RE: json key is missing the client_email

2,217 views
Skip to first unread message
Message has been deleted

Google Ads API Forum Advisor

unread,
Oct 14, 2022, 11:41:02 AM10/14/22
to ant...@armandheitz.com, adwor...@googlegroups.com

Hi Anthony,

Thanks for reaching out to the Google Ads API Forum.

I had to delete your forum post since the attached image screenshot contained sensitive details. You may avoid posting sensitive information on the forum thread. For the contents, you may refer to below:

“Hello, I would like to test GetCampaigns to see if everything is set correctly in the code, and I have this error. Could you help me? I would like to connect to the API via the service account. Thanks Anthony”

Moving forward, kindly note that the email address used as impersonatedEmail is not valid. If you have used an impersonated email as @*****.iam.gserviceaccount.com, then note that service account authentication will not work.  Note that impersonatedEmail (formerly delegate_account) is an account email used as a delegate. In this case, you have to provide the email of a user that has access to the Google Ads account and grant impersonation abilities in the G Suite domain for this scope: https://www.googleapis.com/auth/adwords

This is used for authenticating using a service account. For more information, you may see OAuth2 Service Account documentation.

In addition, service account authentication requires a Google Workspace domain and a service account that was granted domain-wide delegation access by a super administrator for the domain. You may retry your request with workspace domain and valid impersonated_email based on this configuration, and let us know the results.

If it still doesn't work after following this service account document and completing all mentioned requirements for the service account authentication, then you may provide the complete request and response logs with request ID generated via reply privately to author option, as seen in the respective links, so that our team can check better. For you to enable complete logs on your end for the client library, logging can be enabled by this guide.

Moreover, we strongly recommend using OAuth2 installed app or web flows instead of service accounts unless you need domain-specific features (for example, impersonation). OAuth2 installed application and web flows require user interaction only once, when access to the account is granted. You need to implement the code set up on your end to make calls using service accounts. 

Regards,

Google Logo
Yasar
Google Ads API Team
 


ref:_00D1U1174p._5004Q2f6YM1:ref
Reply all
Reply to author
Forward
0 new messages