Google Groups

Re: OAuth with Google's AdWords API AuthenticationError

Anash P. Oommen Apr 2, 2012 6:11 AM
Posted in group: AdWords API Forum
Hi Simon,

Nice to know. If you have 2-legged authentication turned on, then you need to generate an application-specific password as discussed at

Anash P. Oommen,
AdWords API Advisor.

On Monday, 2 April 2012 14:29:17 UTC+5:30, baynezy wrote:
Thanks very much for your help on this. I think I have solved the problem, I think it is because my Gmail account has the 2-legged authentication turned on. I am using a different account now and it is now working.



On Friday, 30 March 2012 05:30:45 UTC+1, Anash P. Oommen wrote:
Hi Simon,

v201101 got sunset last month. Try v201109.GetCampaigns as the command line version. (Or in general, apiversion.codeexamplename as command line argument). I'll update the video appropriately or leave comments on the youtube video.


On Thursday, 29 March 2012 21:23:29 UTC+5:30, baynezy wrote:
Thanks very much this is starting to come together. I have set up the Web.config as requested and I am trying to run I am adding adding a command line argument of 'v201101.GetAllCampaigns' as you specify in your YouTube video However, every time I run it it just list the help text to the console. It is like it does not see he command line arguments. I also compiled the exe and ran it from the command line with 'v201101.GetAllCampaigns' and it also just outputs the help text. It is like I am having a bad brain moment, and cannot see why this is failing. I would appreciate some thoughts on what I am doing wrong if you can think of something obvious.

On Thursday, 29 March 2012 13:32:16 UTC+1, Anash P. Oommen wrote:
Hi Simon,

Almost forgot to mention: since you are making calls to the sandbox, you need to initialize the sandbox and use the clientCustomerIds in it.

1. In your Web.config, you should have email/password as your gmail email/password. Comment out clientCustomerId.
3. Call GetAccountHiearchy.cs. Example here: This will return the sandbox accounts that were created for you.
4. Copy one of those customerIds into your web.config's clientCustomerId key, and uncomment the key.
5. Run any code example.


On Thursday, 29 March 2012 17:57:07 UTC+5:30, Anash P. Oommen wrote:
Hi Simon,

I see... let's get a code example running in that case...

The easiest approach is as follows:

1. Make sure your Web.config looks exactly as follows: In case you have other stuff in your Web.config, you need to merge the two.

2. Enter your MCC email, password, clientCustomerId, developerToken in your Web.config.
3. In your code, do

AdWordsUser user = new AdWordsUser();// this loads all configs from your Web.Config
CampaignService service = (CampaignService) user.GetService(AdWordsService.v201109.CampaignService);
// Build your campaign, operation, do service.mutate(). Refer to the examples folder in the downloaded zip for various code examples.

4. Run your website. If you face any issues, let me know, along with the error you are facing.


On Thursday, 29 March 2012 17:21:25 UTC+5:30, baynezy wrote:
Again thank you for your quick response. I am building a web application that when new items are added to our system we can potentially automatically add a new Campaign to the our AdWords account and then subsequently new AdGroups, Ads and Keywords. I am at the early stages really learning the capabilities of the API and I am having a few problems getting going. I downloaded the the .Net client library from here and I am using that as the basis of starting my own proof of concept project. Mainly my issues are compounded by the fact that all the examples I can find are a mix of different versions and so I am a little unclear on how to get going.

I think what I really need help with is how to get the AdWordsUser authenticated in a way that I can the access the API from then on with no challenge. I have no requirement to use OAuth as this will be an internal service using just our company AdWords account.

What I have so far is based on a combination of this Java example and this article you wrote

Here is my code:-

public ActionResult Create()
var headers = new Dictionary<string, string>
              {"CompanyName", ""},
{"Email", ""},
{"Password", "password"},
{"DeveloperToken", " myemail"}
var user = new AdWordsUser(headers);
var service = (CampaignService)user.GetService(AdWordsService.v201109.CampaignService, "");
var budget = new Budget
period = BudgetBudgetPeriod.DAILY,
amount = new Money(),
deliveryMethod = BudgetBudgetDeliveryMethod.STANDARD

var campaign = new Campaign
  name = "Simon Campaign",
  status = CampaignStatus.PAUSED,
  biddingStrategy = new ManualCPC(),
  budget = budget
var operation = new CampaignOperation {operand = campaign, @operator = Operator.ADD};
var operations = new[] { operation };
var result = service.mutate(operations);

return View();

This is an ASP.NET MVC 3 web application, when executing the code above I get an AuthTokenException. When I dig into the error it is because I am getting an System.Net.WebException {"The remote server returned an error: (403) Forbidden."}. I get exactly the same response when I remove the second argument from the GetService call on AdWordsUser.

