Back to Templates
Who it’s for
Anyone who wants a simple, secure way to call a Google Cloud Run endpoint from n8n—without exposing it publicly.
People who want a cheap/free-tier way to run custom API logic without hosting n8n or spinning up servers. Example: you’ve got scraping code that needs specific system/python libs—build it into a Dockerfile on Cloud Run, then call it as a secure endpoint from n8n.
How it works
This is a conjunctive workflow: the main workflow calls Service Auth (sub-workflow) to get a Google ID token, merges that auth with your context, then calls your Cloud Run URL with Authorization: Bearer <id_token>. Works great for single calls or looping over items.
How to set up
General instructions below—see my detailed guide for more info:
Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)
Setup:
- Create a Cloud Run service and enable Require authentication (Cloud IAM).
- Create a Google Service Account and grant Cloud Run Invoker on that service.
- In n8n, import the workflows and update the Vars node (
service_url, optionalservice_path). - Create a JWT (PEM) credential from your service account key, then run.
- Make sure to read the sticky notes in the workflows—they contain helpful pointers and optional configurations.
Requirements
- Cloud Run service URL (auth required)
- Google Service Account with Cloud Run Invoker
- Private key JSON fields downloaded from Service Account | needed to generate JWT credentials
How to customize
Change the HTTP method/path/body in Cloud Run Request, or drop the Service Auth (sub-workflow) into other workflows to reuse the same auth pattern.
More details
Full write-up (minimal + modular flows), screenshots, and more:
Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)
— by Marco Cassar