Our client libraries automatically take care of the details covered below, so read on only if you're interested in what's happening behind the scenes, or if you're not using one of our client libraries.
A single access token can grant varying degrees of access to multiple APIs. A
variable parameter called
scope controls the set of resources and operations
that an access token permits. During the access token request, your app
sends one or more values in the
The present scope for the Google Ads API is:
It's common for an Google Ads API client app to request offline access. For example, your app may want to run batch jobs when your user is not physically online browsing your website.
To request offline access for a web application type, make sure you set the
access_type parameter to
offline. You can find additional information in
Google's OAuth2 guide.
For the installed app type, offline access is enabled by default--you don't have to explicitly request it.
When using the gRPC API, you should include the access token in a each request.
You can bind a
Credential to a
Channel for use on all requests on that
channel. You can also send a customized credential for each call. The gRPC
Authorization guide contains more
details on handling authorization.
When using the REST API, you should pass the access token via the HTTP header
Authorization. An example HTTP request is shown below:
GET /v5/customers/123456789 HTTP/2 Host: googleads.googleapis.com User-Agent: INSERT_USER_AGENT Accept: */* Authorization: Bearer INSERT_ACCESS_TOKEN developer-token: INSERT_DEVELOPER_TOKEN
The bolded elements should be customized for your application.
Access and refresh token
In most cases, you need to store the refresh token securely for future use. To learn more about how to request access and refresh tokens, read the corresponding guide for your application type:
Access token expiration
An access token has an expiration time (based on the
expires_in value) after
which the token is no longer valid. You can use the refresh token to refresh
an expired access token. By default, our client libraries automatically
refresh expired access tokens.