This guide discusses how to access the Google Ads API with user authentication. See the overview guide to learn more about various authentication options.
The user authentication workflow involves employing an OAuth 2.0 flow to obtain human authorization to let your app manage their Google Ads accounts on their behalf. An OAuth 2.0 access token is issued once the authorization process completes, and the app can use the access token to make API calls to the user's Google Ads account. The OAuth 2.0 access token expires every hour, so it is a common practice to additionally request OAuth 2.0 offline access so that your app can refresh the authorization without further user interaction.
There are two broad ways to build the user authentication workflow: single user authentication and multi-user authentication. Single user authentication is used as a fallback to the service account workflow, and is used when a single user has access to all the Google Ads accounts you need to manage using the Google Ads API. On the other hand, multi-user authentication is used when you have to manage accounts managed by multiple users, and need to build your own OAuth flow to authenticate your users.