Steps to Create a Service Account
1. Create a Google Cloud Project (Skip if already exists)
If you already have a project in Google Cloud Console, you can skip this step. Otherwise:
- Go to Google Cloud Console
- Click Select Project → New Project
- Provide: Project Name
- Click Create
2. Enable Required APIs
Navigate to APIs & Services → Library, then enable:
For Search Console: Search Console API
For Analytics (GA4): Google Analytics Data API, Google Analytics Admin API.
3. Create a Service Account
- Go to IAM & Admin → Service Accounts
- Click Create Service Account
- Fill: Name, ID (auto-generated)
- Click Create and Continue
- Roles: You can skip assigning roles here
- Click Done
4. Generate Service Account Key
- Open the created service account
- Go to Keys → Add Key → Create new key
- Choose: JSON
- Download the file
⚠️ This JSON file contains credentials - you should store it securely.
5. Grant Access in Google Search Console
- Go to Google Search Console
- Select your property (domain or URL prefix)
- Go to Settings → Users and permissions
- Click Add User
- Add the service account email (e.g. your-account-name@project.iam.gserviceaccount.com)
- Assign role: Full
6. Grant Access in Google Analytics (GA4)
- Go to Google Analytics
- Navigate:
- Admin → Property Access Management
- Click + → Add users
- Add the service account email
- Assign role: Analyst
Configure the Service Account in Your Application
Once the service account is created and permissions are granted, configure it in your application settings.
Example: Configure service account in appsettings.json
"Epinova": {
"GoogleServices": {
"Accounts": [
{
"ClientEmail": "epinova-ai-assistant@epinova-internal.iam.gserviceaccount.com",
"PrivateKey": "-----BEGIN PRIVATE KEY----- xxxxxxx -----END PRIVATE KEY-----\n"
}
]
}
}Notes
- Ensure the private key preserves line breaks (
\n) - Prefer storing secrets in:
- Environment variables
- Secret managers (e.g., Azure Key Vault)
- Avoid hardcoding credentials in source code