Using google authentication, how to make sure the user can modify a specific adwords account throug my app?

[Vera Smith]

I implemented google authentication to access my app (based on adwords api)

How should I ensure that the authenticated user has permissions to make changes to the adwords account

configured in my app?

[Google Ads API Forum Advisor Prod]

Hi Vera,

If a user has access to the AdWords / Google Ads account, they can use their login email to create their own OAuth2 credentials. Once they generate the said credentials, they can then include those in the request header. Their access to read and modify information would only be limited to that specific account if their login email's access is indeed only for that specific account.

However, if a user uses credentials that were created using an email address associated to the MCC account, then those credentials can be used to read and modify information of all the accounts under that MCC. I hope this helps and feel free to write back if you have additional clarifications.

Thanks and regards,
Peter
Google Ads API Team

ref:_00D1U1174p._5001UCZu4X:ref