Hi Drew, Pretty much what Zweitze mentioned. Another thought that comes to mind is to reset the developer token on a regular basis and then have your desktop application download a binary module (e.g. dll) from a licensed server. You'd probably want to shield against an HTTPs proxy like Fiddler too. Some discussion on this topic is here <http://stackoverflow.com/questions/20914305/best-practices-for-using-servercertificatevalidationcallback> .
I would also recommend reaching out to the compliance team using this form: https://services.google.com/fb/forms/apicontact/. In addition to checking whether your technical approach is compliant with AdWords API T&Cs, you can also flag users who might be misusing your application to capture the devtokens. Cheers, Anash P. Oommen, AdWords API Advisor. On Wednesday, December 28, 2016 at 4:56:57 PM UTC-5, Drew Loika wrote: > > Thanks for the help Vishal. My question is regarding how Google expects my > desktop product used by my customers to issue API requests while > maintaining the secrecy of my developer token. Obviously this isn't > possible as described, so does Google expect me to embed the token in the > application and not maintain the secrecy of my developer token? Or are > desktop applications just not supported for the AdWords API? Or...? > > > On Wednesday, December 28, 2016 at 1:44:17 PM UTC-8, Vishal Vinayak > (Adwords API Team) wrote: >> >> Hi Drew, >> >> To access an AdWords account's data via the API, you need two things: a >> developer >> token >> <https://developers.google.com/adwords/api/docs/guides/first-api-call#request_a_developer_token> >> (associated >> with a manager account) and valid OAuth credentials >> <https://developers.google.com/adwords/api/docs/guides/first-api-call#set_up_oauth2_authentication> >> (associated >> with the target AdWords account or the manager account of the target >> AdWords account). >> >> Access levels related to a developer token define the limits on your >> account (such as test vs production accounts and the number of operations >> that you can perform with your token). You are required to set your >> developer token in the SOAP header of your request, when trying to make an >> API call. OAuth credentials, however, can be used to control data access to >> a user on a particular account. The access token generated using the OAuth >> credentials should be set in the HTTP header of your request, when making >> an API call. This implementation is a part of all of our client libraries >> <https://developers.google.com/adwords/api/docs/clientlibraries>, which >> can be used to make API calls without having to go through the hassle of >> constructing the SOAP request manually (client libraries can be used to >> develop both Web and Desktop based applications). >> >> Hope this helps. If you have additional questions, please feel free to >> revert. >> >> Regards, >> Vishal, AdWords API Team >> > -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and Google+: https://googleadsdeveloper.blogspot.com/ https://plus.google.com/+GoogleAdsDevelopers/posts =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/group/adwords-api. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/b0064661-3bd1-4e0b-ba27-1ebe4704c4f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
