Google Ads API is returning to beta status. Please read our blog post for more details.

OAuth2 Internals for Google Ads API

Our client libraries automatically take care of the details covered below, so read on only if you're interested in what's happening behind the scenes, or if you're not using one of our client libraries.

This section is intended for advanced users who are already familiar with the OAuth 2.0 specification and know how to use OAuth2 with Google APIs.


A single access token can grant varying degrees of access to multiple APIs. A variable parameter called scope controls the set of resources and operations that an access token permits. During the access token request, your app sends one or more values in the scope parameter.

The present scope for the Google Ads API is:

Offline access

It's common for an Google Ads API client app to request offline access. For example, your app may want to run batch jobs when your user is not physically online browsing your website.

To request offline access for a web application type, make sure you set the access_type parameter to offline. You can find additional information in Google's OAuth2 guide.

For the installed app type, offline access is enabled by default--you don't have to explicitly request it.

Request headers

gRPC headers

When using the gRPC API, you should include the access token in a each request. You can bind a Credential to a Channel for use on all requests on that channel. You can also send a customized credential for each call. The gRPC Authorization guide contains more details on handling authorization.

REST headers

When using the REST API, you should pass the access token via the HTTP header Authorization. An example HTTP request is shown below:

GET /v1/customers/123456789 HTTP/2
Accept: */*
Authorization: Bearer INSERT_ACCESS_TOKEN

The bolded elements should be customized for your application.

Access and refresh token

In most cases, you need to store the refresh token securely for future use. To learn more about how to request access and refresh tokens, read the corresponding guide for your application type:

Access token expiration

An access token has an expiration time (based on the expires_in value) after which the token is no longer valid. You can use the refresh token to refresh an expired access token. By default, our client libraries automatically refresh expired access tokens.