OAuth Desktop and Web Application Flows

This guide walks you through how to set up OAuth 2.0 for API access using your own credentials and either the desktop flow or the web flow. These steps only need to be done once, unless you revoke, delete, or need to change the allowed scopes for your OAuth 2.0 credentials.

Create OAuth 2.0 credentials

  1. Follow the steps to configure a Google API Console project for the Google Ads API.

  2. Note the client ID and client secret, then come back to this page.

Set up the client library

  1. In a terminal, run the GenerateUserCredentialsexample. Enter the OAuth 2.0 client ID and client secret when prompted.

    dotnet run GenerateUserCredentials.csproj

  2. This code example opens a URL automatically in the browser. If you aren't signed in to your browser session, the web page will prompt you to sign in to your Google Account. If you are already signed in, it will skip the sign-in prompt and redirect you to a URL where you must authorize the app to access your Google Ads account on your behalf.

    Sign in with the Google Account you use to access Google Ads. Usually, this is a login email to a Google Ads manager account that contains all the accounts you need to manage under its account hierarchy. Click Continue on the OAuth 2.0 consent screen.

    OAuth 2.0 consent screen

    You'll be taken to a page with a message indicating that the authorization succeeded.

    Your refresh token has been fetched. Check the
console output for further instructions.

  3. Return to the console where you're running the code example. You'll see that the code example has completed and is displaying your refresh token and some instructions, followed by the instructions you'll need to follow to configure the client library:

    Copy the following content into your App.config file.

<add key = 'OAuth2Mode' value = 'APPLICATION' />
<add key = 'OAuth2ClientId' value = '******' />
<add key = 'OAuth2ClientSecret' value = '******' />
<add key = 'OAuth2RefreshToken' value = '******' />

    Make sure you also set the LOGIN_CUSTOMER_ID header in your App.config file. See the configuration guide to learn more.

    <add key = 'LoginCustomerId' value = 'INSERT_LOGIN_CUSTOMER_ID_HERE' />

    Refer to the configuration guide for alternate configuration options.

Generate OAuth2 credentials for interactive applications

If you don't know the Google Ads account to make API calls to in advance, you can discover it at runtime using the credentials of the signed in user for the session. See AuthenticateInAspNetCoreApplication for an example where the currently signed in user is authenticated and the OAuth2 credentials are obtained at runtime.