Skip to main content
To use this MCP server, you must authenticate with the Google Search Console API. We recommend the Secure Desktop Flow, which uses your local machine’s keychain and hardware-bound encryption to store tokens safely. This method allows you to log in with your Google account via a browser, just like any other desktop application.

Security Features

  • System Keychain: Tokens are stored in your OS’s native credential manager (macOS Keychain, Windows Credential Manager, Linux Secret Service).
  • Hardware-Bound Encryption: Fallback storage uses AES-256-GCM with a key derived from your unique machine ID. Tokens cannot be decrypted on other devices.
  • Multi-Account Support: Easily switch between multiple Google accounts.

How to Login

Run the following command in your terminal: 
npx search-console-mcp setup
  1. A local secure server will start.
  2. Your browser will open to the Google Authorization page.
  3. Grant access to your Search Console data.
  4. The CLI will automatically fetch your email and securely store your credentials.

Logout & Management

You can manage your sessions directly from the CLI: 
# Logout of the default account
npx search-console-mcp logout

# Logout of a specific account by email
npx search-console-mcp logout user@gmail.com

2. Service Account (Advanced / Headless)

For server-side environments or automated tasks where interactive login isn’t possible, you can use a Google Cloud Service Account.

Step 1: Create a Service Account

  1. Go to the Google Cloud Console.
  2. Create a new project (or select an existing one).
  3. Go to IAM & Admin > Service Accounts.
  4. Click Create Service Account.
  5. Give it a name (e.g., seo-agent) and click Create and Continue.
  6. Click Done.

Step 2: Generate a JSON Key

  1. In the Service Accounts list, click on your new account.
  2. Select the Keys tab.
  3. Click Add Key > Create new key.
  4. Select JSON and click Create.
  5. A JSON file will download to your computer. Keep this file secure.

Step 3: Grant Access in Search Console

You must give your Service Account permission to see your data:
  1. Open the Google Search Console.
  2. Go to Settings > Users and permissions.
  3. Click Add User.
  4. Enter the Service Account Email (e.g., seo-agent@your-project.iam.gserviceaccount.com).
  5. Select Permissions (Full or Restricted) and click Add.

Step 4: Configure the Server

Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to your key file: 
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/your/key.json"