Hi Bikram, One approach you could take would be to use the refresh token to generate an access token, and then use that access token in a CustomerService.get <https://developers.google.com/adwords/api/docs/reference/v201502/CustomerService#get> request *without* specifying the clientCustomerId <https://developers.google.com/adwords/api/docs/guides/soap#clientCustomerId> SOAP header. This will result in one of two possible outcomes:
1. If the user associated with the token has an AdWords account, then you'll get back a Customer <https://developers.google.com/adwords/api/docs/reference/v201502/CustomerService.Customer> object for that account. You can get the account's customer ID from the Customer.customerId field <https://developers.google.com/adwords/api/docs/reference/v201502/CustomerService.Customer#customerId> and compare that to the *clientCustomerId* you are trying to access in your other API requests. If the two do not match, then that would explain the *USER_PERMISSION_DENIED* error. 2. If the user associated with the token does not have an AdWords account, then you'll probably get back an AuthorizationError <https://developers.google.com/adwords/api/docs/reference/v201502/CustomerService.AuthorizationError> with reason *NO_ADWORDS_ACCOUNT_FOR_CUSTOMER*. I haven't actually tried this myself, but that's what I suspect will happen. Another tip: you can inspect the scope and expiry time of an *access token* by appending it to the end of the following URL: https://www.googleapis.com/oauth2/v1/tokeninfo?access_token= This will return output similar to the following sample for a valid AdWords *access token*: { "issued_to": "1....................apps.googleusercontent.com", "audience": "1.....................apps.googleusercontent.com", "scope": "https://www.googleapis.com/auth/adwords";, "expires_in": 3185, "access_type": "offline" } Please give these options a try and let me know if you have additional questions. Thanks, Josh, AdWords API Team On Tuesday, April 21, 2015 at 1:54:54 PM UTC-4, Bikram Bhuyan wrote: > > Hi AdWords Team, > > We are a SAAS provider and we have implemented ad-words integration for > some of our clients. The integration have been working perfectly fine for > many of the clients, but for one client we are getting the error > "AuthorizationError.USER_PERMISSION_DENIED". From this it looks like the > client did not use the right process to do the OAuth process, but when > talking to client, they say they have used the right account. But from the > data we captured after the OAuth process, we can not tell which account is > used to do the setup as we have only the refresh token for the client. > > Could you please suggest what we can do to trouble shoot the problem? If > you want the details for this transaction, please let me know. > > We need some help from the AdWords support urgently. > > Thanks, > Bikram. > -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and Google+: https://googleadsdeveloper.blogspot.com/ https://plus.google.com/+GoogleAdsDevelopers/posts =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at http://groups.google.com/group/adwords-api. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/111f903b-5f3b-48c5-978d-bb2580d110cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
