Skip to main content
Back to Articles

How to Connect a Google Service Account to Google Play Console

April 13, 2026
6 min read
By Untouch Team

This guide helps you do one thing clearly: connect a Google service account to Google Play Console, then connect the same credentials inside Untouch so you can automate Android release work.

You do not need DevOps knowledge for this tutorial.

You will learn:

  • What a Google service account is in plain language.
  • Which permissions to give in Play Console.
  • Exact Untouch steps for app-level and org-level setup.
  • Common errors and how to fix each one quickly.

Quick Basics (Simple Explanation)

A Google service account is a special non-human Google identity that your tool (Untouch) uses to call Google Play APIs safely.

Without it, Untouch cannot do actions like:

  • Read Play Store release tracks.
  • Upload to testing/production tracks.
  • Manage Play signing related flows.
  • Sync features like reviews/orders (if you enable those permissions).

Before You Start

Prepare these first:

  • A Google Play Console developer account.
  • At least one app created in Play Console.
  • Owner/Admin access in Play Console Users and permissions.
  • Access to your Untouch organization and app.
  • Your app package name (example: com.company.appname).

Important:

  • Package name must be correct and final. In Android, package names are permanent once published.
  • In Untouch App Settings UI, JSON upload expects a .json file and size under 10KB.

Full Step-by-Step Setup

Step 1: Create or choose a Google Cloud project

  • Open Google Cloud Console.
  • Create a new project, or select an existing one.
  • Keep this project dedicated to your Play API integration if possible.

Tip for beginners:

  • Use a clear project name like play-console-api-prod.

Step 2: Enable Google Play Developer API

  • In Google Cloud Console, open APIs and Services.
  • Search for "Google Play Developer API".
  • Click Enable.

Why this matters:

  • Even if your service account exists, API calls fail if this API is not enabled.

Step 3: Create a service account in Google Cloud

  • Go to IAM and Admin > Service Accounts.
  • Click Create service account.
  • Give it a clear name like untouch-play-api.
  • Finish creation.
  • Create a JSON key and download it.

Keep this file safe:

  • Never commit this JSON to Git.
  • Store securely (password manager/secret vault).

Step 4: Invite the service account in Play Console

This is the step many beginners miss.

  • Open Play Console.
  • Go to Users and permissions.
  • Click 3 dont in right side and choise Invite new users.
  • Paste the service account email (looks like name@project.iam.gserviceaccount.com).
  • Assign permissions.
  • Send invite.

If you skip Play Console invite, API calls will fail even with a valid JSON key.

Step 5: Give the right Play Console permissions

Start with minimum permissions for your use case.

For release automation basics:

  • View app information (read-only)
  • Release apps to testing tracks
  • Release to production, exclude devices, and use Play App Signing
  • Manage testing tracks and edit tester lists

If you also want reviews sync/reply:

  • Reply to reviews

If you also want billing/order workflows:

  • View financial data, orders, and cancellation survey responses
  • Manage orders and subscriptions

Best practice:

  • Begin with minimum set, then add more only if a feature needs it.

Step 6: Save package name in Untouch app settings

In Untouch:

  • Go to App > Settings.
  • Set package name exactly as Play Console app package.

Accepted format example:

  • com.example.myapp

Common package issues:

  • Wrong case (uppercase letters).
  • Missing dot segments.
  • Typo vs Play Console package.

Step 7: Upload service account JSON in Untouch

You can connect at two levels:

  • App-level service account (specific app).
  • Org-level service account (shared fallback for multiple apps).

In app-level flow:

  • Go to App > Settings > Service Account section.
  • Upload JSON file.
  • Optionally keep "Client-side encryption" enabled.
  • Click Upload Service Account.

Untouch file checks in UI:

  • File extension must be .json.
  • File size must be under 10KB.
  • JSON must include type=service_account, client_email, private_key.

Step 8: Verify in Untouch Play Store dashboard

Open App > Play Store.

You should no longer see:

  • "Connect Google Service Account" warning banner.

You should be able to access Play Console actions like:

  • Release tracks view.
  • Upload center.
  • Promote release.
  • Play signing status.

Untouch Path Map (Easy Navigation)

Use this quick map if you are new:

  • Set package name: App > Settings
  • Upload app-level JSON: App > Settings > Service Account
  • Upload org-level JSON: Organization > Settings > Google Service Account
  • Play Store overview: App > Play Store
  • Play Store settings: App > Play Store > Settings
  • Signing details: App > Play Store > Signing

App-Level vs Org-Level Service Account

Use app-level when:

  • One app needs separate access/security isolation.
  • Different apps use different Play accounts.

Use org-level when:

  • Same credentials should serve many apps.
  • You want central management.

Practical recommendation:

  • Small teams: org-level first.
  • Regulated or multi-client setup: app-level.

Verification Checklist

Run this after setup:

  • Google Play Developer API is enabled in Google Cloud.
  • Service account JSON key is downloaded safely.
  • Service account email invited in Play Console Users and permissions.
  • Required permissions assigned in Play Console.
  • Untouch package name matches Play package exactly.
  • Untouch service account upload succeeds.
  • Play Store dashboard in Untouch shows connected state.

Common Errors and Fast Fixes

Error: "Google Service Account not configured"

Fix:

  • Upload JSON in Untouch App Settings or Org Settings.
  • Confirm you are editing the correct app.

Error: "Invalid service account JSON"

Fix:

  • Make sure file has type, project_id, client_email, private_key.
  • Re-download key JSON from Google Cloud if needed.

Error: Upload blocked by file size

Fix:

  • Untouch app UI expects under 10KB.
  • Use a clean service account key file, not a wrapped export.

Error: 403 from Play API

Fix:

  • Service account was not invited in Play Console, or missing permissions.
  • Recheck Users and permissions assignment.

Error: App not found / package mismatch

Fix:

  • Set exact package name in Untouch App Settings.
  • Check Play package under App details.

Error: Works in Cloud but fails in Untouch

Fix:

  • Confirm same service account JSON was uploaded.
  • Confirm app is in the same Play developer account where service account was invited.

Security Best Practices (Do Not Skip)

  • Keep service account JSON private at all times.
  • Do not store keys in repo.
  • Rotate keys regularly.
  • Remove old/inactive service account keys.
  • Use least privilege in Play Console permissions.
  • Enable 2-step verification on Play Console admin accounts.

Beginner FAQ

Do I need to link Play Console to Google Cloud project manually?

No special legacy linking step is required now for API access. You mainly need:

  • A Cloud project
  • API enabled
  • Service account
  • Play Console invite and permissions

Can I use one service account for all apps?

Yes, via org-level flow. But app-level credentials are better when you need stricter separation.

Can I upload service account at app level on free plan?

If your plan blocks app-level GSA, use organization-level service account setup.

Do I need all Play permissions from day one?

No. Start minimal, then add only what your enabled features require.

Is client-side encryption in Untouch required?

Not strictly required, but recommended for stronger security posture.

What if I uploaded wrong JSON file?

Delete and re-upload the correct service account JSON in Untouch settings.

What if I change package name later?

For published apps, package name is effectively fixed. Treat package name as permanent.