Creating Google Analytics reports for a client.
I’m going to be creating Website reports for a client using Google Analytics.
Does anyone know how to go about this without having to ask for my client’s account credentials, or do I simply ask them for these credentials?
I’m a Web Designer btw and I want to provide monthly Website analytics reports for my clients.
Details
Reporting
The short answer is:
You should absolutely not ask for your client’s Google Analytics 4 (GA4) account credentials.
The secure and professional solution is to leverage the Google Analytics Data API by having your client grant access to a Service Account you create within the Google Cloud Platform (GCP).
This Service Account acts as a non-human user, authenticating your programmatic requests without ever needing your client’s login details.
You will create a Google Cloud Project, enable the Google Analytics Data API, and then generate a Service Account key (a JSON file).
Your client simply adds the Service Account’s email address as a “Viewer” user to their GA4 property’s access management.
You can then use the Google Analytics Data API to pull dimensions and metrics programmatically, which is a highly scalable, automated, and cost-effective method for generating monthly reports, especially when integrated with powerful visualization tools like Looker Studio or BigQuery
The long answer is:
The ethical and technical best practice for a web designer or agency providing ongoing Google Analytics reporting is to avoid the security risk of credential sharing by using a dedicated Service Account and the Google Analytics Data API, which provides a robust and scalable method for data retrieval from GA4 properties.
The process begins in Google Cloud Platform (GCP), where you establish a project that will house the necessary credentials and APIs.
You must enable the Google Analytics Data API for this project, as this is the specific API designed for programmatically fetching report data, including custom dimensions, metrics, and report configurations, which is superior to manual data exports.
Next, you create a Service Account, which is a special type of Google account used by applications and services.
Once created, the Service Account will have a unique email address.
This is the only piece of information your client needs to interact with; they navigate to the Admin section of their GA4 property, go to Access Management, and add the Service Account email as a new user with a minimum of a “Viewer” role.
This action grants your Service Account read-only permission to the GA4 data, strictly controlling access without exposing any of the client’s personal or account login information, which is a key security and compliance win.
The downloaded JSON key file for your Service Account is then used by your custom reporting scripts or data connector (running on your own server or a low-cost GCP service) to authenticate API requests.
This not only solves the immediate problem of credential sharing but also turns manual report creation into a scalable, automated process, which is highly cost-effective for a monthly service offering.
For clients with extremely high data volumes, you could further integrate the GA4 data with BigQuery using the standard GA4-to-BigQuery export, then query that data using the BigQuery API to maintain performance and centralize analysis.
Finally, connecting this API-pulled data directly into a dynamic dashboard tool like Looker Studio via the Looker Studio API for even more advanced use cases allows you to provide a live, shareable, white-labeled report link, enhancing client value and experience beyond static PDF exports.
About The Author
