This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Trouble authenticating to Vertex AI Gemini from n8n using Service Account (n8n Cloud user)

Posted 4 weeks ago
CreamusAI
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

I'm trying to call the Google Vertex AI Gemini API (e.g., gemini-1.5-pro or gemini-1.0-pro-vision-latest) from n8n using a Google Service Account credential, but I'm stuck on authentication/permission errors.

The Problem:

  1. The n8n "Google Service Account" credential fails to save when I paste the full JSON key content (error: "Couldn't connect with these settings" / likely "secretOrPrivateKey must be an asymmetric key..." error).
  2. It only saves if I paste just the private key block (-----BEGIN...END-----). The "Upload file" option is missing in my n8n Cloud UI.
  3. However, when using the credential saved this way, API calls via the HTTP Request node fail with either 404 Not Found (even for gemini-1.0-pro-vision-latest in us-central1) or 400/403 Bad Request (e.g., Project 297... is not allowed to use Publisher Model projects/creamusai/...).

Context:

  • n8n Version: 1.87.1 (latest Beta)
  • n8n Setup: n8n Cloud
  • GCP Project checks (APIs enabled: Vertex AI, IAM Credentials; SA roles assigned: Vertex AI User + SA Token Creator; Billing linked & active) all seem correct for the target project (creamusai, number 297...).
  • Multiple new keys were generated and tested. JSON key syntax validated.

It seems there's an issue with how n8n Cloud handles the Google Service Account credential in this version, either during saving with the full JSON or during the actual authentication request when saved with only the key block. How can I resolve this to successfully call the Vertex AI API?

Thanks!
Marko

0 1 43
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
CreamusAI
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

To isolate the issue, I tested the authentication outside of n8n using the Google Cloud SDK command line:

  1. I successfully activated the service account using gcloud auth activate-service-account --key-file="<path_to_my_new_key>.json". It confirmed Activated service account credentials for: [my-service-account-email].
  2. I then successfully generated a Bearer token using gcloud auth print-access-token.
  3. However, when I used this generated Bearer token directly in the n8n HTTP Request node (using Header Auth: Authorization: Bearer <TOKEN>), the API call still failed with the same 400 Bad Request error: Project 297... is not allowed to use Publisher Model projects/creamusai/....

This seems to confirm the Service Account key and basic GCP permissions are working correctly outside n8n, but the API call still fails when initiated from the n8n Cloud environment, even with direct token authentication.

0 Likes