Cannot access client's campaigns via API

[Jakub Hancin]

Hello,

I am trying to access client's campaigns via Google Ads API but I am failing.

I am getting this error:

"errorCode": { "authorizationError": "USER_PERMISSION_DENIED"},
 "message": "User doesn't have permission to access customer. Note: If you're accessing a client customer, the manager's customer id must be set in the 'login-customer-id' header. See https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid"

I have gone countless times through the standards, so let me recap what I have done and tried so far.

To be perfectly clear, the 'client' is a real account using real ads, but still under our control for test purposes. We have full control over the client in this example.

1. We have added the Customer account (789-584-XXXX) to the list of Sub-Accounts via the UI on the Master Manager account (506-141-XXXX).
2. The client (us again) confirmed the linking of these accounts together and granted access to the Manager account. The Manager account can easily access all the ads of the client account via UI and can see the full history of the client (we want to be able to perform this via API).
3. The client was sent the link to provide consent. The consent was given and an Authorization code was generated.
4. The Authorization code was used to generate a pair of tokens. Up to this point, everything went successfully as expected.
5. When the tokens are used to access client's data, we get the 403 error. "User doesn't have permission to access customer. Note: If you're accessing a client customer, the manager's customer id must be set in the 'login-customer-id' header. See https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid"

The step 5 is where our code fails.

Let me write here the details of the HTTP request. As I trust these matters are handled by seasoned developers, I believe you can easily figure out the meaning of the code below. We are using a config object where the variables are stored. No hyphens are used for the accounts, so the values look like this: 789584XXXX or 506141XXXX:

req.setMethod('POST');
req.setHeader('Content-Type','application/json');
req.setHeader('login-customer-id',config.ManagerAccountId__c);
req.setHeader('Authorization','Bearer '+config.AccessToken__c);
req.setHeader('developer-token',config.DeveloperToken__c);
req.setEndpoint('https://googleads.googleapis.com/v4/customers/'+config.ClientId_Account__c+'/googleAds:search');
req.setBody('{"pageSize": 10000,"query": "SELECT campaign.id,campaign.name, campaign.status, campaign.end_date, campaign.start_date, metrics.cost_micros, campaign.campaign_budget FROM campaign"}');

We are failing miserably.

We have tried the approach of generating credentials under the client's account and retrying the whole authorization flow with new client ID and client secret (talking now abou the app client id + secret), but we could not even get to the Authorization code as Google rejected the new app on the client's side explaining the app is only in test mode (it is true that we have the Basic access only on the Master manager account, because getting even the Basic access was a huge bureaucratic pain for us -> we do hope we do NOT have to submit the app for basic access for each client).

Thank you for any help.

Jakub
SaaScend

[AdWords API and Google Ads API Forum]

Reposting the last inquiry from the forum as it wasn't routed to our support queue.

Cheers,

Matt,

Google Ads API Team

[Вячеслав Иванов]

Hello I have the same problem. Is it solved by the author?

пятница, 9 апреля 2021 г. в 18:21:44 UTC+3, AdWords API and Google Ads API Forum:

[Вячеслав Иванов]

'login-customer-id' in the request header, I specify

пятница, 18 июня 2021 г. в 13:04:58 UTC+3, Вячеслав Иванов:

[Google Ads API Forum Advisor]

Hi,

If you're authenticating as a manager, you should specify the manager account ID as the login-customer-id in the request headers. If you are already doing this and seeing the error, then send the following details using 'Reply privately to author' option:

1. Account id
2. User email address
3. API request and error response

Thanks,

Lakshmi Prathipati Google Ads API Team

ref:_00D1U1174p._5004Q2IwmD1:ref