Securely Call Private Google Cloud Run APIs with JWT Authentication

Who it’s for

Anyone who wants a dead-simple, free-tier friendly way to run custom API logic on Google Cloud Run and call it securely from n8n—no public exposure, no local hosting.

What it does

Minimal flow: Set → JWT (sign) → HTTP (token exchange) → HTTP (call Cloud Run with Authorization: Bearer <id_token> ). No caching, no extras—just enough to authenticate and hit your endpoint.

How to set up

General instructions below—see my detailed guide for more info:

Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)

Setup:

1. Create a Cloud Run service and enable Require authentication (Cloud IAM).
2. Create a Google Service Account with Cloud Run Invoker on that service.
3. In n8n, set service_url, client_email, token_uri (https://oauth2.googleapis.com/token) in Set.
4. Create a JWT (PEM) credential from your service account key (paste the full BEGIN/END block).
5. Run the workflow; the second HTTP node calls your Cloud Run URL with the ID token.

Requirements

• Cloud Run service URL (auth required)
• Google Service Account with Cloud Run Invoker
• Private key JSON fields downloaded from Service Account | needed to generate JWT credentials

More details

Full write-up (minimal + modular versions):

Build a Secure Google Cloud Run API, Then Call It from n8n (Free Tier)