USER_PERMISSION_DENIED with Google Ads API V1 and no errors with AdWords API V201809
1,344 views
Skip to first unread message
Sergei Kim
Apr 8, 2019, 10:19:34 AM4/8/19
to AdWords API and Google Ads API Forum
Hello Team,
We have a client with strange behavior. All requests against new API are failing with the error. But V201809 works as usual.
Request
Content-Type: application/jsonAuthorization: Bearer {{access_token}}developer-token: {{developer_token}}Error response
HTTP/1.1 403 Forbidden
Request-Id: p-cqwN8p86IMSINGahjbhw
Vary: Origin, X-Origin, Referer
Content-Type: application/json; charset=UTF-8
Content-Encoding: gzip
Date: Mon, 08 Apr 2019 13:18:58 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"
Connection: close
Transfer-Encoding: chunked
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.ads.googleads.v1.errors.GoogleAdsFailure",
"errors": [
{
"errorCode": {
"authorizationError": "USER_PERMISSION_DENIED"
},
"message": "User doesn't have permission to access customer."
}
]
}
]
}
}
How to debug this?
Thanks in advance,
Sergei Kim
CoMagic
googleadsapi...@google.com
Apr 8, 2019, 4:10:56 PM4/8/19
to AdWords API and Google Ads API Forum
Hello Sergei,
As per the blog post mentioned here, It is required to mention the login-customer-id in your API call as the manager account Id of the account to which you are making the API call along with the CUSTOMER_ID of client. Also, the Oauth credentials used to make API calls to account must be created with the user having access to the account. If you are facing the problem even after setting the login-customer-id and customer_id, please share the email address of the user authenticating the API call and the customer_id you are setting along with the code snippet you are trying. Please use reply privately to the author option while sharing the information requested.
Regards,
Sai Teja, Google Ads API Teama
As per the blog post mentioned here, It is required to mention the login-customer-id in your API call as the manager account Id of the account to which you are making the API call along with the CUSTOMER_ID of client. Also, the Oauth credentials used to make API calls to account must be created with the user having access to the account. If you are facing the problem even after setting the login-customer-id and customer_id, please share the email address of the user authenticating the API call and the customer_id you are setting along with the code snippet you are trying. Please use reply privately to the author option while sharing the information requested.
Regards,
Sai Teja, Google Ads API Teama
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and discussion group:
https://ads-developers.googleblog.com/search/label/google_ads_api
https://developers.google.com/adwords/api/community/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Was your question answered? Please rate your experience with us by taking a short survey.
If not -- reply to this email and tell us what else we can do to help.
Also find us on our blog and discussion group:
http://googleadsdeveloper.blogspot.com/search/label/adwords_api
https://developers.google.com/adwords/api/community/
Message has been deleted
Sergei Kim
Apr 9, 2019, 9:28:34 AM4/9/19
to AdWords API and Google Ads API Forum
Is it possible to get original manager account id if we have only client tokens and id?
googleadsapi...@google.com
Apr 9, 2019, 1:08:01 PM4/9/19
to AdWords API and Google Ads API Forum
Hello Sergei,
It is not possible to get the manager account Id via API.
@Chirag,
As per the blog post mentioned here, you have to pass login-customer-id and client-customer-id in your API call. The login-customer-id should be of the manager account that is authenticating the API call on behalf of the client and the client-customer-id should be of the account id from which you are trying to pull the data. The login-customer-id is necessary and the OAuth credentials must be of the user having access to that manager account when making calls to the client account on behalf of their manager account.
It is not possible to get the manager account Id via API.
@Chirag,
As per the blog post mentioned here, you have to pass login-customer-id and client-customer-id in your API call. The login-customer-id should be of the manager account that is authenticating the API call on behalf of the client and the client-customer-id should be of the account id from which you are trying to pull the data. The login-customer-id is necessary and the OAuth credentials must be of the user having access to that manager account when making calls to the client account on behalf of their manager account.
Regards,
Sai Teja, Google Ads API Team
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and discussion group:
https://ads-developers.googleblog.com/search/label/google_ads_api
https://developers.google.com/adwords/api/community/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
cv
Apr 12, 2019, 5:16:32 AM4/12/19
to AdWords API and Google Ads API Forum
Hello Sai,
How I can get login-customer-id?
Thanks for the answer.
How I can get login-customer-id?
I have refreshtoken with me for MCC account. Under that I have Multiple MCC account managing.
How I identify which login-customer-id I need to use?
How I can get information from Sub MCC accounts?
Thanks,
cv
Apr 12, 2019, 5:19:05 AM4/12/19
to AdWords API and Google Ads API Forum
Hello Sai,
I mean I have ListAccessibleAccounts. What MCC id I need to use?
Bcz I am not aware which MCC account has linked with?
Thanks,
cv
Apr 15, 2019, 5:39:33 AM4/15/19
to AdWords API and Google Ads API Forum
Hello Sai,
But the document over https://ads-developers.googleblog.com/2019/01/new-required-header-for-google-ads-api.html on this blog post is confusing.
It said login-customer-id is required incase it is MCC account.
My question
1) which login-customer-id is important, Is it the customerId that MCC has authorised?
2) If yes, what about SUB MCC accounts?
3) If I have authorised for the First time I can get all the accessible accounts, how I can identify which customerId need to assign as login-customer-id?
4) For Directly Accesible accounts which are not there as a MCC, what could be login-customer-id?
googleadsapi...@google.com
Apr 15, 2019, 1:14:15 PM4/15/19
to AdWords API and Google Ads API Forum
Hello Chirag,
Please find my response below inline:
Please find my response below inline:
- which login-customer-id is important, Is it the customerId that MCC has authorised?
- It should be the customerId of the account the authenticating user has directly access to. Also, you should use the login-customer-id when you are making calls to the client account on behalf of a sub/high level manager account.
- If yes, what about SUB MCC accounts?
- When you are making calls to the end clients, depending on the OAuth credential you are using(either to the top MCC or SUB MCC) the login-customer-id has to be of sub/top level manager account.
- If I have authorised for the First time I can get all the accessible accounts, how I can identify which customerId need to assign as login-customer-id?
- The customers that you can access directly(list accessible customers) can all be set as login-customer-id. Let's say in you list accessible customers you have one MCC and one Client account. While making calls to the client accounts under that MCC you can use login-customer-id as MCC client customer id and the actual client customer id is the one from which you are pulling the data. While making calls to the Client account that is directly accessible, you could user the login-customer-id same as client customer id without dashes or don't mention it in the headers either way it should work.
- For Directly Accesible accounts which are not there as a MCC, what could be login-customer-id?
- For the client that are directly accessible you may not need login-customer-id. Even if you use the client customer id as login-customer-id the call would succeed.
Regards,
Sai Teja, Google Ads API Team
Sai Teja, Google Ads API Team
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and discussion group:
https://ads-developers.googleblog.com/search/label/google_ads_api
https://developers.google.com/adwords/api/community/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Reply all
Reply to author
Forward
0 new messages