403 Error when using sa account impersonation auth token to call google ads api

345 views
Skip to first unread message

Samantha Kapai

unread,
Aug 9, 2022, 6:13:18 PM8/9/22
to Google Ads API and AdWords API Forum
Hello

I am trying to access the googleads api using service accounts. To test it locally I am using impersonation getting back an access token and using that to make calls to the google ads api.

Below is my request 

curl -f  -v --request POST "https://googleads.googleapis.com/v11/customers/1234567/googleAds:search" \

--header "Content-Type: application/json" \

--header "developer-token: 12345" \

--header "login-customer-id:1234567" \

--header  "Authorization: Bearer $(gcloud --impersonate-service-account=yyy...@sojern-platform-dev.iam.gserviceaccount.com auth print-access-token)" \

--data '{

"pageSize": 10,

"query": "

  SELECT campaign.name,

    campaign_budget.amount_micros,

    campaign.status,

    campaign.optimization_score,

    campaign.advertising_channel_type,

    metrics.clicks,

    metrics.impressions,

    metrics.ctr,

    metrics.average_cpc,

    metrics.cost_micros,

    campaign.bidding_strategy_type

  FROM campaign

  WHERE segments.date DURING LAST_7_DAYS

    AND campaign.status != 'REMOVED'

"

}'

The service account has domain wide access to the google ads api. 

Do any special permissions need to be given to the impersonating account?

Google Ads API Forum Advisor

unread,
Aug 10, 2022, 1:38:25 AM8/10/22
to samanth...@sojern.com, adwor...@googlegroups.com
Hi Samantha,

Thank you for raising this concern to the Google Ads API team.

Moving forward to your concern, it appears that this is mainly about service accounts. That being said, you may check this documentation as it contains details for service accounts.

Also, you may see this document as it is used for authenticating as service account using REST API.

Regards,
Google Logo
Carmela
Google Ads API Team
 
 

ref:_00D1U1174p._5004Q2dJ7LN:ref
Reply all
Reply to author
Forward
0 new messages