If you could point me in the right direction I would be eternally grateful.

On Thursday, 29 March 2012 12:20:14 UTC+1, Anash P. Oommen wrote:
Hi Simon,

AFAIK, OAuth doesn't present a Captcha challenge, ClientLogin API does. Sounds like a misconfiguration to me. OAuth 1.0a access tokens don't expire, so you need to get the user to enter the credentials once to generate an accessToken, save it, and then keep reusing it for future requests. The other option is to link the client account under your MCC, and use your credentials to generate AuthTokens. That way, you won't have to ask for your client's credentials at all, but the linking process is manual.

Could you provide some more details of your application? E.g. is it a web application?

Anash P. Oommen,
AdWords API Advisor.

On Thursday, 29 March 2012 16:31:31 UTC+5:30, baynezy wrote:
Thanks very much for your help on this. I think I have gone down the
wrong path here. The OAuth version of the API presents me with a
CAPTCH challenge that I need to forward to the user. However, I am not
creating a client application for users to manage their AdWords
accounts where this process makes perfect sense as I would not want to
store their account credentials. However, I am building an integration
with my application so I can programmatically create campaigns,
adgroups, etc. and this CAPTCHA challenge makes this not feasible as
this will not be in response to a user action but an automated
process. Is there a way to interact with the API where I can use my
credentials that I know, without having to deal with manually

Thanks again.

Simon Baynes 

On Thursday, March 29, 2012 10:04:12 AM UTC+1, Anash P. Oommen wrote:
Hi Simon,

There are couple more pieces to getting OAuth to work on an ASP.NET website.

1. There's some initialization code that should go in your Global.asax. : 
2. There should be some mechanism to trigger the OAuth signup, as shown here:

Hope this helps: Let me know if you have more questions.

Anash P. Oommen,
AdWords API Advisor.

On Wednesday, 28 March 2012 20:09:13 UTC+5:30, baynezy wrote:
I am trying (with not much luck) to access the Google AdWords API using the .Net Client Library to access their SandBox API.

Here is my code:-

            // create campaign
            var campaign = new Campaign
                                   name = "Simon's Campaign",
                                   status = CampaignStatus.ACTIVE,
                                   servingStatus = ServingStatus.SERVING,
                                   budget = new Budget
                                                    period = BudgetBudgetPeriod.DAILY,
                                                    amount = new Money
                                                                     microAmount = 100000
                                                    deliveryMethod = BudgetBudgetDeliveryMethod.STANDARD
                                   adServingOptimizationStatus = AdServingOptimizationStatus.OPTIMIZE,
                                   frequencyCap = new FrequencyCap
                                                          impressions = 100000,
                                                          timeUnit = TimeUnit.MINUTE,
                                                          level = Level.CAMPAIGN
            var operation = new CampaignOperation {@operator = Operator.ADD, operand = campaign};
            var operations = new CampaignOperation[1];
            operations[0] = operation;

            // get service
            var user = new AdWordsUser();
            var url = Request.Url.GetLeftPart(UriPartial.Path);
            var config = user.Config as AdWordsAppConfig;
            user.OAuthProvider = new AdsOAuthNetProvider(
                    AdWordsService.GetOAuthScope(user.Config as AdWordsAppConfig),

            var service = (CampaignService) user.GetService(AdWordsService.v201109.CampaignService);
            var page = service.mutate(operations);

When I run this I get an `AdWordsApiException` with an InnerException `AuthenticationError.OAUTH_TOKEN_HEADER_INVALID @  Service[CampaignService.mutate]`

Now I have the following in my `Web.config`:-

    <!-- Note: For testing purposes, you can use the OAuth consumer key/secret as anonymous/anonymous.-->
    <add key="AuthorizationMethod" value="OAuth"/>
    <add key="OAuthConsumerKey" value="anonymous"/>
    <add key="OAuthConsumerSecret" value="anonymous"/>
    <!-- Uncomment this key if you want to use v13 sandbox. -->
    <!-- <add key="LegacyAdWordsApi.Server" value=""/> -->
    <!-- Uncomment this key if you want to use AdWords API sandbox. -->
    <add key="AdWordsApi.Server" value=""/>

As I understand it this is set up correctly, what am I missing?

Any help would be very gratefully received!!!