1.9K members online now
1.9K members online now
Use AdWords conversion tracking and reporting to measure your results. Have a question about Google Analytics? Post it here, on the Google Analytics Community!
Guide Me

AdWords API Access with OAuth2

[ Edited ]
Visitor ✭ ✭ ✭
# 1
Visitor ✭ ✭ ✭

I am developing a tool that is responsible for uploading offlline conversions to the AdWords. I have generated the OAuth2 Keys as mentioned here ( but unfortuunately, when accessing the API it gives me

Failed to refresh access token.
  "error" : "invalid_grant"

and when i tried to follow this article ""

it mentioned that i need to open the Authorization Url with my MCC account, to get the Refresh Token, while i need it to be detected automatically if possible as it is an offline tool that runs hourly.

Is that possible ?



Also, kindly i would like to ask another question, how can i generate a developer token while i only have a test MCC and i don't have a production one yet, just need it for development and to make sure everything is going fine.

1 Expert replyverified_user

Re: AdWords API Access with OAuth2

[ Edited ]
Top Contributor
# 2
Top Contributor

as to invalid-grant --

normally, access-tokens expire naturally and
must be refreshed using the refresh-token.

if the application was working properly in the past, then such an invalid-grant
error may be the result of a few issues; such as, attempting to obtain multiple
developer-tokens using the same authorization-code, which may be used only once,
exceeding the refresh-token-limit, the token was manually revoked by a user, the
server's ntp/time was not-running/out-of-sync with google's servers, the token
and request have improper scopes, the associated project/user token has expired,
or simply a temporary system issue.

otherwise, token-refresh details mainly depend on the type of application --
server-side, desktop, mobile, etc., and the type of application allowed for
the type of google-account (e.g. g-suite-domain-accounts).

using one of google's client-libraries for the implementation
may help -- most oauth2 details have been fully abstracted

and verified to function properly for most use-cases.

as to test-accounts --

there is no such concept as using a test-account to sign-up for
api-access -- a live, active, production, my-client-center (mcc)
manager-account, is required for any level of api-access.

(1) developer-token:
after the live, active, production, manager-account
has signed-up for the developer-token, the assigned
token may then be used with a test-account --
to test the application prior to approval.

(2) basic-access:
then, if basic-access is requested via the product-manager-account,
using the developer-token, the account and application details will
be reviewed by google's api-policy-and-conformance-teams, for
policy related issues.

only if the basic-access application is approved, and the
token activated, will api-access be given to live-accounts.

generally, google tends to prefer a developer (token) to be associated
with a management-account that is, at least, actively serving ads --
such as, an advertising agency or partner, before beginning development.

basic-access quotas can support most users and organizations.

(3) standard-access:
if the application is part of a large organization or will be used by
many multiple users, is production-quality, is able to meet google's
minimum-functionality-requirements, and is also ready for a formal
demo, google may be contacted to request standard-access.

there is an api-forum for clarification, more authoritative answers,
and any follow-up or additional questions, or any related issues --!forum/adwords-api


AdWords API Access with OAuth2

Visitor ✭ ✭ ✭
# 3
Visitor ✭ ✭ ✭

Thank you so much for your help and your detailed answer.

Actually what i was thinking on, is how can i have the refresh token without asking a user to log in through a browser, as i am mainly implementing a windows service that i need it some how communicate with google server-to-server  without needing the user's input.


Thank you so much once again Smiley Happy

Marked as Best Answer.
Accepted by topic author Tarek A
April 2017

AdWords API Access with OAuth2

Top Contributor
# 4
Top Contributor

first, you're welcome.

running such an application, without asking for some direct
authorization, at some point, is generally not allowed.

in almost all cases, some initial interaction with an authorization-screen,
presented via google, is required to grant initial access to the application --
by design; after that, the oauth2 refreshes may happen programmatically.

generally, google likes transparency with respect to what is being allowed.

only a very few use-cases, such as, all users with g-suite-domain-accounts,
administered under the same g-suite-domain, is such authorization optional --
since similar authorization is usually already held by the g-suit-administrator.

otherwise, there may be a few outlier use-cases -- depending on
the details of the application-type, users, devices, accounts, etc.

the best likely course would be to simply ask in the public api-forum.