MCC's own client ID Access Denied - Using same account's secret and refresh token
81 views
Skip to first unread message
eric haberman
Nov 20, 2014, 4:36:37 PM11/20/14
to adwor...@googlegroups.com
Hello,
I'm getting the error:
AuthorizationError. USER_PERMISSION_DENIED
The MCC client ID (581-880-2635), developers token, and Google Developers Console refresh token and secret are all from the same account. (refresh token authorized in the same browser as the MCC account is logged into)
In other words, my MCC client ID is being denied from using it's own API credentials.
Anyone run into this before? I've dug around and can't find a solution, any help would be appreciated.
Thanks!
I'm getting the error:
AuthorizationError. USER_PERMISSION_DENIED
The MCC client ID (581-880-2635), developers token, and Google Developers Console refresh token and secret are all from the same account. (refresh token authorized in the same browser as the MCC account is logged into)
In other words, my MCC client ID is being denied from using it's own API credentials.
Anyone run into this before? I've dug around and can't find a solution, any help would be appreciated.
Thanks!
Josh Radcliff (AdWords API Team)
Nov 20, 2014, 5:03:55 PM11/20/14
to adwor...@googlegroups.com
Hi,
Looking at your failed requests, the underlying errors suggest that perhaps you are not passing an access token in your Authorization header. Could you check your logs and confirm that the Authorization header is being sent?
If you find that it is being sent, please append the access token (not the refresh token) to the end of the following URL. This will let you know the token's scope, expiry time, and status. Note that this URL won't work for expired tokens.
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=YOUR_ACCESS_TOKEN
Output for a valid AdWords access token will look like this:
{
"issued_to": "xxxx...",
"audience": "xxxx...",
"scope": "https://www.googleapis.com/auth/adwords",
"expires_in": 212,
"access_type": "offline"
}
Thanks,
Josh, AdWords API Team
Message has been deleted
eric haberman
Nov 20, 2014, 5:33:28 PM11/20/14
to adwor...@googlegroups.com
Thanks Josh, you're the man!
I'm using the PHP library, I can't find an example for generating the access token (sorry, I took over this code from someone else in the company)
Any tips?
I'm using the PHP library, I can't find an example for generating the access token (sorry, I took over this code from someone else in the company)
Any tips?
eric haberman
Nov 20, 2014, 6:34:51 PM11/20/14
to adwor...@googlegroups.com
Here is my request from the log, it looks like the access token is NOT being sent by the PHP library, though I am sending the 'access_token' in the $oauth2Info array when instantiating the AdWordsUser:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="https://adwords.google.com/api/adwords/o/v201409" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns2="https://adwords.google.com/api/adwords/cm/v201409">
<SOAP-ENV:Header>
<ns1:RequestHeader>
<ns2:clientCustomerId>581-880-2635</ns2:clientCustomerId>
<ns2:developerToken>deleted</ns2:developerToken>
<ns2:userAgent>CAB (AwApi-PHP/5.2.3, Common-PHP/5.2.3, PHP/5.3.10-1ubuntu3.14)</ns2:userAgent>
</ns1:RequestHeader>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<ns1:get>
<ns1:selector>
<ns1:searchParameters xsi:type="ns1:RelatedToQuerySearchParameter">
<ns1:queries>weight loss</ns1:queries>
</ns1:searchParameters>
<ns1:searchParameters xsi:type="ns1:IncludeAdultContentSearchParameter"/>
<ns1:ideaType>KEYWORD</ns1:ideaType>
