AI-generated Key Takeaways
-
This guide details setting up OAuth2 for API access using service accounts and your own credentials, a process you only need to complete once.
-
This setup requires a Google Workspace domain and a service account with domain-wide delegation access granted by a super administrator.
-
You must generate a service account ID and a JSON file by following specific linked instructions.
-
After generating the necessary file, you need to add the private key JSON file path and the impersonated email to your configuration, either in a
google-ads.yaml
file, YAML string, or dict, or as environment variables. -
Ensure no credentials for OAuth2 desktop or web app flows are present in your configuration if you intend to use Service Account authentication.
This guide will walk you through how to set up OAuth2 for API access using your own credentials with service accounts. These steps only need to be done once, unless you revoke or delete your OAuth2 credentials.
Create OAuth2 credentials
Generate a service account ID and a *.JSON file by following the linked instructions, then come back to this page.
Add a private key JSON and an impersonated email to configuration
Set the private key JSON file path and impersonated email in your configuration.
If you're using a google-ads.yaml
file, YAML string, or dict
, add the
following:
json_key_file_path: JSON_KEY_FILE_PATH
impersonated_email: IMPERSONATED_EMAIL
If you're using environment variables, add the following to your bash
configuration or environment:
export GOOGLE_ADS_JSON_KEY_FILE_PATH=JSON_KEY_FILE_PATH
export GOOGLE_ADS_IMPERSONATED_EMAIL=IMPERSONATED_EMAIL