Google Analytics 4 MCP Setup Guide for OpenClaw
Prepared by Tenten Digital Product Design Studio — March 2026
What This Guide Covers
End-to-end setup of Google Analytics 4 as an MCP (Model Context Protocol) data source for OpenClaw agents. After completing this guide, your AI agents will be able to query GA4 traffic, conversions, and user behavior data in real-time through natural language.
Estimated time: 30–60 minutes
Prerequisites
| Requirement | Details |
|---|---|
| Google Cloud Project | An active GCP project (new or existing) |
| GA4 Property | Admin-level access to the target GA4 property |
| Node.js | v18+ installed (for npx to run MCP server) |
| OpenClaw | Running instance with agent configuration access |
Step 1: Google Cloud Setup
1.1 Create or Select a GCP Project
Navigate to console.cloud.google.com. Create a new project or select an existing one. Name it something identifiable (e.g., “ALUXE-MCP” or “OpenClaw-Integrations”).
1.2 Enable Required APIs
Go to APIs & Services → Library and enable both of the following:
| API Name | Purpose |
|---|---|
| Google Analytics Data API | Query GA4 reports, metrics, dimensions |
| Google Analytics Admin API | List accounts, properties, data streams |
1.3 Create a Service Account
Navigate to IAM & Admin → Service Accounts → Create Service Account.
Name: ga4-mcp-reader
ID: ga4-mcp-reader
Description: Read-only GA4 access for OpenClaw MCP
After creation, go to the service account → Keys → Add Key → Create new key → JSON. Download and store the JSON key file securely.
Never commit the JSON key file to version control. Store it in a secure location and reference it via environment variables.
1.4 Grant GA4 Property Access
In Google Analytics, navigate to Admin → Property Access Management (under your target property).
1. Click "+" to add a new user
2. Enter the Service Account email:
ga4-mcp-reader@your-project.iam.gserviceaccount.com
3. Set role to "Viewer" (read-only)
4. Click Add
1.5 Record Key Information
You will need two pieces of information for the next steps:
| Item | Where to Find It |
|---|---|
| Service Account Email | In the downloaded JSON key file: client_email field |
| Private Key | In the downloaded JSON key file: private_key field |
| GA4 Property ID | GA4 Admin → Property Settings (numeric ID, NOT the G-XXXXXXXXXX Measurement ID) |
123456789). Do not confuse it with the Measurement ID (G-XXXXXXXXXX) — they are different identifiers.
Step 2: OpenClaw Agent Configuration
2.1 Environment Variables
Create a .env file (or add to your existing one) with the following variables:
# .env
GA4_CLIENT_EMAIL="ga4-mcp-reader@your-project.iam.gserviceaccount.com"
GA4_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nMIIEv...\n-----END PRIVATE KEY-----\n"
GA4_PROPERTY_ID="123456789"
\ncharacters for newlines. Ensure your.envparser handles this correctly. Most frameworks (dotenv, etc.) handle it automatically when the value is quoted.
2.2 OpenClaw Agent YAML Config
Add the GA4 MCP server to your agent definition in the OpenClaw configuration:
agents:
- id: marketing-director
name: "Marketing Director"
model: anthropic/claude-sonnet-4-5
mcp_servers:
- name: ga4
command: npx
args:
- "-y"
- "mcp-server-google-analytics"
env:
GOOGLE_CLIENT_EMAIL: "${GA4_CLIENT_EMAIL}"
GOOGLE_PRIVATE_KEY: "${GA4_PRIVATE_KEY}"
GA_PROPERTY_ID: "${GA4_PROPERTY_ID}"
2.3 Claude Desktop Config (Optional Testing)
For local testing via Claude Desktop before deploying to OpenClaw, add to claude_desktop_config.json:
{
"mcpServers": {
"ga4": {
"command": "npx",
"args": ["-y", "mcp-server-google-analytics"],
"env": {
"GOOGLE_CLIENT_EMAIL": "ga4-mcp-reader@your-project.iam.gserviceaccount.com",
"GOOGLE_PRIVATE_KEY": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----",
"GA_PROPERTY_ID": "123456789"
}
}
}
}
Step 3: Verify the Connection
3.1 Start the Agent
Launch your OpenClaw agent (or restart Claude Desktop). The MCP server will auto-install via npx on first run. Watch the console for successful initialization:
[MCP] ga4: Server started successfully
[MCP] ga4: Connected to Google Analytics Data API
3.2 Test Queries
Send the following test prompts to verify each capability:
| Test Prompt | Expected Response |
|---|---|
| “What was our website traffic this week vs last week?” | Session counts with week-over-week comparison |
