google.api_core.exceptions.PermissionDenied: 403

2,758 views
Skip to first unread message

Pavel Hegler

unread,
Mar 16, 2021, 11:45:29 AM3/16/21
to AdWords API and Google Ads API Forum
 I am ran this github token creation than I used this token for OAuth sometimes successful and other times i got USER_PERMISSION_DENIED or PERMISSION_DENIED. After setting up Oauth keys for x-times, generating token for xy- times i now only seem to get this error:

 google.api_core.exceptions.PermissionDenied: 403 Request had insufficient authentication scopes.

I dont understand how it works

I have following structure:

--> Company Huge MCC
           --> Other Company sub MCCs
                         --> Account I want to get campigns from
i was trying to use this get campign script, obviously I am complete beginner and still dont understand where in the script this OAuth magic happens and how the permissions are handeled and whatever.

I also set up test account like this
--> TEST MCC
         --> Test Account
                  --> Test Campign
trying to use the same script as above but i failed miserably with the same

  google.api_core.exceptions.PermissionDenied: 403 Request had insufficient

Error.

Can you explain how this code works?:

ga_service = client.get_service("GoogleAdsService"version="v6") (line 30)



Pavel Hegler

unread,
Mar 16, 2021, 12:58:33 PM3/16/21
to AdWords API and Google Ads API Forum
I fixed it a little bit. I just redid the whole Oauth thing and than I ran it again and now i only get this error:
errors {
  error_code {
    authorization_error: USER_PERMISSION_DENIED
  }
  message: "User doesn\'t have permission to access customer. Note: If you\'re accessing a client customer, the manager\'s customer id must be set in the \'login-customer-id\' header. See https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid"
}

I put a variable
login-customer-id: *Account number of my Company Huge MCC without -*
into my google-ads.yaml file and i get the same problem.

PLS Help

Pavel Hegler

unread,
Mar 16, 2021, 12:59:46 PM3/16/21
to AdWords API and Google Ads API Forum
BTW:
i of course looked into that link but i cant figure out how to add this damn header into the request. Where is this header generated?

Pavel Hegler

unread,
Mar 16, 2021, 1:16:23 PM3/16/21
to AdWords API and Google Ads API Forum
I fixed it there was 1 problem:

i used
login-customer-id in the yaml instead of login_customer_id ):

Google Ads API Forum Advisor Prod

unread,
Mar 17, 2021, 1:08:36 AM3/17/21
to p.he...@die-besserwisser.de, adwor...@googlegroups.com
Hi Pavel,

I am happy to know that you've fixed the PermissionDenied error on your end.

If there is any issues or errors that you want us to check and address, feel free to post it on this email thread and we are happy to provide support

Regards,
Google Logo
Ernie John Blanca Tacata
Google Ads API Team
 


ref:_00D1U1174p._5004Q2Dw2Ze:ref

Pavel Hegler

unread,
Mar 17, 2021, 3:57:22 AM3/17/21
to AdWords API and Google Ads API Forum
Hey mister Forum Advisor:)
can you still explain how this :

client.get_service("GoogleAdsService"version="v6")

works?

Google Ads API Forum Advisor Prod

unread,
Mar 17, 2021, 2:49:35 PM3/17/21
to p.he...@die-besserwisser.de, adwor...@googlegroups.com
Hi Pavel,

The get_service method retrieves the service specified in the first argument for the version given in the second argument. In this case, it's getting the GoogleAdsService for version 6.

Regards,
Matt
Google Ads API Team

Google Logo
Matt
Google Ads API Team
 


 

ref:_00D1U1174p._5004Q2Dw2Ze:ref

Pavel Hegler

unread,
Mar 19, 2021, 7:06:57 AM3/19/21
to AdWords API and Google Ads API Forum
Perfect, thanks
Reply all
Reply to author
Forward
0 new messages