Tried both an OAuth 2 Client ID of type Desktop and Web application (using Postman).
*Step 1: authorize user* GET https://accounts.google.com/o/oauth2/v2/auth?client_id=*CLIENT_ID* &redirect_uri=*http://127.0.0.1:4200*&response_type=*code*&scope= *https://www.googleapis.com/auth/adwords*&access_type=*offline* &include_granted_scopes=*true* Log in with a Google Ads account that can access everything. Copy the code from the URL (later written as CODE_STEP_1). Checked URL encoding; no url decoding/encoding needed. *Step 2: exchange code for access+refresh token* POST with Content-Type: x-www-form-urlencoded https://oauth2.googleapis.com/token or https://www.googleapis.com/oauth2/v3/token Request body (without line breaks): client_id=CLIENT_ID& client_secret=CLIENT_SECRET& code=CODE_STEP_1& grant_type=authorization_code& redirect_uri=http://127.0.0.1:4200 Response: { "access_token": "ACCESS_TOKEN", "expires_in": 3599, "refresh_token": "REFRESH_TOKEN", "scope": "https://www.googleapis.com/auth/adwords";, "token_type": "Bearer" } *(Optional) Step 3: exchange refresh for access token* POST with Content-Type: x-www-form-urlencoded https://oauth2.googleapis.com/token or https://www.googleapis.com/oauth2/v3/token Request body (without line breaks): client_id=CLIENT_ID& client_secret=CLIENT_SECRET& refresh_token=REFRESH_TOKEN& grant_type=refresh_token& redirect_uri=http://127.0.0.1:4200 Response: { "access_token": "ACCESS_TOKEN", "expires_in": 3599, "scope": "https://www.googleapis.com/auth/adwords";, "token_type": "Bearer" } *Step 4: Call the Google Ads REST API* At this point I should be able to call REST endpoints that only require the adwords scope, such as customers:listAccessibleCustomers GET https://googleads.googleapis.com/v12/customers:listAccessibleCustomers Headers: Authorization: Bearer ACCESS_TOKEN developer-token: DEVELOPER_TOKEN login-customer-id: CUSTOMER_ID_OF_ADS_ACCOUNT Response: { "error": { "code": 401, "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.";, "status": "UNAUTHENTICATED", "details": [ { "@type": "type.googleapis.com/google.ads.googleads.v12.errors.GoogleAdsFailure", "errors": [ { "errorCode": { "authenticationError": "AUTHENTICATION_ERROR" }, "message": "Authentication of the request failed." } ], "requestId": "TCIrvRZQyB4gOfXCqAB0LQ" } ] } } ---- When using the same data (client id, client secret, developer token, refresh token, login-customer-id) using a client library everything works fine. What's step am I missing to access the Google Ads REST interface? -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog: https://googleadsdeveloper.blogspot.com/ =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API and Google Ads API Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "Google Ads API and AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/7028073f-27a0-48c9-aeb1-7f8940789ed4n%40googlegroups.com.
