To discuss and provide feedback on our products, join the official Google Ads Discord channel in the Google Advertising and Measurement Community server.

OAuth Service Account Flow

AI-generated Key Takeaways

This guide details setting up OAuth2 for API access using your own credentials via service accounts, a process required only once unless credentials are revoked or deleted.
Creating OAuth2 credentials requires a Google Workspace domain and granting the service account domain-wide delegation access by a super administrator.
To set up the client library, you need to configure the private key JSON file path and delegate account ID either in a googleads.properties file or as environment variables.
When loading configurations, the library prioritizes credentials from OAuth2 desktop or web app flows, so ensure these are not present if you intend to use Service Account authentication.

This guide will walk you through how to setup OAuth2 for API access using your own credentials using service accounts. These steps only need to be done once, unless you revoke or delete your OAuth2 credentials.

Create OAuth2 credentials

Generate a service (delegate) account ID and a *.JSON file by following the linked instructions, then come back to this page.

Set up client library

Set the private key JSON file path and delegate account ID in your configuration. If you're using a googleads.properties file, add the following:

jsonKeyFilePath=PRIVATE_KEY_FILE_PATH
impersonatedEmail=DELEGATE_ACCOUNT

If you're using environment variables, add the following to your Bash configuration or environment:

export GOOGLE_ADS_JSON_KEY_FILE_PATH=PRIVATE_KEY_FILE_PATH
export GOOGLE_ADS_IMPERSONATED_EMAIL=DELEGATE_ACCOUNT_ID