Google Drive - Prisme.ai

The Google Drive app provides read/write access to a user’s Google Drive through the Drive REST v3 API. It can be used either as a Builder app (automations call Drive instructions directly) or as a remote MCP server consumed by an AI agent. Each tenant configures its own Google OAuth Application; end-users sign in with their own Google account and tokens are stored per (user × tenant). The connector exposes 27 operations covering files (CRUD, copy, export, trash), permissions, comments, replies and revisions.

Files & Folders

List, search, create, update, copy, export and delete files, folders and Google-native documents

Sharing & Permissions

Grant, change and revoke access for users, groups, domains or anyone with the link

Comments & Revisions

Browse and manage comment threads, replies and historical revisions of any file

Prerequisites

A Google account with access to the Drive content you want to expose. For Google Workspace drives, the workspace admin may need to allow third-party OAuth apps.
A Google Cloud project with the Drive API enabled at console.cloud.google.com/apis/library/drive.googleapis.com.
A Google OAuth 2.0 Client of type Web application, created at console.cloud.google.com/apis/credentials. The Authorized redirect URIs must contain the value shown in the OAuth Callback URL field of the installed app instance (auto-populated on install — copy it back into the Google Cloud Console after installation).
An OAuth consent screen configured in the Google Cloud project. While the app is in Testing state, add the end-user’s email to Test users. The full Drive scope (https://www.googleapis.com/auth/drive) is classed restricted and requires CASA verification when the consent screen moves to Production.
Base URL (default: https://www.googleapis.com)

Usage as App
Usage as MCP

Installation

Go to Apps in your workspace
Search for Google Drive and install it
Open the app instance configuration and fill in the required fields

Configuration

Field	Description
Google Drive API Base URL	Base URL of the Drive API (default `https://www.googleapis.com`)
API Token (fallback)	Optional static OAuth access token used as a shared fallback for all users of this tenant. Stored as a workspace secret. Most deployments leave this empty and rely on per-user OAuth.
OAuth2 Client ID	Google OAuth Application Client ID. Create an OAuth client of type Web application in the Google Cloud Console. Stored as a workspace secret.
OAuth2 Client Secret	Google OAuth Client Secret, stored as a workspace secret
OAuth Authorize URL	Default `https://accounts.google.com/o/oauth2/v2/auth`
OAuth Token URL	Default `https://oauth2.googleapis.com/token`
OAuth Revoke URL	Default `https://oauth2.googleapis.com/revoke`
OAuth Scopes	Space-separated Google API scopes. Default `https://www.googleapis.com/auth/drive` (full Drive access). Other common values: `drive.readonly`, `drive.file`, `drive.metadata`, `drive.appdata`
Refresh Token TTL (seconds)	Default 15552000 (180 days, Google’s max)
MCP Endpoint	Auto-populated on install — URL of the MCP endpoint for this instance
MCP API Key	Auto-populated on install — signed key used in the `mcp-api-key` header. Do not modify

MCP Endpoint and MCP API Key are generated automatically by the onInstall flow. The OAuth credentials (OAuth2 Client ID, OAuth2 Client Secret) must be filled in manually after creating the OAuth client in the Google Cloud Console.

Authorize end-users

Once the app instance is configured, each end-user authorizes their own Google account through a browser-based consent screen:

Trigger the connect flow

From an MCP client (Agent Creator capability or any tool client), call any data tool. If no OAuth session exists for the current user × tenant, the MCP server returns a connector_auth_required payload with a connect_url. Alternatively, call the connect tool explicitly to receive the same payload.

Open the connect URL

Open the returned URL in a browser tab where the user is already authenticated to Prisme.ai. The platform redirects to the Google OAuth consent screen.

Grant access

The user reviews the requested scopes (default https://www.googleapis.com/auth/drive) and clicks Allow. Google redirects back to the platform’s oauthCallback webhook.

