Clever Geek Handbook

Setting up oAuth using the Google AdWords API

I am trying to get a Ruby on Rails project that uses the Google AdWords API.

What I have done so far by following the steps in this guide :

  • I have created an AdWords Manager account.
  • I created a test account that is part of the AdWords Manager account.
  • I have installed the Ruby client library into a Rails project.
  • Then I tried to set up OAuth2 authentication using the sample code from the guide.

However, since the manual was written (and the video version of the manual was made) it seems that the interface has changed. I can create a client ID client_secrets.json

or a .json service account file. I can export them and read the settings.

  • I added the required settings using a OAUTH2_SERVICE_ACCOUNT

    .json file .

Now when you try to connect, I am returning an AdwordsAPIException AuthenticationError.NOT_ADS_USER

.

So I know valid authentication works. However, authorization fails.

How do I enable AdWords API support for oAuth credentials from my google accounts? The Google Credentials Console lists many APIs you can enable, but the AdWords API is not there. AdWords management doesn't mention enabling APIs at all and only talks about creating a new Credential.

What's going on here?

+3


source to share


1 answer


The Adwords API does not need to be added to your project in the Google Cloud console (it is always enabled) - as stated in the error message, the actual problem is that your service account does not have access to any AdWords accounts.

Basically, the only way to use service accounts to authenticate against the AdWords API is when you also use a G Suite domain (see related documentation, Prerequisites section .

If you have a G Suite domain, you need



  • Enable "G Suite Domain Delegation" in your service account key

  • Add Google Cloud Project ID to your G Suite Domain Certified Client List

  • Use your service account to impersonate any user from the G-Pack domain who has access to AdWords.

As you can see, this is a rather complicated process. My recommendation (which is shared by the above article) is to use the OAuth2 established application flow for any user with Adwords access. This requires storing the resulting refresh token at your end, but is more flexible (and arguably more secure) than a delegation-enabled service account and easier to configure.

+2


source






More articles:


All Articles