Google Search Console Service Account Setup

For: Robert

Purpose: Let Iris pull real GSC data (impressions, clicks, rankings) automatically.

Time required: ~15 minutes

What This Does

Creates a Google service account key that Iris can use to query the GSC API — pulling real ranking data, impressions, and click-through rates without you manually exporting CSVs.

Step 1: Create a Google Cloud Project (or use existing)

1. Go to console.cloud.google.com
2. Click the project dropdown → New Project
3. Name it compliancelayer-seo → Create
4. Make sure this project is selected

Step 2: Enable the Search Console API

1. In the left menu → APIs & Services → Library
2. Search: Google Search Console API
3. Click it → Enable

Step 3: Create a Service Account

1. Go to APIs & Services → Credentials
2. Click + Create Credentials → Service Account
3. Fill in:
   • Name: iris-seo-reader
   • ID: auto-fills (leave it)
   • Description: Iris SEO agent - read-only GSC access
4. Click Create and Continue
5. Skip the optional role assignment → Done

Step 4: Generate the JSON Key

1. You'll see the new service account listed. Click on it.
2. Go to the Keys tab
3. Click Add Key → Create new key
4. Choose JSON → Create
5. A .json file downloads automatically. This is the key file — keep it safe.

Step 5: Add the Service Account to Google Search Console

1. Go to search.google.com/search-console
2. Select your property: compliancelayer.net
3. Left sidebar → Settings → Users and permissions
4. Click Add user
5. Enter the service account email — it looks like:

   iris-seo-reader@compliancelayer-seo.iam.gserviceaccount.com

(Copy it from the service account page in Google Cloud Console)

1. Set permission: Restricted (read-only is fine)
2. Click Add

Step 6: Store the Key for Iris

Save the downloaded JSON file here:

/Users/gigabob/clawd/compliancelayer/marketing/gsc-service-account.json

Then add this line to the shared environment or tell Iris where it is:

export GSC_SERVICE_ACCOUNT_KEY="/Users/gigabob/clawd/compliancelayer/marketing/gsc-service-account.json"
export GSC_PROPERTY="sc-domain:compliancelayer.net"

Note: The property format for domain-level GSC verification is sc-domain:compliancelayer.net. If you verified via URL prefix, use https://compliancelayer.net/ instead.

Step 7: Verify It Works

Once the key is in place, Iris can test access with:

python3 -c "
from google.oauth2 import service_account
from googleapiclient.discovery import build

creds = service_account.Credentials.from_service_account_file(
    '/Users/gigabob/clawd/compliancelayer/marketing/gsc-service-account.json',
    scopes=['https://www.googleapis.com/auth/webmasters.readonly']
)
service = build('searchconsole', 'v1', credentials=creds)
props = service.sites().list().execute()
print(props)
"

If you see compliancelayer.net in the output, it's working.

Security Notes

• The JSON key has read-only access to GSC data only
• Don't commit it to git — add to .gitignore:

  marketing/gsc-service-account.json

• If the key is ever compromised, delete it in Google Cloud Console → Credentials and generate a new one

Questions?

Drop in webchat. Iris will pick it up.

Built by ComplianceLayer — scan any domain for security compliance in seconds. Get your free API key.