Tag Archives: oath2

Upcoming changes to CustomerService in Google Ads API

We are introducing several changes to the CustomerService.CreateCustomerClient method to align the Google Ads API with how Google Ads UI handles new account creation functionality. These changes will take effect on March 17, 2025.

New error codes for policy enforcement
In order to limit abuse, the Google Ads API introduced two new error codes in the version v19 of the API for the purpose of policy enforcement.
  1. Google Ads manager accounts that do not have a certain threshold of spending or a certain number of active child accounts without policy issues (for example, not suspended or closed for policy violations) will be ineligible to create child accounts under them. Developers will receive a CustomerError.CREATION_DENIED_INELIGIBLE_MCC error code in the upcoming version v19 of the Google Ads API. To fix the issue, link a Google Ads account that is compliant with the Google policies and meets the threshold spending levels under your manager account.
  2. Google Ads manager accounts that have been flagged for policy violations related to account creation will no longer be able to create child accounts under them. Developers will receive a CustomerError.CREATION_DENIED_FOR_POLICY_VIOLATION error code in the upcoming version v19 of the Google Ads API.
In both these cases, existing API versions (v18 and older) will throw a ContextError.OPERATION_NOT_PERMITTED_FOR_CONTEXT error instead.

Quota limits for account creation
The Google Ads API will enforce limits on creation of new Google Ads accounts. Developers will receive a QuotaError.RESOURCE_EXHAUSTED error once the limits are reached. The retry_delay field of the quota_error_details contains additional details on how long you should wait before retrying the API call. We do not expect most developers to be affected by these limits.

What do I need to do?
If your application uses the Google Ads API to create new Google Ads accounts, you should review your code to ensure that your application correctly handles these new error codes.

If you have any questions or need help, check out the Google Ads API support page for options.Reach out to the Google Ads product support team for any questions related to account policies.
 - , Google Ads API Team

Consent unbundling in Ads APIs

What’s changing?
Starting the week of May 1 2025, we will roll out consent unbundling for OAuth user authentication to all Google Cloud projects which were created before 2019. If you own an application that uses an Ads-related API through a Google Cloud project created before 2019, you may need to update your application to handle unbundled user consent before May 1 2025.

Background
Consent unbundling for OAuth user authentication flow allows users to customize which specific OAuth scopes they want to authorize your application for, rather than an all-or-nothing approach. All the Google Cloud console projects created since 2019 have this feature turned on, whereas all the projects created before 2019 have this feature turned off.

The following screenshot shows the difference between an all-or-nothing consent prompt, and an unbundled consent prompt. Figure 1: All-or-nothing consent screen. Users aren’t allowed to choose from a list of OAuth scopes.

Figure 2: Unbundled consent screen. Users are allowed to choose from a list of OAuth scopes.

Who is affected by this change?
You will be affected by this change if ALL of the following conditions are met:
  1. Your API application uses a Google Cloud Console project that was created before 2019.
  2. Your application implements the OAuth 2.0 user consent flow – an authentication workflow where the user logs in with their Google account and grants one or more permissions that your application is requesting.
  3. Your application uses more than one Google API, and one of the APIs is an Ads-related API listed below.
Who isn’t affected by this change?
  • Existing refresh tokens: This change doesn’t affect user authentications that you already have in place. Your existing refresh tokens will continue to work without any changes or re-authentication.
  • Single scope applications: If your application uses only one Google API scope, your application isn’t affected by this change, since there aren’t multiple OAuth scope to unbundle.
  • Single user applications / Manually authenticated applications: Your application doesn’t have an explicit OAuth user authentication flow implemented. Instead, you use a manual authentication script such as GenerateUserCredentials, gcloud CLI or OAuth Playground to authenticate the user, and then use those credentials for a long period of time. Since you select all the scopes that your application requires while authenticating, your application isn’t affected by this change.
  • Service accounts: If your application uses a service account to authenticate your API calls, you won’t be affected by this change

What do I need to do?
You need to ensure that your application can handle partial user consent. To do this,
  1. Request the list of OAuth scopes that the user consented to by including the include_granted_scopes parameter in your OAuth flow.
  2. Examine the actual list of OAuth scopes that the user consented in the OAuth response.
  3. Implement incremental authorization in your application.
Review our OAuth granular consent guide to learn about the requirements and best practices to handle granular consent.

How do I test this feature?
There are two ways to test this feature:
  1. Create a new Google Cloud project: New Google Cloud projects have enabled OAuth consent unbundling. So you can create a new Google Cloud project, and use it for testing your application.
  2. Enable consent unbundling in your existing project: You can set the enable_granular_consent parameter to true in your OAuth authorization request.
Which API scopes are affected?
The following APIs related to Ads are affected by this change.
API OAuth Scope
Google Ads API https://adwords.google.com/api/adwords
Google Ad Manager API (SOAP API, Beta) https://www.googleapis.com/auth/dfp
https://www.googleapis.com/auth/admanager
Bid Manager API https://www.googleapis.com/auth/doubleclickbidmanager
Content API for Shopping https://www.googleapis.com/auth/content
Display and Video 360 API https://www.googleapis.com/auth/display-video-mediaplanning
https://www.googleapis.com/auth/display-video-user-management
AdMob API https://www.googleapis.com/auth/admob.report
https://www.googleapis.com/auth/admob.googlebidding.readwrite
https://www.googleapis.com/auth/admob.monetization
AdSense for Platforms API https://www.googleapis.com/auth/adsensehost
https://www.googleapis.com/auth/adsense
https://www.googleapis.com/auth/adsense.readonly
Google Analytics API https://www.googleapis.com/auth/analytics
https://www.googleapis.com/auth/analytics.readonly
https://www.googleapis.com/auth/analytics.edit
https://www.googleapis.com/auth/analytics.manage.users
https://www.googleapis.com/auth/analytics.manage.users.readonly
https://www.googleapis.com/auth/analytics.provision
https://www.googleapis.com/auth/analytics.user.deletion
Campaign Manager 360 API https://www.googleapis.com/auth/ddmconversions
https://www.googleapis.com/auth/dfareporting
https://www.googleapis.com/auth/dfatrafficking
Search Ads 360 API https://www.googleapis.com/auth/doubleclicksearch
Google Tag Manager API https://www.googleapis.com/auth/tagmanager.delete.containers
https://www.googleapis.com/auth/tagmanager.edit.containers
https://www.googleapis.com/auth/tagmanager.edit.containerversions
https://www.googleapis.com/auth/tagmanager.manage.accounts
https://www.googleapis.com/auth/tagmanager.manage.users
https://www.googleapis.com/auth/tagmanager.publish
https://www.googleapis.com/auth/tagmanager.readonly
Real time bidding API https://www.googleapis.com/auth/realtime-bidding
Authorized Buyers Marketplace API https://www.googleapis.com/auth/authorized-buyers-marketplace
https://www.googleapis.com/auth/adexchange.buyer

How to get help
If you have any questions or need help, reach out to your respective API’s support team with your questions.
 - , Google Ads API Team