<ns1:requestType>IDEAS</ns1:requestType>
<ns1:requestedAttributeTypes>KEYWORD_TEXT</ns1:requestedAttributeTypes>
<ns1:requestedAttributeTypes>SEARCH_VOLUME</ns1:requestedAttributeTypes>
<ns1:requestedAttributeTypes>COMPETITION</ns1:requestedAttributeTypes>
<ns1:requestedAttributeTypes>TARGETED_MONTHLY_SEARCHES</ns1:requestedAttributeTypes>
<ns1:paging>
<ns2:startIndex>0</ns2:startIndex>
<ns2:numberResults>50</ns2:numberResults>
</ns1:paging>
</ns1:selector>
</ns1:get>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="https://adwords.google.com/api/adwords/o/v201409" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns2="https://adwords.google.com/api/adwords/cm/v201409">
<SOAP-ENV:Header>
<ns1:RequestHeader>
<ns2:clientCustomerId>581-880-2635</ns2:clientCustomerId>
<ns2:developerToken>deleted</ns2:developerToken>
<ns2:userAgent>CAB (AwApi-PHP/5.2.3, Common-PHP/5.2.3, PHP/5.3.10-1ubuntu3.14)</ns2:userAgent>
</ns1:RequestHeader>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<ns1:get>
<ns1:selector>
<ns1:searchParameters xsi:type="ns1:RelatedToQuerySearchParameter">
<ns1:queries>weight loss</ns1:queries>
</ns1:searchParameters>
<ns1:searchParameters xsi:type="ns1:IncludeAdultContentSearchParameter"/>
<ns1:ideaType>KEYWORD</ns1:ideaType>
<ns1:requestType>IDEAS</ns1:requestType>
<ns1:requestedAttributeTypes>KEYWORD_TEXT</ns1:requestedAttributeTypes>
<ns1:requestedAttributeTypes>SEARCH_VOLUME</ns1:requestedAttributeTypes>
<ns1:requestedAttributeTypes>COMPETITION</ns1:requestedAttributeTypes>
<ns1:requestedAttributeTypes>TARGETED_MONTHLY_SEARCHES</ns1:requestedAttributeTypes>
<ns1:paging>
<ns2:startIndex>0</ns2:startIndex>
<ns2:numberResults>50</ns2:numberResults>
</ns1:paging>
</ns1:selector>
</ns1:get>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
On Thursday, November 20, 2014 4:03:55 PM UTC-6, Josh Radcliff (AdWords API Team) wrote:
eric haberman
Nov 20, 2014, 7:24:40 PM11/20/14
to adwor...@googlegroups.com
Here is a var_dump of the $user object's header elements:
["requestHeaderElements":"AdsUser":private]=> array(4) { ["userAgent"]=> string(94) "deleted:targetfinder:v1.9 (AwApi-PHP/5.2.3, Common-PHP/5.2.3, PHP/5.3.10-1ubuntu3.14)" ["clientCustomerId"]=> string(12) "581-880-2635" ["developerToken"]=> string(22) "deleted" ["applicationToken"]=> NULL }
And the oauth2Info:
["oauth2Info":"AdsUser":private]=> array(7) { ["client_id"]=> string(73) "deleted" ["client_secret"]=> string(24) "deleted" ["refresh_token"]=> string(66) "deleted" ["access_token"]=> string(83) "deleted" ["token_type"]=> string(6) "Bearer" ["expires_in"]=> int(3600) ["timestamp"]=> int(1416529531) }
The oauth 2 info is correct, an access token is refreshing, but the headers do not include an access_token.
eric haberman
Nov 20, 2014, 9:13:56 PM11/20/14
to adwor...@googlegroups.com
Resolved! Thank you for your help.
The problem was a fluke caused by a locked file not being overwritten, after I updated the library using CLI instead of dragndrop, it worked fine.
The problem was a fluke caused by a locked file not being overwritten, after I updated the library using CLI instead of dragndrop, it worked fine.
Josh Radcliff (AdWords API Team)
Nov 21, 2014, 11:02:16 AM11/21/14
to adwor...@googlegroups.com
Wow - glad you got to the bottom of it. I don't think I would have caught the locked file issue. :)
Cheers,
Josh, AdWords API Team
eric haberman
Nov 21, 2014, 11:11:11 AM11/21/14
to adwor...@googlegroups.com
Thanks for being so responsive! Glad it was ultimately an easy fix and not a *real* problem :)
Reply all
Reply to author
Forward
0 new messages