The Google Ads API code examples use a single OAuth2 refresh token, hard coded into a settings file.
This is usually all you need to do if you’re building an internal-use-only tool for your agency. Your manager account’s OAuth2 refresh token gives access to linked client accounts with administrative access. If you can make changes via your manager account you can make changes via the API.
This doesn’t work if you’re building a tool for other agencies or advertisers to use. It would be clunky to link every user to your manager account.
Instead you follow the OAuth2 web application (web server) flow to allow users to let your app access their accounts.
Here’s how it works
When your app makes a request to the AdWords API you use the user's saved OAuth2 refresh token, not your manager account refresh token.
*You’ll need to think about security when storing the refresh tokens.
Need help with the Google Ads API? Email me (firstname.lastname@example.org) for a no-cost, no-obligation chat. I’m always happy to talk Google Ads and code.