API errors
Fix: Indexing API "Permission denied. Failed to verify the URL ownership."
"error": { "code": 403, "message": "Permission denied. Failed to verify the URL ownership." }
This message is the ownership-verification failure behind most 403s. The service account signing your requests must be a verified Owner of a Search Console property that covers the exact URL — same scheme, same host, right property type. Fix the ownership link and the message clears.
"Permission denied. Failed to verify the URL ownership" is the Indexing API telling you, in its own roundabout way: I don't believe the account making this request is allowed to speak for this URL. It's an authorization problem, not a content problem. The URL can be perfect; the API never even looked at it.
Why ownership verification fails
- The service account isn't listed in the property's Users and permissions at all.
- It's listed, but not as Owner — Owner is mandatory for the Indexing API.
- The URL's host or scheme doesn't match the property the account owns (https vs http, www vs non-www, apex vs subdomain).
- You have both a Domain property and a URL-prefix property and added the account to the one that doesn't cover this URL.
Resolve it
- Grab the service account email from your key file's "client_email" field.
- Identify which Search Console property actually contains the failing URL. Paste the URL into URL Inspection in each candidate property — the one that returns data owns it.
- In that property: Settings → Users and permissions → Add user → paste the service account email → permission: Owner.
- Retry the request after a minute or two.
If you keep fighting scheme/www mismatches, verify a single Domain property over DNS and add the service account there. One Owner grant then covers http, https, www, non-www, and every subdomain.
Edge cases worth checking
- Brand-new service account: ownership grants can take a few minutes to take effect — don't conclude it failed after one retry.
- Removed and re-added: if you deleted then re-added the account, re-confirm the level landed on Owner, not the default.
- Wrong project: the key you're signing with must belong to the project where the Indexing API is enabled and whose service account you granted ownership to.
IndexerNow runs on your own Google account, your own Cloud project, and your own quota — we never pool submissions through a shared account. Connect your GSC and push the URL through Google's Indexing API in two clicks.
Connect your own GSC and index nowFrequently asked
Is 'Permission denied' the same as a 403?
Effectively yes — it's the human-readable message inside the 403 response. Both point to the same root cause: the service account isn't a verified Owner of the matching property.
How do I know which property a URL belongs to?
Inspect the URL in each Search Console property you have. The property whose URL Inspection returns coverage data for that URL is the one that owns it — add the service account as Owner there.
Do I need to re-verify the property after adding the service account?
No. The property is already verified by you; you're just granting the service account Owner-level access to it. No new site verification is required.
Related fixes
Fix: Google Indexing API 403 Forbidden
A 403 from Google's Indexing API almost always means the service account isn't an Owner of the right Search Console property. Here's how to diagnose and fix it in minutes.
How to add a service account as Owner in Search Console
Step-by-step: create a service account, find its email, and add it as an Owner of your Search Console property so the Google Indexing API will accept your requests.