One option for generating OAuth2 credentials is to use the OAuth2 Playground. The OAuth2 Playground, in conjunction with the Google Ads API console, lets you manually create OAuth2 tokens.
The OAuth2 Playground is for users who only need to access the accounts for a single manager account or Google Ads user. If you need to prompt multiple users for credentials, it is likely better to configure a client library for OAuth in Search Ads 360.
Get a client ID and client secret
If you do not have an existing cloud project:
Open the Google API Console Credentials page.
From the project drop-down, select an existing project or create a new one.
On the Credentials page, select Create credentials, then select OAuth client ID.
Under Application type, choose Web application.
Under Authorized redirect URIs, add a line with:
On the Client ID page, take note of the client ID and client secret. You'll need these in the next step.
If you have an existing cloud project, you can reuse it by setting the Authorized redirect URIs as above.
Go to the OAuth2 Playground, (using this link should pre-populate some key values for you).
Click the gear icon in the upper right corner and check the box labeled Use your own OAuth credentials (if it isn't already checked).
Make sure that:
- OAuth flow is set to Server-side.
- Access type is set to Offline (this ensures you get a refresh token and an access token, instead of just an access token).
Enter the OAuth2 client ID and OAuth2 client secret you obtained above.
In the section labeled Step 1 - Select & authorize APIs, click Search Ads 360 Reporting API from the list and select its scope,
https://www.googleapis.com/auth/doubleclicksearch. Then click Authorize APIs:
If prompted, sign in to the account to which you want to grant access and authorization. Otherwise, confirm that the current user in the top right corner is the client or manager account for whom you want to obtain credentials.
Publish the app.
Keep the app in the Testing status, and add yourself as a test user.
A prompt appears indicating your app would like to Manage your Search Ads 360 campaigns. Click Accept to continue.
In the tab labeled Step 2 - Exchange authorization code for tokens, an Authorization code should appear. Click Exchange authorization code for tokens.
If all goes well, the Refresh token and Access token should be filled in for you (you may have to re-expand Step 2 - Exchange authorization code for tokens):
Copy the Refresh token into the configuration file for your client library of choice, along with the client ID and client secret.
Configure a client library for OAuth in the Search Ads 360 Reporting API.
Remove the OAuth2 Playground from your client ID
Now that you have a refresh token, you no longer need the OAuth2 Playground to be an authorized redirect URI. To remove it from the list of authorized redirect URIs:
Go to the Google API Console Credentials page.
From the project drop-down, select your project.
On the Credentials page, click the client ID name to edit.
https://developers.google.com/oauthplaygroundfrom the Authorized redirect URIs. Note that you must leave at least one redirect URI in place.