Confirmation

The user sees a Connection complete page and can close the tab. The platform has stored an access token plus refresh token as user-scoped secrets — both are tenant-prefixed so they do not leak across app instances.

Each user’s OAuth tokens are scoped per (user × tenant). A user who has authorized in tenant A does not gain access in tenant B — they must run the connect flow again per app instance. Refresh tokens are rotated by Google on each refresh and live up to 180 days when idle.

Available Instructions

Every instruction resolves credentials from the workspace configuration. Most list operations accept pageSize (default 100, max 1000) and pageToken for pagination, plus a fields parameter using Google’s partial response syntax to control the returned payload size.

Files

Instruction	Arguments
`listFiles`	`q`, `pageSize`, `pageToken`, `orderBy`, `fields`, `spaces`, `corpora`, `driveId`, `includeItemsFromAllDrives`, `supportsAllDrives`
`getFile`	`fileId`*, `fields`, `supportsAllDrives`, `includePermissionsForView`
`createFile`	`name`, `mimeType`, `description`, `parents`, `starred`, `properties`, `appProperties`, `supportsAllDrives`, `ignoreDefaultVisibility`, `keepRevisionForever`, `ocrLanguage`, `useContentAsIndexableText`, `fields`
`updateFile`	`fileId`*, `addParents`, `removeParents`, `keepRevisionForever`, `ocrLanguage`, `useContentAsIndexableText`, `supportsAllDrives`, `fields`, `name`, `mimeType`, `description`, `starred`, `trashed`, `properties`, `appProperties`
`copyFile`	`fileId`*, `name`, `parents`, `description`, `supportsAllDrives`, `keepRevisionForever`, `ocrLanguage`, `ignoreDefaultVisibility`, `fields`
`deleteFile`	`fileId`*, `supportsAllDrives`
`exportFile`	`fileId`, `mimeType`
`emptyTrash`	`enforceSingleParent`
`generateFileIds`	`count`, `space`, `type`

Permissions

Instruction	Arguments
`listPermissions`	`fileId`*, `pageSize`, `pageToken`, `fields`, `supportsAllDrives`, `includePermissionsForView`
`getPermission`	`fileId`, `permissionId`, `supportsAllDrives`, `fields`
`createPermission`	`fileId`, `type`, `role`*, `emailAddress`, `domain`, `allowFileDiscovery`, `expirationTime`, `emailMessage`, `sendNotificationEmail`, `supportsAllDrives`, `transferOwnership`, `moveToNewOwnersRoot`, `fields`
`updatePermission`	`fileId`, `permissionId`, `removeExpiration`, `transferOwnership`, `supportsAllDrives`, `fields`, `role`, `expirationTime`
`deletePermission`	`fileId`, `permissionId`, `supportsAllDrives`

Comments

Instruction	Arguments
`listComments`	`fileId`*, `pageSize`, `pageToken`, `includeDeleted`, `startModifiedTime`, `fields`
`getComment`	`fileId`, `commentId`, `includeDeleted`, `fields`
`createComment`	`fileId`, `content`, `anchor`, `quotedFileContent`, `fields`
`updateComment`	`fileId`, `commentId`, `content`, `resolved`, `fields`
`deleteComment`	`fileId`, `commentId`

Replies

Instruction	Arguments
`listReplies`	`fileId`, `commentId`, `pageSize`, `pageToken`, `includeDeleted`, `fields`
`createReply`	`fileId`, `commentId`, `content`, `action`, `fields`
`updateReply`	`fileId`, `commentId`, `replyId`*, `content`, `fields`
`deleteReply`	`fileId`, `commentId`, `replyId`*

Revisions

Instruction	Arguments
`listRevisions`	`fileId`*, `pageSize`, `pageToken`, `fields`
`getRevision`	`fileId`, `revisionId`, `fields`
`updateRevision`	`fileId`, `revisionId`, `keepForever`, `publishAuto`, `published`, `publishedOutsideDomain`, `fields`
`deleteRevision`	`fileId`, `revisionId`

Arguments flagged with * are required.

