Join us live on Discord on the Google Advertising and Measurement Community server on October 16th! We will discuss the new features added in V22 of the Google Ads API.

OAuth Service Account Flow

AI-generated Key Takeaways

This guide explains how to set up OAuth2 for API access using service accounts, a one-time process unless credentials are revoked.
The setup requires a Google Workspace domain and a service account with domain-wide delegation access granted by a super administrator.
You need to generate a service account ID and a JSON file, then add the private key JSON file path and impersonated email to your configuration.
Configuration can be set using a google-ads.yaml file, YAML string, dict, or environment variables.
The library prioritizes credentials for desktop or web app flows, so ensure these are not present if you want to use Service Account authentication.

This guide will walk you through how to set up OAuth2 for API access using your own credentials with service accounts. These steps only need to be done once, unless you revoke or delete your OAuth2 credentials.

Create OAuth2 credentials

Generate a service account ID and a *.JSON file by following the linked instructions, then come back to this page.

Add a private key JSON and an impersonated email to configuration

Set the private key JSON file path and impersonated email in your configuration. If you're using a google-ads.yaml file, YAML string, or dict, add the following:

json_key_file_path: JSON_KEY_FILE_PATH
impersonated_email: IMPERSONATED_EMAIL

If you're using environment variables, add the following to your bash configuration or environment:

export GOOGLE_ADS_JSON_KEY_FILE_PATH=JSON_KEY_FILE_PATH
export GOOGLE_ADS_IMPERSONATED_EMAIL=IMPERSONATED_EMAIL