| “Which channels drove the most conversions last month?” | Channel breakdown with conversion counts and rates |
| “Show me the top 10 landing pages by conversion rate” | Ranked list of landing page paths with conversion metrics |
| “What is the bounce rate trend for the last 90 days?” | Time-series bounce rate data with trend analysis |
| “Mobile vs desktop conversion rate comparison?” | Device category breakdown with conversion rates |
3.3 Troubleshooting
| Issue | Cause | Fix |
|---|---|---|
| “Permission denied” | Service Account not added to GA4 property | Re-check Step 1.4 — add SA email as Viewer in GA4 Admin |
| “API not enabled” | Google Analytics Data API not turned on | Enable the API in GCP Console (Step 1.2) |
| “Invalid property ID” | Using Measurement ID instead of Property ID | Use the numeric Property ID, not the G-XXXXXXXXXX value |
| “Private key error” | Newlines corrupted in .env |
Ensure the key value is wrapped in double quotes with literal \n |
| “npx timeout” | Network issue on first run | Run npx -y mcp-server-google-analytics manually first to cache the package |
Step 4: Integrate with Multi-Agent Setup
4.1 Recommended Agent Architecture
For a full marketing data stack, combine GA4 with other MCP sources in a single OpenClaw agent or distributed across specialized agents:
| MCP Server | Data Source | Setup Complexity | Recommended Method |
|---|---|---|---|
| mcp-server-google-analytics | GA4 (traffic, conversions, users) | Low (this guide) | Service Account |
| Google Ads MCP | Google Ads (spend, CPC, ROAS) | High (Developer Token required) | Adspirer Remote MCP |
| Meta Ads MCP | Facebook + Instagram Ads | Medium (OAuth token refresh) | Pipeboard Remote MCP |
| DBHub | ERP / MS SQL Database | Medium (DB credentials needed) | Self-hosted + read-only user |
4.2 Combined YAML Example
A fully-wired marketing agent with all data sources:
agents:
- id: marketing-director
name: "Marketing Director"
model: anthropic/claude-sonnet-4-5
mcp_servers:
# Google Analytics 4
- name: ga4
command: npx
args: ["-y", "mcp-server-google-analytics"]
env:
GOOGLE_CLIENT_EMAIL: "${GA4_CLIENT_EMAIL}"
GOOGLE_PRIVATE_KEY: "${GA4_PRIVATE_KEY}"
GA_PROPERTY_ID: "${GA4_PROPERTY_ID}"
# Meta Ads (via Pipeboard Remote MCP)
- name: meta-ads
transport: http
url: "https://mcp.pipeboard.co/meta-ads-mcp"
# ERP Database (via DBHub)
- name: erp-db
command: npx
args: ["-y", "dbhub"]
env:
DATABASE_URL: "${ERP_DATABASE_URL}"
4.3 SOUL.md Integration
Enhance your agent’s SOUL.md to leverage GA4 data proactively:
# Marketing Director — SOUL.md
## Identity
You are a Digital Marketing Performance Director with
real-time access to Google Analytics, ad platforms, and ERP data.
## Daily Checklist
When asked for a performance update:
1. Pull GA4 traffic and conversion data (last 7 days)
2. Compare vs. previous period
3. Identify top and bottom performing channels
4. Flag anomalies (>20% deviation from baseline)
5. Recommend actionable next steps
## Key Metrics to Track
- Sessions, Users, New Users (GA4)
- Conversion Rate by Channel (GA4)
- Revenue and Transactions (GA4 + ERP cross-reference)
- ROAS by Platform (Google Ads + Meta Ads)
Security Best Practices
| Practice | Implementation |
|---|---|
| Least Privilege | Grant Viewer role only. Never use Editor or Admin for automated access. |
| Key Rotation | Rotate Service Account keys every 90 days. Delete old keys after rotation. |
| Environment Variables | Store all credentials in .env files. Never hardcode keys in YAML or JSON configs. |
| Network Binding | Bind MCP gateway to 127.0.0.1. Do not expose to external network. |
| Audit Logging | Enable GCP audit logs for the Service Account to monitor API usage. |
| Separate Accounts | Use a dedicated Service Account per integration. Do not share SA across services. |
Quick Reference Card
| Item | Value / Command |
|---|---|
| MCP Server Package | mcp-server-google-analytics (via npx) |
| Required GCP APIs | Google Analytics Data API + Google Analytics Admin API |
| Auth Method | GCP Service Account (JSON key) |
| Required Env Vars | GOOGLE_CLIENT_EMAIL, GOOGLE_PRIVATE_KEY, GA_PROPERTY_ID |
| GA4 Permission Level | Viewer (read-only) |
| Test Command | npx -y mcp-server-google-analytics (run standalone to verify) |
Prepared by Tenten Digital Product Design Studio — tenten.co