HttpRequest();
        request.setMethod('GET');
        request.setEndpoint('callout:GoogleAPI/drive/v3/files/' + fileId);

        response = http.send(request); 

        System.debug(response.getBody());
    }
}

In anonymous apex

GoogleWebService.getProfile('youremail@gmail.com');
GoogleWebService.getUserDrafts('youremail@gmail.com');
GoogleWebService.getMyCalendar();
GoogleWebService.getFile('fileId');

Resources

Was it helpful? Check out our other great articles here.

5 5 votes
Article Rating
Subscribe
Notify of
guest
4 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Muneeb
Muneeb
3 months ago

Thanks alot you solved my problem.

Tim Berrier
Tim Berrier
1 year ago

This was very helpful but I am trying to do this for all users in my org and Open ID Connect approach won’t work. Do you know how to do this using JWT and Google Service Account.

Close Menu
4
0
Would love your thoughts, please comment.x
()
x