I created a script that I don’t mind sharing if necessary, but the issue lies elsewhere.
I have Gmail delegation rights to several other Gmail addresses (read, write, delete emails).
My script, to put it simply, searches for certain emails that haven’t been responded to within a given time and then creates a row entry for that case in a spreadsheet using Apps Script (together with Gmail API services) and bit of scraping.
My admin claims that I have all the necessary rights to use the API in our Workspace, but let’s take that with a bit of caution.
I’ve created several functions to debug and test the issue, and they always lead to the same conclusion — that I don’t have delegation rights (even though in my Gmail account it works perfectly).
I was wondering whether I’m using insufficient services or libraries for this task, or if it’s simply an issue on the Workspace admin’s end.
In Gmail, UI-based mailbox delegation does not automatically grant equivalent access via the Gmail API. For API-based access to another user’s mailbox, the Workspace admin must enable domain-wide delegation on a service account or explicitly grant the target account’s OAuth consent to your script. In the Admin console, check Security > API Controls > Domain-wide delegation and ensure the OAuth scopes you use (e.g. https://www.googleapis.com/auth/gmail.modify) are authorized for the service account.
If your script runs under your own account with regular OAuth, it will only access your mailbox regardless of UI delegation. To work with other accounts programmatically, you need to impersonate them via the Gmail API using domain-wide delegation and subject=<delegated_user_email> in the Apps Script OAuth2 service or via Advanced Google Services. This is an admin-level setup, so confirm with your Workspace admin that it’s configured before troubleshooting your code further.