DSUL Examples

Search the latest spreadsheets in My Drive

- GoogleDrive.listFiles:
    q: "mimeType = 'application/vnd.google-apps.spreadsheet' and trashed = false"
    orderBy: modifiedTime desc
    pageSize: 10
    fields: "files(id,name,modifiedTime,webViewLink)"
    output: spreadsheets

Create a folder and a Google Doc inside it

- GoogleDrive.createFile:
    name: Project Acme
    mimeType: application/vnd.google-apps.folder
    output: folder
- GoogleDrive.createFile:
    name: Kickoff Notes
    mimeType: application/vnd.google-apps.document
    parents:
      - '{{folder.id}}'
    output: doc

- GoogleDrive.createPermission:
    fileId: '{{file_id}}'
    type: user
    role: commenter
    emailAddress: alice@example.com
    sendNotificationEmail: true
    emailMessage: |
      Hi Alice — feel free to comment on the Q1 brief.
    output: permission

Export a Google Sheet to XLSX

- GoogleDrive.exportFile:
    fileId: '{{spreadsheet_id}}'
    mimeType: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
    output: xlsx

Resolve a comment thread

- GoogleDrive.updateComment:
    fileId: '{{file_id}}'
    commentId: '{{comment_id}}'
    resolved: true
    output: resolved

The Google Drive app ships with a built-in MCP server. Each app instance gets its own signed mcp-api-key that encodes the workspace ID and a credentials lookup URL — the Google OAuth token is never passed through headers and is resolved server-side from the user’s per-tenant secret.

Plug into an Agent Creator capability

Agents consume MCP servers directly through Agent Creator capabilities. This is the preferred way to expose Google Drive to an agent.

Create or open a workspace

From the Prisme.ai console, create a new workspace (or open the one that will host the connector).

Install the Google Drive app

Open the workspace Imports panel, search for Google Drive and install it.

Configure the credentials

Open the freshly installed app instance settings and fill in the required fields (see the Usage as App tab for the field-by-field reference). At minimum you need OAuth2 Client ID and OAuth2 Client Secret from your Google Cloud OAuth client.

Copy the MCP endpoint and API key

Still on the app instance configuration page, copy the values of MCP Endpoint and MCP API Key — both are generated automatically on install.

Open Agent Creator

Switch to Agent Creator and open the agent you want to extend.

Add a capability

Add a new capability to the agent:

If a dedicated Google Drive capability exists — select it and paste the MCP API Key into the mcp-api-key field. The server URL is already wired.
Otherwise — select the generic custom_mcp capability, paste the MCP Endpoint into the Server URL field, then open the Headers field and add an mcp-api-key entry whose value is the MCP API Key copied earlier:
```
{
  "mcp-api-key": "your-mcp-api-key"
}
```

Save

The agent now has access to every Google Drive tool exposed by the MCP server.

Brief the agent in its system prompt

Wiring the capability is not enough — the agent also needs to know the MCP exists and when to reach for it. Add a short paragraph to the agent’s system prompt. Copy-pasteable starter:

You have access to the Google Drive MCP server. Use it whenever the user asks something that maps to Drive data — finding files, browsing folders, reading file metadata, sharing, commenting, or exporting Google Docs/Sheets/Slides. Use `fields` aggressively (e.g. `files(id,name,modifiedTime)`) to keep responses small. Confirm with the user before any destructive action (deleteFile, deletePermission, emptyTrash, deleteComment).

Refine the trigger keywords (resource names, business domains, typical user phrasings) so the agent reliably picks up the right intent in your context.

Legacy MCP Install (Advanced > Tools)

Use this flow to plug the Google Drive MCP into an AI Knowledge agent that does not yet support the native MCP picker.

