Credentials for accessing Google's OAuth2 servers are required in order to authenticate and authorize Google Ads users. These credentials identify your app to Google, enabling you to generate OAuth tokens for managing Google Ads users. Access to Google OAuth2 credentials is managed from the Google API Console .
Watch this video for some Cloud project best practices
Google OAuth verification
Any Google Cloud app used to obtain credentials for the Google Ads API scope will need to undergo a Google OAuth verification to avoid an unverified UI screen for its users. An app, in this context, is defined as a unique OAuth 2.0 Client ID in Google Cloud.
This verification is independent and in addition to any reviews conducted as part of the developer token approval process , and is required since the Google Ads API scope is a sensitive scope .
There is no cost for the Google verification, which typically completes in 3 to 5 business days. This policy applies to all apps.
We recommend that all apps undergo the Google OAuth verification process as soon as possible to avoid any business interruptions.
Create a project
Go to the Google API Console . Click Create project , enter a name, and click Create .
Enable the Google Ads API in your project
To enable the Google Ads API for your project, follow these steps:
-
Open the API Library in the Google API Console. If prompted, select your project or create a new one. The API Library lists all available APIs, grouped by product family and popularity.
-
Use search to find the Google Ads API if it isn't visible in the list.
-
Select the Google Ads API, then click the Enablebutton.
Choose a user type and publishing status
After enabling the API, you must then specify your project's User typeand Publishing status. The following table highlights some key attributes and limitations of each combination of these settings. For more details, refer to the Google Cloud Platform documentation .
- Only available for projects associated with a Google Cloud Organization.
- Limited to up to 100 test users listed in the OAuth consent screen.
- Test users must be internal users in the Google Cloud Organization associated with the project.
- Authorizations expire seven days from the time of consent.
- Available for all projects.
- Limited to up to 100 test users listed in the OAuth consent screen.
- Test users can be any user with a Google Account.
- Authorizations expire seven days from the time of consent.
- Only available for projects associated with a Google Cloud Organization.
- Allows authorizing any user within the Google Cloud Organization associated with the project.
- Available for all projects.
- Allows authorizing any user with a Google Account.
Not completing the Google OAuth verification results in the following, regardless of the User typeor Publishing statusof your project:
-
During the authorization process, users are presented with an unverified UI screen .
-
You are limited to authorizing only 100 users.
Configure the OAuth consent screen
-
Open the Consent Screen page , and select your project in the dropdown menu at the top of the page.
-
Select the User Typeand click CREATE.
-
Fill out the consent screen form. You can edit this later if needed. Click SAVE AND CONTINUEwhen done.
-
On the next page, click ADD OR REMOVE SCOPES.
-
Scroll down and enter the following in the field under Manually add scopes:
https://www.googleapis.com/auth/adwords -
Click ADD TO TABLE.
-
Add any other scopes your project will request, then click UPDATE.
-
Click SAVE AND CONTINUE.
-
-
If you don't plan to publish your project immediately, add the email address of each user account you'll use for testing, then click SAVE AND CONTINUE.
-
Review the summary page and click BACK TO DASHBOARD.
Once you've tested your application and the authorization process, you can return to the dashboard and click PUBLISH APPto change its Publishing statusfrom Testingto In production.
Select an app type
There are two app type options for the Google Ads API: Desktop or Web. Refer to the following table to determine which type is most appropriate for the app you want to build:
- You're managing all of your Google Ads accounts using a single top level manager account.
- You're a first-time user, or want to get started quickly with the simplest setup.
- Your app will only authenticate Google users from one machine.
- You want to authenticate as a user who can grant permission to your app to access their Google Ads account data.
- You want to easily generate multiple authorization credentials, to manage third-party accounts for example.
- Your app requires callback URLs. Callback URLs are not supported in the desktop app flow.
For more details, refer to the Google Identity Platform OAuth documentation for desktop apps or web apps .
Create a client ID and client secret
Once you've determined your app type, follow the instructions below to generate the OAuth2 client ID and client secret:
-
Open the Credentials page . Select a previously created project or create a new one.
-
On the Credentials screen, click CREATE CREDENTIALS, then select OAuth client ID.
-
If you hadn't configured an OAuth consent screen for this project previously, you'll be directed to do so now. Click CONFIGURE CONSENT SCREEN.
-
Select the user type and click CREATE.
-
Fill out the initial form. You can edit this later if needed. Click Savewhen done.
-
-
Navigate back to Credentials > CREATE CREDENTIALS > OAuth client IDto continue.
-
-
Select either Desktop appor Web applicationas the app type, depending on your use case.
-
Give it a name, then click Create.
-
If your client type is Web application, add at least one authorized redirect URI.
For local testing that's compatible with the default configuration in our client library examples, use
http://127.0.0.1.For Desktop appclients, you will still use a loopback IP redirect , but the URI is not explicitly configured in the Cloud console.
-
On the confirmation page, copy Your Client IDand Your Client Secretto your clipboard, as you will need them when you configure your client library. You can also return to the credentials page later to retrieve these details.
