Getting "The Caller does not have permission" while creating budget

63 views
Skip to first unread message

Özgür Nevres

unread,
Mar 22, 2023, 12:00:08 PM3/22/23
to Google Ads API and AdWords API Forum
Hi,

Request Id: SIg8l4iq1_8gFOYH6728ow

I am trying to create campaign and budget for a Customer under a Manager (client Customer).
Manager and Customer under it are linked because I can access all the Customer's assets: Campaigns, AdGroups, Ads, metrics, whatever.

But, when I try to create Campaign Budget, I am getting "The Caller does not have permission" error.
The Failure is: User doesn't have permission to access customer. Note: If you're accessing a client customer, the manager's customer id must be set in the 'login-customer-id' header. See https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid

The link seemed irrelevant to me, because I am not using Google Ads REST API, I am using the Google Ads Nuget Package. I am using this method: https://developers.google.com/google-ads/api/samples/add-campaigns

Please note that with the same DeveloperToken, OAuth2ClientId, OAuth2ClientSecret, and OAuth2RefreshToken I can access Customer's all assets without any problem.

What am I doing wrong? Thanks in advance.


Google Ads API Forum Advisor

unread,
Mar 22, 2023, 1:35:40 PM3/22/23
to ozgur....@earnado.com, adwor...@googlegroups.com

Hello,

Thank you for reaching out to the Google Ads API Support.

Apparently you are getting an AuthorizationError: USER_PERMISSION_DENIED error when trying to create a campaign. This is because the User doesn't have permission to access the customer. Please note that if you're accessing a client customer, the manager's customer id must be set in the 'login-customer-id' header. 

To prevent this kind of error, I would suggest specifying the login-customer-id as the manager account ID without hyphens (-). That being said, you will need to ensure that the user / email address you used to generate the credentials indeed has access to the account in your request.

If the user / email address has access or is associated with the MCC / manager account, you will need to specify the MCC / manager account's ID without hyphens (-) as the value of the login-customer-id field.

Furthermore, if the issue persists, can you please provide us with the complete request and response logs generated as shown in the respective links, so we can check on our end the errors being thrown?

If you haven't enabled logging yet, it can be enabled by navigating to the Client libraries > Your client library (ex. Java) > Logging documentation, which you can access from this link. For REST interface requests, you can enable logging via the curl command by using the -i flag. 

You can provide it via Reply privately to the author option. If this option is not available, then send it instead on this email address googleadsa...@google.com.

Regards,

Google Logo Google Ads API Team


ref:_00D1U1174p._5004Q2k1tex:ref

Özgür Nevres

unread,
Mar 23, 2023, 2:10:41 AM3/23/23
to Google Ads API and AdWords API Forum
Thanks for the answer.

If the user / email address has access or is associated with the MCC / manager account, you will need to specify the MCC / manager account's ID without hyphens (-) as the value of the login-customer-id field.

Yes, the user is associated with the MCC account. But, how can I specify the login-customer?
I am using the sample code provided by Google on the link below:

I couldn't find a login-customer-id property on these objects.

Özgür Nevres

unread,
Mar 23, 2023, 2:21:44 AM3/23/23
to Google Ads API and AdWords API Forum
My bad, I now understand what you meant.

For those who is getting the same error, I forgot to set the LoginCustomerId property on client.config.

    public static GoogleAdsClient GetGoogleAdsClient(GeneralRequestWithoutCustomerClientId request)
    {
        var client = new GoogleAdsClient();

        client.Config.OAuth2Mode = Google.Ads.Gax.Config.OAuth2Flow.APPLICATION;
        client.Config.OAuth2Scope = GeneralConstants.SCOPE;
        client.Config.DeveloperToken = request.DeveloperToken;
        client.Config.OAuth2ClientId = request.OAuth2ClientId;
        client.Config.OAuth2ClientSecret = request.OAuth2ClientSecret;
        client.Config.OAuth2RefreshToken = request.OAuth2RefreshToken;
        client.Config.LoginCustomerId =  request.LoginCustomerId //I FORGOT TO SET THIS
        return client;
    }

After setting  LoginCustomerId, everything worked.

Thanks

Reply all
Reply to author
Forward
0 new messages