𝗥𝗼𝗹𝗹𝗶𝗻𝗴 𝗮 𝗚𝗼𝗼𝗴𝗹𝗲 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗔𝗰𝗰𝗼𝘂𝗻𝘁 𝗝𝗪𝗧 𝗶𝗻 𝗡𝗼𝗱𝗲.𝗷𝘀
Most developers use the googleapis npm package to call Google APIs. It works well. But it also adds 380KB and over 450 dependencies to your project.
If you only need one API for a simple CI script, this is overkill.
I built a script to check URL index status using only three Node.js built-ins: crypto, fetch, and URL. It uses zero external packages.
The authentication follows RFC 7523. Here is how you do it:
- Create a JWT using your service account email and private key.
- POST that JWT to the Google token endpoint.
- Receive a short-lived access token.
- Use that token as a Bearer header for your API requests.
The JWT needs these claims:
- iss: your client email.
- scope: webmasters.readonly.
- aud: the Google token URL.
- iat: current time.
- exp: current time plus 3600 seconds.
Note: Use the webmasters scope. The newer searchconsole scope does not work for the URL Inspection API.
The hard part is Base64url encoding. You must strip padding and replace characters to make it compatible. You can use the node:crypto module to sign the JWT with your RSA private key. The key from your Google Cloud JSON file works directly.
When you exchange the token, log the raw error response. Google provides specific messages like "Service account not found." This helps you fix errors fast.
This approach works best when:
- You use a single API in a CI pipeline.
- You want to keep your repo light.
- You want to understand the auth flow.
Do not use this if:
- You call many different Google APIs.
- You need automatic token refreshing.
- You are building a large production server.
Small, readable code is better than hundreds of hidden dependencies for narrow tasks.