AdWords API: Authorization for multiple users.
The Google AdWords API code examples use a single OAuth2 refresh token, hard coded into a settings file.
This is usually all you need to do if you’re building an internal-use-only tool for your agency. Your manager account’s OAuth2 refresh token gives access to linked client accounts with administrative access. If you can make changes via your manager account you can make changes via the API.
This doesn’t work if you’re building a tool for other agencies or advertisers to use. It would be clunky to link every user to your manager account.
Instead you follow the OAuth2 web application (web server) flow to allow users to let your app access their accounts.
Here’s how it works
- A user registers on your app.
- Your app redirects the user to Google to ask for permission.
- Google will show the user a screen that looks like the screenshot below. Your app name and domain name will appear where I’ve redacted these with grey boxes.
- If the user allows your app permission, Google redirects the user back to your app.
- The redirect includes an OAuth2 refresh token for the user. Your app should save the refresh token somewhere*.
When your app makes a request to the AdWords API you use the user's saved OAuth2 refresh token, not your manager account refresh token.
*You’ll need to think about security when storing the refresh tokens.
Need help with the Google Ads API? Email me (firstname.lastname@example.org) for a no-cost, no-obligation chat. I’m always happy to talk Google Ads and code.
Here's how you handle authorization for multiple users of your AdWords API tool.
You run an digital marketing agency. You’re thinking about building a custom Google Ads tool using the API. Here are some of the things that trip people up.
I bumped into an unexpected problem when I chose the Ad-Minister.app domain.
Will your custom AdWords tool monitor AdWords performance? It's surprisingly difficult to work out when your monitoring system should warn your users. Read on for guidelines on alerts and notifications.
The AdWords interface is awful. You can fix this in your AdWords tool. Here are a handful of principles to guide you as you design your custom AdWords API based tool.
You’re thinking of building a custom keyword research tool using the AdWords API. Read on to see where to start and what to watch out for.
Good news is that you don’t a programmer who is an expert at the AdWords API because the programming constructs that the API uses are well known. For instance, the API uses OAuth for authentication which is very common.