Google Search Console + GA4 MCP Server for Vercel

This project is a Vercel-hosted Node.js MCP server for ChatGPT. It uses Google OAuth 2.0 with read-only scopes only and exposes these MCP tools:

• list_search_console_sites

• query_search_console

• list_ga4_properties

• run_ga4_report

Routes

• GET /mcp and POST /mcp for the public MCP endpoint

• GET /auth/google/start to begin Google OAuth

• GET /auth/google/callback for the Google OAuth callback

• POST /oauth/token for OAuth token exchange

• GET /.well-known/oauth-authorization-server

• GET /.well-known/oauth-protected-resource

Required environment variables

• GOOGLE_CLIENT_ID

• GOOGLE_CLIENT_SECRET

• APP_BASE_URL

• APP_ENCRYPTION_KEY

You can copy .env.example locally and fill in your values.

Generate APP_ENCRYPTION_KEY as a base64-encoded 32-byte secret. Example:

[Convert]::ToBase64String((1..32 | ForEach-Object { Get-Random -Minimum 0 -Maximum 256 }))

Google Cloud setup

1. Create a Google Cloud project.

2. Enable these APIs:

   • Google Search Console API

   • Google Analytics Data API

   • Google Analytics Admin API

3. Create OAuth 2.0 credentials for a Web application.

4. Add this authorized redirect URI:

https://YOUR-VERCEL-DOMAIN/auth/google/callback

Scopes used

• https://www.googleapis.com/auth/webmasters.readonly

• https://www.googleapis.com/auth/analytics.readonly

Deploy to Vercel

1. Import the repo into Vercel.

2. Set the environment variables above.

3. Deploy.

4. Confirm these URLs respond:

   • /

   • /.well-known/oauth-authorization-server

   • /.well-known/oauth-protected-resource

   • /mcp

Local development

npm install
npm run dev

Or run the Express server directly:

npm start

Notes

• This server keeps its OAuth state stateless by encrypting tokens instead of storing them in a database.

• The MCP endpoint accepts bearer tokens and also supports the browser session cookie set after OAuth completion.