OAuth Web Application Flow

This guide will walk you through how to setup OAuth2 for API access using your own credentials using web application flow. These steps only need to be done once, unless you revoke, delete, or need to change the allowed scopes for your OAuth2 credentials.

Step 1 - Creating OAuth2 credentials

Generate a client ID and secret by following the linked instructions, then come back to this page.

Once finished save your client ID and client secret by going back to the credentials page and clicking the button on the right-hand side of the screen to download your credentials as a JSON file. Save that file on your machine in a location that's easy to remember, such as in your $HOME directory.

Step 2 - Adding OAuth2 credentials to configuration

  1. Set the client ID and client secret tokens in your configuration. If you're using a google-ads.yaml file, YAML string or dict add the following:

    client_id: INSERT_OAUTH2_CLIENT_ID_HERE
    client_secret: INSERT_OAUTH2_CLIENT_SECRET_HERE
    

    If you're using environment variables add the following to your Bash configuration or environment:

    export GOOGLE_ADS_CLIENT_ID=INSERT_OAUTH2_CLIENT_ID_HERE
    export GOOGLE_ADS_CLIENT_SECRET=INSERT_OAUTH2_CLIENT_SECRET_HERE
    

Step 3 - Generating a refresh token

  1. Follow the instructions in our installation documentation to clone the library from GitHub and return to this page.

  2. Next, navigate to the authenticate_in_web_application example, authenticate_in_web_application.py.

    $ cd examples/authentication
    
  3. Run this example via the command line, passing in the file path to the JSON file generated earlier.

    $ ./authenticate_in_web_application.py --client_secrets_path=/path/to/secrets.json
    
  4. The example will prompt you to visit a URL where you will need to allow the OAuth2 credentials to access your Google Ads account on your behalf.

    • Navigate to the URL in a private browser session or an incognito window.
    • Log in with the same Google account you use to access AdWords.
    • Click Allow on the OAuth2 consent screen.

    Consent screen allow

  5. An authorization code will be shown to you. Copy and paste the verification code into the command line where you're running the authenticate_in_web_application.py example and press enter. The example should complete and display an offline refresh token.

    Authorization code

    After approving the token enter the authorization code here: ****
    
    Your refresh token is: ****
    

Step 4 - Adding refresh token to configuration

  1. Set the refresh token in your configuration. If you're using a google-ads.yaml file, YAML string or dict add the following:

    refresh_token: INSERT_OAUTH2_REFRESH_TOKEN_HERE
    

    If you're using environment variables add the following to your Bash configuration or environment:

    export GOOGLE_ADS_REFRESH_TOKEN=INSERT_OAUTH2_CLIENT_ID_HERE