OAuth Installed Application Flow

This guide will walk you through how to setup OAuth2 for API access using your own credentials using installed application flow. These steps only need to be done once, unless you revoke, delete, or need to change the allowed scopes for your OAuth2 credentials.

Step 1 - Creating OAuth2 credentials

Generate a client ID and secret by following the linked instructions, then come back to this page.

Step 2 - Setting up the client library

Adding OAuth2 support for your application (single login)

If your application manages only one Advertiser account (or a hierarchy of Advertiser accounts all linked under a single master manager account), then you don’t need to build OAuth2 flow into your application. You can perform the following steps instead:

  1. Download and run the AuthenticateInStandaloneApplication example.
  2. Follow the application instructions to generate necessary configuration.

Adding OAuth2 support for your application (multiple logins)

If you manage multiple unrelated Google Ads accounts, then you need to build OAuth2 sign-in flow into your application as follows:

  1. Configure the following keys in your App.config / Web.config. See the configuration guide for details.

    <add key="AuthorizationMethod" value="OAuth2" />
    <add key="OAuth2ClientId" value="INSERT_OAUTH2_CLIENT_ID_HERE" />
    <add key="OAuth2ClientSecret" value="INSERT_OAUTH2_CLIENT_SECRET_HERE" />
    <add key="OAuth2Mode" value="APPLICATION" />
  2. At runtime, prompt the user to authorize your application, as follows:

    public class ConsoleExample
        private const string GOOGLE_ADS_API_SCOPE = "https://www.googleapis.com/auth/adwords";
        static void Main(string[] args)
            GoogleAdsConfig config = new GoogleAdsConfig();
            // Load the JSON secrets.
            ClientSecrets secrets = new ClientSecrets()
                 ClientId = config.OAuth2ClientId,
                 ClientSecret = config.OAuth2ClientSecret
            // Authorize the user using installed application flow.
            Task<UserCredential> task = GoogleWebAuthorizationBroker.AuthorizeAsync(
                new string[] { GOOGLE_ADS_API_SCOPE },
                new NullDataStore()
            UserCredential credential = task.Result;
            // Store this token for future use.
            string refreshToken = credential.Token.RefreshToken;
            // To make a call, set the refreshtoken to the config, and
            // create the GoogleAdsClient.
            config.OAuth2RefreshToken = refreshToken;
            GoogleAdsClient client = new GoogleAdsClient(config);
            // Now use the client to create services and make API calls.
            // ...

    See the AuthenticateInStandaloneApplication code example for a complete console application example.