AdWords API: Authorization for multiple users.

The Google Ads API code examples use a single OAuth2 refresh token, hard coded into a settings file.

This is usually all you need to do if you’re building an internal-use-only tool for your agency. Your manager account’s OAuth2 refresh token gives access to linked client accounts with administrative access. If you can make changes via your manager account you can make changes via the API.

This doesn’t work if you’re building a tool for other agencies or advertisers to use. It would be clunky to link every user to your manager account.

Instead you follow the OAuth2 web application (web server) flow to allow users to let your app access their accounts.

Here’s how it works

1. A user registers on your app. Ask for their Google Ads account id as part of the registration flow and store it in your uses table with their email address etc.
2. Your app redirects the user to Google to ask for permission.
3. Google will show the user a screen that asks them if they want to give your app permission to access their Google Ads account.
4. If the user allows your app permission, Google redirects the user back to your app.
5. The redirect includes an OAuth2 refresh token for the user. Your app should save the refresh token somewhere secure because you'll need this every time you access the API for this user.

When your app makes a request to the AdWords API you use the user's saved OAuth2 refresh token, not your manager account refresh token.

Want to increase your conversion rate?

I’ve seen conversion rates double, triple and even 10X after a few quick and easy changes to the enquiry form. Subscribe now, and I'll send you a free copy of my in-depth ebook High-Converting Enquiry Forms.

You're already paying for clicks. Now turn them into conversions. Privacy policy. Unsubscribe at any time.