Gmail MCP | OAuth Gmail connector for AI agents

CALL ANY TOOL

Read emails, send replies, search messages, and manage labels. Same toolkit, every framework, no auth plumbing.

gmail_fetch_mails

Fetch emails

Fetch messages from any label or inbox with optional search query and pagination.

Parameters

Name

Type

Required

Description

query

string

Optional

Gmail search query (e.g. is:unread from:acme.com)

label_ids

array

Optional

Array of label IDs to filter by

max_results

integer

Optional

Max messages to return (default 10)

page_token

string

Optional

Pagination token for next page

gmail_get_message

Get message

gmail_send_message

Send email

gmail_search_messages

Search messages

gmail_labels_list

List labels

gmail_label_message

Apply label

Build your Agent

Drop the toolkit in, point it at the user, and your agent can read, search, and send Gmail messages from the first run.

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["gmail"], toolNames: ["gmail_fetch_mails", "gmail_search_messages", "gmail_send_message"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["gmail"], toolNames: ["gmail_fetch_mails", "gmail_search_messages", "gmail_send_message"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["gmail"], toolNames: ["gmail_fetch_mails", "gmail_search_messages", "gmail_send_message"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

Copied

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/gmail",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your agent to start reading and acting on Gmail.

Search & recall

Copy the prompt

Copied

Find all unread emails from [domain] this week.

Copy the prompt

Copied

Search for emails about [topic] from [person].

Copy the prompt

Copied

List all emails with attachments received today.

Copy the prompt

Copied

Find the last email thread with [person name].

Action & replies

Copy the prompt

Copied

Send an email to [address] with subject [subject]: [body].

Copy the prompt

Copied

Reply to the latest email from [person]: [reply text].

Copy the prompt

Copied

Mark all emails from [sender] as read.

Copy the prompt

Copied

Archive all emails older than 30 days in [label].

Triage & organization

Copy the prompt

Copied

Summarize all unread emails from the last 24 hours.

Copy the prompt

Copied

List emails that need a reply and have been waiting more than 2 days.

Copy the prompt

Copied

Find all emails with invoices or billing in the subject.

Copy the prompt

Copied

What did [person] email me about last week?

SEE HOW AUTH WORKS

Users authorize Gmail once. Their Google credentials stay vaulted, every call is checked, and every action is logged.

1

Authorize

Your user connects

Gmail

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

Gmail

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

Gmail

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

Gmail

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other inbox agents and MCP connectors. Working code, live demos, fork what fits.

OPS

Email-to-calendar scheduling agent

Parse scheduling intent from Gmail threads and create Google Calendar events with the right attendees and timezone.

Gmail

Google Calendar

View agent

GTM

Salesforce customer insights agent

Surface Salesforce account activity, NPS signals, and renewal flags into Slack threads for the account team.

Salesforce

Slack

View agent

Why Scalekit

Secure your agent's access. Connectors ship in minutes

Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.

01.

Replies sent from the wrong identity

A shared Gmail token looks fine in a demo. In production, every email read or sent looks like it came from a service account. Audit logs break. Per-user scoping breaks. Scalekit resolves the credential of the actual user who triggered the agent, never a shared bot.

// shared bot token
token = "sk_gmail-mcp_shared_xxx"
audit → bot_service_account
user_filter → broken

// scalekit · per-user
token = resolve(user_id)
audit → user_abc
scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

Gmail today. Outlook, Slack, Teams tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent access Gmail as the user or as a shared key?

As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.

Where is the Gmail oauth 2.0 stored?

In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I limit what the agent is allowed to do in Gmail?

Yes. Pass a tool name filter to listScopedTools so the inbox agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Gmail.

What happens when a user revokes Gmail access?

The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.

Does sending an email show as the user or a bot?

As the user. Outbound emails come from the authorizing user's address with proper From, Reply-To, and DKIM. Audit logs attribute the send to that user, not a service account.

Gmail

Tools your inbox agent reaches for on Gmail, scoped per user.