4.1.2 Two-Step Verification (2SV)

Google Ads authorization supports 2-Step Verification (2SV) for Google Ads accounts. 2SV is optional, so you can choose whether to require all sub-accounts of your Google Ads MCC account to enable it. Even if you don't require your users to set up 2SV, they can still activate it in their Google account settings.

If the user has enabled 2SV, during the OAuth2 authentication flow, Google prompts the user for 2SV before issuing a refresh token. Once issued, the refresh token can be used to generate the access token needed in API calls. Refresh tokens that were issued prior to the user enabling 2-Step verification remain valid and not encounter an API error.

If you require users to set up 2SV, the error TWO_STEP_VERIFICATION_NOT_ENROLLED is returned if API calls are made using access tokens generated from a refresh token that was issued prior to the user enabling 2-Step verification.

The application should handle this error and direct the user to enable 2-Step verification for their Google account.

Once the user has enabled 2-Step verification, they can go through the OAuth2 authentication flow again, this time encountering the prompt for the 2-Step verification. Completing the prompt issues a refresh token that can be used to issue access tokens that no longer encounter the error when API calls are made with them.

Learn More about 2-Step Verification.