Authorization

You need both OAuth 2.0 application credentials and a developer token when calling the Google Ads API. If you're making API calls as a Google Ads Manager Account, you also need to specify a login-customer-id header with each request. This page describes how to use these values with the API's REST interface.

OAuth 2.0 credentials

The Google Ads API uses application credentials for identifying and authorizing API requests. Both OAuth 2.0 clients and service accounts can be configured. For more details about configuring client-side authorization, see OAuth2 in the Google Ads API.

If you are new to Google APIs, you can use oauth2l or the OAuth 2.0 Playground to experiment with application credentials and the Google Ads API before writing the code for your app.

Creating a new access token

Once you have a client ID, client secret, and refresh token, you can generate a new access token for use in API calls with the curl command line tool:

curl \
  --data "grant_type=refresh_token" \
  --data "client_id=CLIENT_ID" \
  --data "client_secret=CLIENT_SECRET" \
  --data "refresh_token=REFRESH_TOKEN" \
  https://www.googleapis.com/oauth2/v3/token

You then use the access token returned by the curl request in the Authorization HTTP header of every API call to the Google Ads API:

GET /v5/customers/CUSTOMER_ID HTTP/1.1
Host: googleads.googleapis.com
Authorization: Bearer ACCESS_TOKEN
developer-token: DEVELOPER_TOKEN

Developer token

The Google Ads API also requires a developer token in order to make calls to the API. You can apply for a token for your Manager Account directly from the Google Ads UI. For more details about getting set up with a developer token, see Obtain Your Developer Token.

You need to include your developer token value in the developer-token HTTP header of every API call to the Google Ads API:

GET /v5/customers/CUSTOMER_ID HTTP/1.1
Host: googleads.googleapis.com
Authorization: Bearer ACCESS_TOKEN
developer-token: DEVELOPER_TOKEN

Login customer ID

For Google Ads API calls made by a manager to a client account (that is, when logging in as a manager to make API calls to one of its client accounts), you also need to supply the login-customer-id HTTP header. This value represents the Google Ads customer ID of the manager making the API call.

Including this header is equivalent to choosing an account in the Google Ads UI after signing in or clicking on your profile image at the top-right corner of the page. When specifying the customer ID, be sure to remove any hyphens (—), for example: 1234567890, not 123-456-7890.

GET /v5/customers/CUSTOMER_ID HTTP/1.1
Host: googleads.googleapis.com
Authorization: Bearer ACCESS_TOKEN
developer-token: DEVELOPER_TOKEN
login-customer-id: MANAGER_CUSTOMER_ID