Best practises for developing a new tool with different devs while keeping old tool running?

[S Naseweis]

Currently we are running our own a Google AdWords API tool for internal use. This tool is several years old and there's lot more than transitioning to the new Ads API to do to keep it up to our needs.

Now we decided to do a fresh start with different developers and a complete rewrite of our application. Until we finish this project, our AdWords API tool is still in use for managing our clients accounts. We need to make sure, there's no interuption: the old tool must run until day x when we'll ready to pull the lever.

So starting new project brings up two different aspects:

The first is API access safety.

1. As far as I understand, it's not possible to access a MCC structure with more than one API key at a time. Correct? 
2. So our new devs have to use our existing API token if they need to access real data from our MCC, not the crippled sandbox environment. Correct?

If both assumptions are true, what can we do to keep our existing API access safe in the case of any trouble caused by our new devs?

Or is there way for the devs to use their own token and get access to our MCC.

What do you recommend?

Second point: Managing dev console projects.

1. Do we have to create an new dev console project for the new tool? 
2. If yes, is it posible to have two different projects using the same API token?
3. If we can't use one API key with two projects, how can we handle the new OAuth consent screen enforcements with different projects in parallel?

Is there anything else what we need to consider? 

[Google Ads API Forum Advisor Prod]

Hi Naseweis,

Thank you for reaching out. Please find my response to your questions below:
 

1. The API token is a key used to grant access to the API. You could use more than one token to access the API.

 

2. The new devs need to use either your developer token or a token from other sources to access the API. Accessing a specific Google Ads account needs the appropriate user access level.

 

3. You could use the old project or create a new one.

 

4. It’s absolutely okay to have multiple projects that use the same developer token.

 

5. You could use one developer token for both projects.

 

Thanks and regards,
Xiaoming, Google Ads API Team

Xiaoming Google Ads API Team

ref:_00D1U1174p._5004Q2CR3Zv:ref

[S Naseweis]

Hi Xiaoming,

Tanks for your kind reply. I'm still confused and I have to make sure, we get the whole picture, before we preceed in any direction with this project.

Here are some additional questions, the numbering is responding to your answers.

1. To be sure: The quick start page says: "A company should have only one developer token". Your answer seems to contradict this.
2. According to the above mentioned help page: If we use our developers' token, our console project is tied to it and we would have to create a new console project for using our own token. Is this correct? What would be the impact of doing so?
3. Regarding your answer and extending my last question: "Once a client ID from a Google Cloud project is used with a developer token, the client ID is bound to the developer token and can't be used with another developer token." This sounds like we need to create a new dev console project, if we want to use a different token.

Reading through this page ("obtaining your developer token"), our devs need to create their own MCC to obtain a token. Correct? ("A developer token from Google allows your app to connect to the Google Ads API. To retrieve your developer token, sign in to your Manager Account").

So an API token is always tied to a specific MCC? Our MCC contains lots of accounts and sub-MCCs. As far as I remember, there's a limit how many MCC levels could be nested or how many MCCs are able to access an account. So I'm not sure if we can have full access for all sub-levels with a dev MCC.

Is it possible that miss-configured API calls could trigger an API violation and a suspension of our token? Our boss is quite concernded that the devs could jeopardize our current project with some beginner's mistake.

Using our own API token could speed up the whole process. I remember it took some weeks until we got our API access finally aproved (but that was years ago) and there was a lot of "paper work" envolved. How long does this process take nowadays?

I'm still confused about the new OAuth  authorization. If I get it right, we have to tie one of our company domains to a given console project. Is this correct?

Regards,

Steffen

[Google Ads API Forum Advisor Prod]

Hi Steffen,

Thank you for reaching out. Please find my response to your questions below:
 

1. What I mean is that you would be able to use different API tokens to access the API. As long as you could get more than one token then you could use any of them.

 

2. Your understanding was wrong.  Once you have used the developer token for that particular project, you have to stick with that developer token as it is already paired with the project. The workaround for this is to create a new project to use a new developer token.

 

3. The clientId is tightly coupled with the Google Console Project which is associated with a developer token. Thus, the clientId could only be used with that pre-existing developer token.

 

4. The developer token is associated with a specific MCC account. However, the access to any account in the account hierarchy is determined by the OAuth2 credentials used and the relationship between the account rather than the developer token.

 

5. Most of the times, configuring the API call wrongly won’t be considered a violation and lead to the suspension of account if you don’t intend to abuse the system. 

 

6. You could apply for the Google Ads API access by signing in then navigating to TOOLS & SETTINGS > SETUP > API Center and filling out the API access form. Once you submit the form, you would be granted a developer token with Test access. You could then fill out this form with needed information to apply for the Basic access level.