Install the Google Drive app

Install and configure the app in the same workspace as your agent (see the Usage as App tab). Once configured, mcpEndpoint and mcpApiKey are auto-populated.

Copy the MCP credentials

Open the app instance config and copy the values of MCP Endpoint and MCP API Key.

Open your AI Knowledge project

Navigate to Advanced > Tools.

Add an MCP tool

Click Add and select the MCP tab.

Fill in the endpoint

Paste the MCP Endpoint URL copied from the app instance.

Add the auth header

In the Headers field, add the signed API key:

{
  "mcp-api-key": "your-mcp-api-key"
}

Save

The agent can now list and call Google Drive tools through the MCP endpoint.

The signed mcp-api-key encodes the workspace ID and the getConfig webhook URL. The MCP server validates the signature using the central app secret, fetches the OAuth client configuration from the installed app, and resolves the end-user’s access token from per-user secrets. Credentials are cached per tenant for 10 minutes.

Output Formats

Every tool accepts an outputFormat parameter that controls the MCP response shape:

verbose (default) — human-readable text for LLM consumption
structured — machine-readable JSON in structuredContent
both — both text and structured content

Available Tools

Files

Tool	Description
`listFiles`	List or search files in the user’s Google Drive. Use the `q` parameter for Drive search syntax (`mimeType`, `name contains`, `'<parent>' in parents`, …)
`getFile`	Get a single file’s metadata by ID. Use the `fields` parameter to control response payload
`createFile`	Create a file, folder, or empty Google Doc/Sheet/Slides. For folders, use `mimeType: application/vnd.google-apps.folder`
`updateFile`	Update a file’s metadata (name, description, starred, trashed). To MOVE a file, use `addParents` and `removeParents`
`copyFile`	Create a copy of a file (does not work on folders). Optionally rename and re-parent
`deleteFile`	Permanently delete a file the user owns. For non-owners this trashes the file instead
`exportFile`	Export a Google-native file (Docs/Sheets/Slides/Drawings) to another MIME type (`application/pdf`, `text/csv`, …)
`emptyTrash`	Permanently delete every file currently in the user’s trash. Irreversible
`generateFileIds`	Pre-generate a batch of file IDs that can be used in subsequent `createFile` calls

Permissions

Tool	Description
`listPermissions`	List all permissions on a file (who has access and what role)
`getPermission`	Get a single permission by ID
`createPermission`	Grant access to a file (share it). For `type=user` or `type=group`, set `emailAddress`. For `type=domain`, set `domain`. For `type=anyone`, no extra arg is needed
`updatePermission`	Change an existing permission’s role or expiration
`deletePermission`	Revoke a permission (remove access for a user/group/domain)

Comments

Tool	Description
`listComments`	List comments on a file. Set `includeDeleted=true` to also return soft-deleted comments
`getComment`	Get a single comment by ID
`createComment`	Add a comment to a file. Optionally anchor it to a region of the file
`updateComment`	Edit a comment’s content or mark it as resolved
`deleteComment`	Soft-delete a comment (remains visible to the author until purged by Drive)

Replies

Tool	Description
`listReplies`	List replies on a comment thread
`createReply`	Reply to a comment. Set `action=resolve` or `action=reopen` to also change the comment status
`updateReply`	Edit a reply’s content
`deleteReply`	Soft-delete a reply

Revisions

Tool	Description
`listRevisions`	List historical revisions of a file. Only works on Google-native files and uploaded binaries (not folders)
`getRevision`	Get a single revision’s metadata
`updateRevision`	Pin a revision (`keepForever`) or change publishing state
`deleteRevision`	Permanently delete a revision (cannot delete the head revision or pinned revisions)

OAuth Session

Tool	Description
`connect`	Initiate the per-user OAuth flow. Returns a `connector_auth_required` payload with a `connect_url`. Data tools auto-prompt this when no session is active, so call it directly only when the user explicitly asks to sign in
`disconnect`	Revoke the current user’s OAuth tokens (RFC 7009) and clear the local secrets

Tool Details

listFiles

Search the user’s Drive with Google’s Drive query syntax.

