Thanks so much for replying Moshik! Sorry I wanted to ask what level of access is your developer token ?
I think the error for us might be happening because ours is currently set to test? https://groups.google.com/g/adwords-api/c/xTTwz4XzXAE/m/Mxn9V8EwAAAJ This is the link i think to the documentation. https://developers.google.com/google-ads/api/docs/access-levels#access_levels here are some snipits. Test account access Once you complete the initial signup for the Google Ads API, you will be issued a developer token with the test account access level. This means that the developer token can only make Google Ads API requests against test accounts. Basic access Basic access allows the developer token to make Google Ads API requests against both test accounts and production accounts. Production accounts are any accounts that serve real, live Google ads (test accounts do not serve ads). Basic access level allows the developer token to execute up to 15,000 requests per day and 1,000 get operations per day. This is sufficient for most developers. Would you mind confirming? many thanks! Boshy On Tuesday, July 6, 2021 at 4:33:16 PM UTC+10 [email protected] wrote: > Hi Bosh, > > Just to add to that (I am experiencing the exact same thing - script is > similar), the issue is resolved on my side when I add the user (whose > refresh token we are using) directly to the account (login-customer-id is > left unchancged), but that is not a solution. We can use the refresh token > to successfully fetch the list of manager accounts (does not require the > login-customer-id) but then the failure takes place on the ad account level > (where we do add the login-customer-id). My next step is to try to map the > hierarchy of the user access using something similar to this sample > <https://developers.google.com/google-ads/api/docs/account-management/get-account-hierarchy>, > > which may provide some more insight. > > Thanks, > > Moshik > > > > On Monday, July 5, 2021 at 4:26:02 PM UTC+3 [email protected] wrote: > >> Hi Ernie And Moshik >> >> Sorry to bother you both. >> >> I am having the same issue as Moshik. >> I have looked over the documentation and am still confused sorry. >> >> If I am using the python sdk and using the load_from_dict() method. >> By adding the login-customer-id and client _id to the dict credentials >> will this work? >> >> here is a sample of my script below >> from google.ads.googleads.client import GoogleAdsClient >> from google.ads.googleads.errors import GoogleAdsException >> >> >> >> credentials = { >> "developer_token": MCC DEVELOPER TOKEN, >> "refresh_token": "xxxxxxx, >> "client_secret": xxxxxx, >> "login-customer-id" :MCC_ID, >> "customer_id" : ACCOUNT_ID, >> "access_token" : XXXXX' >> } >> client = GoogleAdsClient.load_from_dict(credentials) >> >> The account sits under an mcc that sits under another mcc. >> which combination of developer token, mcc id for the login-customer-id >> should I use? >> >> This all renders fine >> >> but when I then go on to execute rendering the report with the below code >> >> customer_id= ACCOUNT_ID >> ga_service = client.get_service("GoogleAdsService") >> >> query = """ >> SELECT >> campaign.id, >> campaign.name >> FROM campaign >> ORDER BY campaign.id""" >> >> # Issues a search request using streaming. >> response = ga_service.search_stream(customer_id=customer_id, query=query ) >> >> it always gives this error: >> message: "User doesn\'t have permission to access customer. Note: If >> you\'re accessing a client customer, the manager\'s customer id must be set >> in the \'login-customer-id\' header. See >> https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid"; >> >> } >> >> Apologies can u please elaborate some more. >> >> For reference the oauth2 is working correctly and i have successfully >> gotten the refresh token. The app type is desktop. >> >> >> Many thanks >> >> Bosh >> >> >> On Monday, July 5, 2021 at 7:59:27 PM UTC+10 adsapi wrote: >> >>> Hi Moshik, >>> >>> Thank you for raising your concern. >>> >>> You may refer to this document >>> <https://developers.google.com/google-ads/api/docs/concepts/call-structure> >>> as >>> it discussed the structure of all API calls, especially this section >>> <https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid> >>> >>> as it explained what you need to set in the *login-customer-id* and where >>> the user account / email address used to generate the Oauth2 credential >>> should have access. >>> >>> Regards, >>> [image: Google Logo] >>> Ernie John Blanca Tacata >>> Google Ads API Team >>> >>> >>> ref:_00D1U1174p._5004Q2JYa3Y:ref >>> >> -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog: https://googleadsdeveloper.blogspot.com/ =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API and Google Ads API Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API and Google Ads API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/ba5d1a96-658f-407d-8aba-81f8e11a0c4bn%40googlegroups.com.
