Pete Bowen's site

AdWords API: Authorization for multiple users.

The Google Ads API code examples use a single OAuth2 refresh token, hard coded into a settings file.

This is usually all you need to do if you’re building an internal-use-only tool for your agency. Your manager account’s OAuth2 refresh token gives access to linked client accounts with administrative access. If you can make changes via your manager account you can make changes via the API.

This doesn’t work if you’re building a tool for other agencies or advertisers to use. It would be clunky to link every user to your manager account.

Instead you follow the OAuth2 web application (web server) flow to allow users to let your app access their accounts.

Here’s how it works

  1. A user registers on your app. Ask for their Google Ads account id as part of the registration flow and store it in your uses table with their email address etc.
  2. Your app redirects the user to Google to ask for permission.
  3. Google will show the user a screen that asks them if they want to give your app permission to access their Google Ads account.
  4. If the user allows your app permission, Google redirects the user back to your app.
  5. The redirect includes an OAuth2 refresh token for the user. Your app should save the refresh token somewhere secure because you'll need this every time you access the API for this user.

When your app makes a request to the AdWords API you use the user's saved OAuth2 refresh token, not your manager account refresh token.

Need help with the Google Ads API? Email me (me@pete-bowen.com) for a no-cost, no-obligation chat. I’m always happy to talk Google Ads and code.

Need some help with this?

I offer 1-to-1 mentoring and consulting. You’ll get help, advice, support and answers without having to commit to a long-term contract. Details here.

Want to increase your conversion rate?
I’ve seen conversion rates double, triple and even 10X after a few quick and easy changes to the enquiry form. Subscribe now, and I'll send you a free copy of my in-depth ebook High-Converting Enquiry Forms.
You're already paying for clicks. Now turn them into conversions. Privacy policy. Unsubscribe at any time.

Related articles

Google Ads API:- does every client account have to authorise your access? A reader asked me about authorising Google Ads API access to their client accounts.

Choosing a domain name for your Google Ads tool. I bumped into an unexpected problem when I chose the Ad-Minister.app domain.

Death by alerts. Will your custom AdWords tool monitor AdWords performance? It's surprisingly difficult to work out when your monitoring system should warn your users. Read on for guidelines on alerts and notifications.

How to use the Google Ads API to do keyword research. You’re thinking of building a custom keyword research tool using the AdWords API. Read on to see where to start and what to watch out for.

Where can I find a programmer to help implement the Google Ads API? Good news is that you don’t a programmer who is an expert at the AdWords API because the programming constructs that the API uses are well known. For instance, the API uses OAuth for authentication which is very common.

Building custom tools with the Google Ads API. You run an digital marketing agency. You’re thinking about building a custom Google Ads tool using the API. Here are some of the things that trip people up.