{
  "name": "listFiles",
  "arguments": {
    "q": "mimeType = 'application/vnd.google-apps.folder' and trashed = false",
    "orderBy": "name",
    "pageSize": 20,
    "fields": "files(id,name,parents,modifiedTime),nextPageToken"
  }
}

Parameter	Required	Description
`q`	No	Drive search query. Examples: `mimeType = '...'`, `name contains '...'`, `'<id>' in parents`, `sharedWithMe = true`, `starred = true`
`pageSize`	No	Default 100, max 1000
`pageToken`	No	Cursor from a previous response
`orderBy`	No	Comma-separated sort keys (e.g. `modifiedTime desc, name`)
`fields`	No	Partial response — request only the fields you need
`spaces`	No	`drive` (default), `appDataFolder`, or `photos`
`corpora`	No	`user`, `drive`, or `allDrives`
`driveId`	No	Restrict to a single shared drive
`includeItemsFromAllDrives`	No	Default `false`. Set `true` for shared drives
`supportsAllDrives`	No	Required `true` when querying shared drives

createFile

Create a file, folder, or empty Google-native document. The mimeType decides which:

{
  "name": "createFile",
  "arguments": {
    "name": "Quarterly Review",
    "mimeType": "application/vnd.google-apps.document",
    "parents": ["folder-id"]
  }
}

Parameter	Required	Description
`name`	No	File name (recommended). Default `"Untitled"`
`mimeType`	No	Use `application/vnd.google-apps.folder` for a folder, `...document` / `...spreadsheet` / `...presentation` for Google-native files
`parents`	No	Array of parent folder IDs (default: My Drive root)
`description`	No	Free-form description
`starred`	No	Default `false`
`properties` / `appProperties`	No	Custom key-value metadata (public / app-only)

updateFile

The most-used update is renaming or moving. Note that MOVE is addParents + removeParents, not changing parents:

{
  "name": "updateFile",
  "arguments": {
    "fileId": "file-id",
    "name": "Renamed file",
    "addParents": "destination-folder-id",
    "removeParents": "source-folder-id"
  }
}

Set trashed: true to move a file to the trash (recoverable). Use deleteFile instead for permanent removal.

createPermission

Share a file. type and role are required; the extra args depend on type.

{
  "name": "createPermission",
  "arguments": {
    "fileId": "file-id",
    "type": "user",
    "role": "writer",
    "emailAddress": "alice@example.com",
    "sendNotificationEmail": true,
    "emailMessage": "Sharing the Q1 brief for review."
  }
}

Parameter	Required	Description
`fileId`	Yes	Target file
`type`	Yes	`user`, `group`, `domain`, or `anyone`
`role`	Yes	`reader`, `commenter`, `writer`, `fileOrganizer`, `organizer`, or `owner`
`emailAddress`	Conditional	Required for `type=user` or `type=group`
`domain`	Conditional	Required for `type=domain`
`expirationTime`	No	RFC 3339 timestamp
`sendNotificationEmail`	No	Default `true` for user/group
`transferOwnership`	No	Set together with `role=owner`

exportFile

Convert a Google-native document to a binary format.

{
  "name": "exportFile",
  "arguments": {
    "fileId": "doc-id",
    "mimeType": "application/pdf"
  }
}

Common target MIME types:

Docs → application/pdf, application/vnd.openxmlformats-officedocument.wordprocessingml.document, text/plain, text/html
Sheets → application/pdf, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet, text/csv
Slides → application/pdf, application/vnd.openxmlformats-officedocument.presentationml.presentation
Drawings → image/png, image/svg+xml, image/jpeg

Returns the binary content as the response body — agents typically chain this with a file upload to expose it to the user.

createComment

Add a comment to a file. Optionally anchor it to a region of the file (the JSON shape depends on the file type; see Drive docs).

