The Search Ads 360 API requires all requests to specify an OAuth 2.0 access token for authentication. You can follow any standard OAuth 2.0 authentication workflow to generate the token and pass it to the Search Ads 360 API. We recommend the workflow described below because it is suitable for fully automated conversion uploads and report downloads.
For alternatives to the workflow described below, see Using
OAuth 2.0 for Installed Applications or
Using OAuth 2.0 for Server to Server Applications. If you use an alternate workflow,
specify the following value as the
scope parameter when you request an OAuth
2.0 authorization code:
If you follow the server to server route, add the service account as a Search Ads 360 user.
Recommended authorization workflow
- Go to the Google API Console and select your project.
If you haven't already created a Google API Console project and OAuth credentials, follow the instructions in Create a Google API Console project and OAuth credentials for your client.
To find your project's OAuth client ID and secret, do the following:
- Open the Credentials page.
- In the Name column, click the name of your OAuth client.
- The client ID and secret are listed on the page.
- Open a web browser and sign into Google
with a Google Account that has
permission to access data in Search Ads 360.
This is the Google Account your API client will use to authenticate with Search Ads 360. If the Google Account holder leaves your company and you remove Search Ads 360 access from the account, you will need to repeat this authorization workflow and specify a different Google Account.
- Obtain a refresh token by invoking the Search Ads 360 utility script as follows:
The script takes you through the process of using the Oauth client ID and secret to obtain a refresh token. The refresh token is valid only for the Google Account you signed into during the previous step.
As part of this process, the script generates a URL and instructs you to visit the URL in a web browser.
When the browser asks you to allow OAuth client access to Search Ads 360 data, make sure the Google Account you signed into earlier appears. (If you're signed into multiple Google Accounts, you might be presented with a different account.)
At the end of the process, the
sa360Api.pyscript outputs a comma-delimited string. The first value is the client ID you provided, the second value is the client secret you provided, and the third value is the refresh token. In the following example output, the refresh token is in bold text:
- Store the client ID, client secret, and refresh token in a backend database or
other secure location that's accessible to your application.
Keep the entire comma-delimited string in a convenient location if you plan to use
sa360Api.pyto send sample JSON requests to the Search Ads 360 API. You'll pass the entire string as a parameter each time you invoke the script.
- Add code to your application that does the following:
- Use the client ID, client secret, and refresh token to obtain a fresh OAuth 2.0 access token.
- Send requests to the Search Ads 360 API using the fresh access token.
If you're using the client libraries, the next section, Set Up Your Application, describes how to add this authorization code to your application.
If you're not using one of the client libraries, see Using OAuth 2.0 for Installed Applications for suggestions on obtaining a fresh access token.