Ways to secure the developer token

[xxx...@gmail.com]

We consider letting a freelancer implement some additional functions for our app based on Google Ads API and developer token issued for our firm's AdWords manager account.

Our developer token is a valuable asset, which we will be forced to share with the freelancer, so I have some questions about the security of our developer token:

• What are best practices to prevent fraudulent use of developer token through outsourced employers?
• How to recognize fast and what to do in case of  fraudulent use? 
• Is there any kind of sandboxing of the developer token or of the whole app, so the development could be done without sharing of developer token?

Our main concerns are not to lose developer token and not to put our connection with Google at risk.

[Google Ads API Forum Advisor]

Hello,

 

I'm Kevin from the Google Ads API Team.

 

In the Google Ads API's perspective, there's no way to monitor fraudulent use of a developer token. As a workaround, you may opt to have the freelancer to develop on a test account first. This is also the suggested action in our Best Practices documentation. Once the application is finished, you can replace the developer token and credentials used to gain access to your production account.

 

For additional reference, you can check this link and navigate to the bottom of the page for reference on how to create a test manager account.

 

Regards,

Kevin Gil Soriano Google Ads API Team

ref:_00D1U1174p._5004Q2UiQRL:ref