I am automating employee offboarding (deleting Google Workspace users) by making Http callouts from Salesforce to Google Cloud Admin SDK API using a service account for authentication/authorization.
For context,
this article is essentially the entirety of the Salesforce setup procedure and majority of Google Project setup. (I've confirmed authentication/authorization using the Calendar API like in the article)
The call is made and there seems to be a permission issue on the service account side.
HTTP Response Error:
DEBUG | JSON RESPONSE: {
"error": {
"code": 403,
"message": "Not Authorized to access this resource/api",
"errors": [
{
"message": "Not Authorized to access this resource/api",
"domain": "global",
"reason": "forbidden"...
I have enabled the Admin SDK API and the service account is listed under credentials.
Service account role is set to "Owner".
I even enabled Domain-wide delegation and included the authorization scope of:
as listed in the documentation.
What could I be missing here to open up authorization to use Admin SDK APIs?