{
  "name": "createComment",
  "arguments": {
    "fileId": "file-id",
    "content": "Could we double-check the methodology in section 3?",
    "quotedFileContent": {
      "mimeType": "text/plain",
      "value": "We assumed a 5% growth rate."
    }
  }
}

Use updateComment with resolved: true (and / or createReply with action: resolve) to close the thread.

Error Handling

HTTP Status	Error	Solution
401	Unauthorized / token expired	The OAuth token was revoked or expired. Re-run the connect flow for that user. The connector auto-refreshes when a refresh token is present
403	Forbidden	Check the OAuth scopes (`https://www.googleapis.com/auth/drive` for full access) and verify the Drive API is enabled on the Google Cloud project
404	Not Found	Verify the `fileId` / `permissionId` / `commentId` / `revisionId`. Drive IDs are case-sensitive and never include a trailing slash
429	Rate Limited / Quota exceeded	Drive enforces per-user and per-project quotas. Back off and retry with exponential delay
500	Server error	Transient. Retry once with a small delay

Common Issues

“Not configured” — The app instance has no OAuth client. Fill in OAuth2 Client ID and OAuth2 Client Secret from the Google Cloud Console. “Invalid API key” (MCP) — The mcp-api-key header does not match the central app secret. Reinstall the app instance to regenerate a signed key. “Credentials lookup failed” — The MCP endpoint could not reach the getConfig webhook of the installed app. Verify that the app instance is still installed in the expected workspace. redirect_uri_mismatch at the Google consent screen — The redirect URI registered in your Google OAuth client does not match the one the connector sends. Copy the value of OAuth Callback URL from the app instance configuration and paste it verbatim into the Authorized redirect URIs list of your OAuth client in the Google Cloud Console. Drive API has not been used in project ... or it is disabled — Enable the Drive API at console.cloud.google.com/apis/library/drive.googleapis.com for the project that owns your OAuth client. Propagation takes up to a minute. File not found: <id> on a shared drive — Pass supportsAllDrives: true (and includeItemsFromAllDrives: true on listFiles). Without these flags, the Drive API silently scopes the request to My Drive only. fileNotDownloadable on exportFile — exportFile works only on Google-native files (Docs/Sheets/Slides/Drawings). For uploaded binaries (PDF, DOCX, …), use a file-content endpoint instead.

Files & Folders

Sharing & Permissions

Comments & Revisions

​Prerequisites

​Installation

​Configuration

​Authorize end-users

​Available Instructions

​Files

​Permissions

​Comments

​Replies

​Revisions

​DSUL Examples

​Search the latest spreadsheets in My Drive

​Create a folder and a Google Doc inside it

​Share a file with a user as commenter

​Export a Google Sheet to XLSX

​Resolve a comment thread

​Plug into an Agent Creator capability

​Legacy MCP Install (Advanced > Tools)

​Output Formats

​Available Tools

​Files

​Permissions

​Comments

​Replies

​Revisions

​OAuth Session

​Tool Details

​listFiles

​createFile

​updateFile

​createPermission

​exportFile

​createComment

​Error Handling

​Common Issues

​External Resources

Google Drive API Reference

Tool Agents

Prerequisites

Installation

Configuration

Authorize end-users

Available Instructions

Files

Permissions

Comments

Replies

Revisions

DSUL Examples

Search the latest spreadsheets in My Drive

Create a folder and a Google Doc inside it

Share a file with a user as commenter

Export a Google Sheet to XLSX

Resolve a comment thread

Plug into an Agent Creator capability

Legacy MCP Install (Advanced > Tools)

Output Formats

Available Tools

Files

Permissions

Comments

Replies

Revisions

OAuth Session

Tool Details

listFiles

createFile

updateFile

createPermission

exportFile

createComment

Error Handling

Common Issues

External Resources