Google Drive
The Google Drive connector lets AI agents search, read, create, and manage files and folders through the official Google Drive API using OAuth 2.0. With 15 tools spanning read, write, and delete operations, it is the most comprehensive storage connector in MCPGate. Your credentials are stored encrypted in MCPGate's vault.
Sharing tools can expose files publicly
drive_share_file and drive_get_share_link can make files accessible to anyone with the link. Always apply guardrails to these tools in apps that should not be able to change file visibility.Required scopes#
MCPGate requests the following OAuth scopes when you connect a Google Drive account.
| Scope | Purpose |
|---|---|
| drive.readonly | Read file metadata and content |
| drive.file | Create and modify files created by MCPGate |
| drive | Full access to all Drive files (required for sharing and trash operations) |
Tool reference#
The Google Drive connector exposes 15 tools: 5 read, 8 write, and 2 delete.
| Tool | Category | Description |
|---|---|---|
| drive_search | read | Search files and folders by name or content |
| drive_get_file | read | Get file metadata by ID |
| drive_read_file | read | Read/download file content (text files, docs) |
| drive_list_files | read | List files in a folder or root |
| drive_list_shared | read | List files shared with the user |
| drive_create_file | write | Create a new file (text, doc) |
| drive_update_file | write | Update file content or metadata |
| drive_create_folder | write | Create a new folder in Drive |
| drive_move_file | write | Move a file to a different folder |
| drive_copy_file | write | Copy a file, optionally to a different folder |
| drive_share_file | write | Share a file with a user or make it public |
| drive_get_share_link | write | Get a public sharing link for a file (creates one if needed) |
| drive_restore_from_trash | write | Restore a file from the Drive trash |
| drive_delete_file | delete | Move a file to trash |
| drive_revoke_access | delete | Revoke a user's or public access to a file |
Common guardrail recipes#
Read-only access#
Enable only the five read tools and deny all write and delete tools. Useful for agents that summarise documents or retrieve file contents without any risk of modifying your Drive.
Block sharing and public links#
Deny drive_share_file, drive_get_share_link, and drive_revoke_access. This prevents the AI from changing the visibility of any file, which is the highest-risk operation for data leakage.
Restrict to a specific folder#
Apply the allow_values template to write tools and target the folder_id or destination_folder_id field. Provide the IDs of folders the agent is permitted to write into. Any operation targeting another folder will be denied.
Troubleshooting#
- drive_delete_file moves to trash, not permanent delete — Files moved to the Drive Trash are recoverable via
drive_restore_from_trashuntil they are permanently deleted from Google's side. - drive_read_file returns empty for binary files — This tool is designed for text-based content. Binary files (images, PDFs, etc.) should be handled via
drive_get_share_linkor accessed directly through Google Drive. - 403 on shared files— Operations on files owned by others require that the file has been explicitly shared with the authenticated account. Check the file's sharing settings.