Google Ads API is returning to beta status. Please read our blog post for more details.

OAuth Web Application Flow

This guide will walk you through how to setup OAuth2 for API access on behalf of your clients using web flow.

Step 1 - Creating OAuth2 credentials

Generate a client ID and secret by following the linked instructions, then come back to this page.

Step 2 - Setting up the client library

Adding OAuth2 support for your application (single login)

If your application manages only one Advertiser account (or a hierarchy of Advertiser accounts all linked under a single master manager account), then you don’t need to build OAuth2 flow into your application. You can perform the following steps instead:

  1. Download and run the AuthenticateInStandaloneApplication example.
  2. Follow the application instructions to generate necessary configuration.

Adding OAuth2 support for your application (multiple logins)

If you manage multiple unrelated Google Ads accounts, then you need to build OAuth2 sign-in flow into your application as part of adding OAuth2 support for your application.

  1. Configure the following keys in your App.config / Web.config. See the configuration guide for details.

    <add key="AuthorizationMethod" value="OAuth2" />
    <add key="OAuth2ClientId" value="INSERT_OAUTH2_CLIENT_ID_HERE" />
    <add key="OAuth2ClientSecret" value="INSERT_OAUTH2_CLIENT_SECRET_HERE" />
    <add key="OAuth2Mode" value="APPLICATION" />
    
  2. When loading a page, check if the user is logged in. If they are, then navigate them to the data page. If not, send them to a login page, either manually, or in response to a user action (e.g. a button click).

    public partial class Default : Page
    {
    
        /// <summary>
        /// The login helper.
        /// </summary>
        public WebLoginHelper loginHelper;
    
        /// <summary>
        /// The Google Ads client.
        /// </summary>
        private GoogleAdsClient client = new GoogleAdsClient();
    
        /// <summary>
        /// Handles the Load event of the Page control.
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">The <see cref="EventArgs"/> instance containing the
        /// event data.</param>
        protected void Page_Load(object sender, EventArgs e)
        {
            this.loginHelper = new WebLoginHelper(this);
            if (loginHelper.IsLoggedIn)
            {
                client.Config.OAuth2RefreshToken = loginHelper.Credentials.Token.RefreshToken;
            }
        }
    
        /// <summary>
        /// Handles the Click event of the btnLogin control.
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">The <see cref="EventArgs"/> instance containing the
        /// event data.</param>
        protected void btnLogin_Click(object sender, EventArgs e)
        {
            Response.Redirect("/Login.aspx");
        }
        ...
    }
    
  3. On the login page, check if the page is being loaded due to a redirect from the OAuth server. If yes, capture the authorization code, and exchange it for a refresh token and access token. If not, redirect the user to the OAuth2 server for authentication.

    public partial class Login : System.Web.UI.Page
    {
    
        /// <summary>
        /// The login helper.
        /// </summary>
        private WebLoginHelper loginHelper;
    
        /// <summary>
        /// Initializes a new instance of the <see cref="Login"/> class.
        /// </summary>
        public Login()
        {
            loginHelper = new WebLoginHelper(this);
        }
    
        /// <summary>
        /// Handles the Load event of the Page control.
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param>
        protected void Page_Load(object sender, EventArgs e)
        {
            // Initialize login helper only in the page load, otherwise session
            // information won't be available.
    
            if (loginHelper.IsLoggedIn)
            {
                // Redirect to the main page.
                Response.Redirect("/Default.aspx");
            }
            else if (loginHelper.IsCallbackFromOAuthServer())
            {
                loginHelper.ExchangeAuthorizationCodeForCredentials();
    
                // Redirect to the main page.
                Response.Redirect("/Default.aspx");
            }
            else
            {
                // Redirect the user to the OAuth2 login page.
                loginHelper.RedirectUsertoOAuthServer();
            }
        }
    }
    

    See the AuthenticateInWebApplication code example for a complete ASP.NET web application example.