OAuth Desktop and Web Application Flows

This guide walks you through how to set up OAuth2 for API access using your own credentials and either the desktop flow or the web flow.

Generate OAuth2 credentials for a single account

The easiest way to make calls to Google Ads API accounts is to

Link all the accounts you want to make API calls to under a single Google Ads manager account.
Use the GenerateUserCredentials example to generate OAuth2 credentials for a user with access to the manager account.
Use the OAuth2 credentials to make calls to all the accounts you need to manage using Google Ads API.

These steps only need to be done once, unless you revoke, delete, or need to change the allowed scopes for your OAuth2 credentials.

Step 1 - Create OAuth2 credentials

Follow the steps to configure a Google API Console project for the Google Ads API.
Note the client ID and secret, then come back to this page.

Step 2 - Set up the client library

In a terminal, run the GenerateUserCredentials example, which prompts you for your OAuth2 client ID and secret.

This is an interactive example, which will require you to provide input.
```
dotnet run GenerateUserCredentials.csproj
```
The example prompts you to provide the OAuth2 client ID and secret. Provide the details from step 1.
The example opens a URL automatically in the browser. If you aren't signed in to your browser session, the web page will prompt you to sign in to the Google Account. If you are already signed in, it will skip the sign in prompt and redirect you to a URL where you are prompted to authorize the application to access your Google Ads account on your behalf.

Note: Sign in with the same Google Account you use to access Google Ads. Usually, this is a login email to a Google Ads manager account that contains all the accounts you need to manage under its account hierarchy.
You are then taken to a page with a message indicating that the authorization succeeded.

Your refresh token has been fetched. Check the console output for further instructions.

Return to the console where you were running the example. The example should have completed and be displaying your refresh token and some instructions, followed by the properties you'll need to configure the client library:

Copy the following content into your App.config file.

<add key = 'OAuth2Mode' value = 'APPLICATION' />
<add key = 'OAuth2ClientId' value = '******' />
<add key = 'OAuth2ClientSecret' value = '******' />
<add key = 'OAuth2RefreshToken' value = '******' />

Make sure you also set the LOGIN_CUSTOMER_ID header. See
https://developers.google.com/google-ads/api/docs/client-libs/dotnet/configuration#google_ads_api_settings
to learn more.

<add key = 'LoginCustomerId' value = 'INSERT_LOGIN_CUSTOMER_ID_HERE' />

See https://developers.google.com/google-ads/api/docs/client-libs/dotnet/configuration
for alternate configuration options.

Generate OAuth2 credentials for interactive applications

If you don't know the Google Ads account to make API calls to in advance, you can discover it at runtime using the credentials of the signed in user for the session. See AuthenticateInAspNetCoreApplication for an example where the currently signed in user is authenticated and the OAuth2 credentials are obtained at runtime.