OperationAccessDenied.ACTION_NOT_PERMITTED uploading offline conversion

[Karl Adler]

Hey, 

I'm using a modified function from the Adwords php examples to upload offline conversions but unfortunately I always get the error in response

{
  "error": {
    "code": 500,
    "message": "Internal Server Error",
    "exception": [
      {
        "message": "[OperationAccessDenied.ACTION_NOT_PERMITTED @ class com.google.ads.api.serviceimpls.campaignmgmt.conversiontracking.offlinecon]",

the upload function:

 function UploadConversion($conversionName, $gclid, $conversionTime, $conversionValue = null) {
        // Get the services, which loads the required classes.
        $offlineConversionService = $this->user->GetService('OfflineConversionFeedService');


        // Associate offline conversions with the existing named conversion tracker.
        $feed = new OfflineConversionFeed();
        $feed->conversionName = $conversionName;
        $feed->conversionTime = $conversionTime;
        $feed->googleClickId = $gclid;
        ($conversionValue !== null) ?: $feed->conversionValue = $conversionValue;


        $offlineConversionOperation = new OfflineConversionFeedOperation();
        $offlineConversionOperation->operator = 'ADD';
        $offlineConversionOperation->operand = $feed;


        $offlineConversionOperations = array($offlineConversionOperation);
        $result = $offlineConversionService->mutate($offlineConversionOperations);


        $feed = $result->value[0];


        return array(
            'gclid' => $feed->googleClickId,
            'conversionName' => $feed->conversionName,
            'conversionValue' => $feed->conversionValue
        );
    }

The OAuth credentials should be fine, since I can perform a working get request listing campaigns...

[Umesh Dengale]

Hello,

The OperationAccessDenied.ACTION_NOT_PERMITTED error occurs when you don't have access to the service methods (e.g. mutate etc.). Could you check your OAuth2.0 credential has mutate operation rights (with ADD/SET/REMOVE operator)?

Regards,

Umesh, AdWords API Team.

[Karl Adler]

Hello Umesh,

Can you tell me where I can check the credentials rights? I retrieved the access token as shown in this video, where can I change the access rights?

Best Regards

Karl

[Umesh Dengale]

Hi Karl,

While generating the refresh token, if you login as the manager account user, so that the generated OAuth 2.0 code will be associated with this user. This will allow your client application to manage your manager account's child accounts as well. If you login with read-only user then you will allowed to make only read only API call(e.g. get). You could regenerate the OAuth2.0 credential by login as manager account user if you haven't done already. Please check PHP OAuth2.0 guide for more details.