Handle PERMISSION_DENIED errors

277 views
Skip to first unread message

Gunaseelan Chinniah

unread,
Jun 7, 2022, 9:02:16 PM6/7/22
to Google Ads API and AdWords API Forum
Hello All,

We have an issue with PERMISSION_DENIED and this is a typical case. As an agency we need to look into the budget spend of all our accounts(customer Id) and we have a significant number of customer id's in our MCC. 

Everything is running great, but sometimes our clients revoke the permissions to our MCC which causes the entire application feature to fail as we get the following error message. We can fix it by removing the particular customer id from our database, but there should be some way to handle this error and skip that customer id and show the rest of the customers. Any help is appreciated and thanks in advance.

{ "message": "The caller does not have permission", "code": 7, "status": "PERMISSION_DENIED", "details": [ { "@type": "type.googleapis.com\/google.ads.googleads.v10.errors.GoogleAdsFailure", "errors": [ { "errorCode": { "authorizationError": "USER_PERMISSION_DENIED" }, "message": "User doesn't have permission to access customer. Note: If you're accessing a client customer, the manager's customer id must be set in the 'login-customer-id' header. See https:\/\/developers.google.com\/google-ads\/api\/docs\/concepts\/call-structure#cid" } ], "requestId": "oPnFAn7LgarGFOowTL_pOg" } ] }

Google Ads API Forum Advisor

unread,
Jun 7, 2022, 11:49:25 PM6/7/22
to gunase...@gmail.com, adwor...@googlegroups.com

Hi all,

Thank you for reaching out to our API support team.

Regarding your concern about the USER_PERMISSION_DENIED error. The authorized customer does not have access to the operating customer. The common cause of this is when authenticating as a user with access to a manager account but not specifying login-customer-id in the request. To prevent this kind of error, I would suggest specifying the login-customer-id as the manager account ID without hyphens (-).

That being said, you will need to ensure that the user / email address you used to generate the credentials indeed has access to the account in your request. If the user / email address has access or is associated with the MCC / manager account, you will need to specify the MCC / manager account's ID without hyphens (-) as the value of the login-customer-id field.

If the issue still persists, please provide us the complete and recent request and response logs with request ID and request header generated on your end along with the email address used to generate the OAuth2 credentials, so that our team will investigate this problem.

You can provide it via the Reply privately to author option. If this option is not available, then send it instead on this email address googleadsa...@google.com.

 


Best,

Google Logo
Anthony Cyril
Google Ads API Team
 


ref:_00D1U1174p._5004Q2bdNgT:ref
Reply all
Reply to author
Forward
0 new messages