DV360 Exchange Reporting API onboarding and OAuth setup

The DV360 Exchange Reporting API is exposed as an allowlist based Google Cloud API which uses OAuth. The allowlist process is handled by the DV360 Exchange Reporting API team.

Procedure

Here are the DV360 Exchange Reporting API onboarding steps:

1. Sign up a Google Account on the Google Cloud console.

   Note that this account is to be used to manage access tokens for your production client, so don't use your personal Gmail account.

2. Contact Google DV360 with the account information to have it added to the allowlist.

3. After you've been notified that you're on the allowlist, request an OAuth verification review to get your app access to the doubleclickbidmanager scope.

4. Sign in on the Google Cloud console.

   Navigate to API & Services > Library > Private. You should see a DV360 Exchange Reporting API listed as one of the API available to you. Enable the DV360 Exchange Reporting API.

5. Navigate to Credentials > Create a Credential > Service Account Key. Follow the instructions to create a service account.

Service account

A service account allows your code to send application credentials directly to the API. A service account, like a user account, is represented by an email address. Unlike a user account, however, a service account belongs only to an application, and can only be used to access the API for which it was created.

Here are the steps to create service account credentials using the Google Cloud console:

1. From the API Manager > Credentials page, select Create credentials→Service account key.

   

2. Select New service account from the Service account drop-down.

   

   Enter a Name for this service account. This name is used as the default name for your Service account ID, to the left of the @ in the generated service account ID address.

   Under Key type, we recommend that you leave this value as JSON. Click Create to generate a JSON key as a .json text file. When prompted, download the file to your computer and a Service account created dialog is displayed.

   

   Here is a sample JSON key:

   {
     "type": "service_account",
     "project_id": "project-id",
     "private_key_id": "some_number",
     "private_key": "-----BEGIN PRIVATE KEY-----\n....
     =\n-----END PRIVATE KEY-----\n",
     "client_email": "<api-name>api@project-id.iam.gserviceaccount.com",
     "client_id": "...",
     "auth_uri": "https://accounts.google.com/o/oauth2/auth",
     "token_uri": "https://accounts.google.com/o/oauth2/token",
     "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
     "client_x509_cert_url": "https://www.googleapis.com/...<api-name>api%40project-id.iam.gserviceaccount.com"
   }
   

3. Store your JSON file securely, as it contains your private key, and this file is the only copy of that key. The credentials in this file are needed when your code make calls to the API.

4. Contact DV360 with the service account information you created, specifically, the email address of the service account. This is part of the allowlist process for API access.

Access token

After your service account is authorized to make calls to the API, you can proceed with the examples in the API guides. To get an access token manually, you can use a tool such as oauth2l; or, use one of our client libraries to authenticate programmatically.