PERMISSION_DENIED but login_customer_id is set correctly in the yaml

[Sven van Munster]

I'm a bit stuck. My account has access to multiple accounts. One of them is a manager account which manages 2 accounts. I want to get the data for one of those accounts under the manager account. 

In the yaml file I set the login_customer_id of this manager account and I did the Oauth successful. When running list_accessible_customers I see all accounts including the manager account. Then when querying the client_id to get data from the account under the manager account I get PERMISSION_DENIED error:

Error with message "User doesn't have permission to access customer. Note: If you're accessing a client customer, the manager's customer id must be set in the 'login-customer-id' header. See https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid". 

I can get data for the accounts I have direct access to, just the error when trying to get data for the indirect access through the manager. The login_customer_id is set correct. Also I double checked that I query the client_id and have the manager id in the yaml.

Any suggestions on what I'm doing wrong here?

[Google Ads API Forum Advisor]

Hello Sven,

Thank you for reaching out to us.

Since you've encountered the USER_PERMISSION_DENIED error, can you confirm if the OAuth2 credentials being used was generated from a user’s email address that has an access to the login-customer-id found in your API request header? If yes, can you provide us the Email Address used to authenticate the API call and the complete API logs (request and response with request-id) so our team can further check?

Please send the requested details via the Reply privately to author option. If this option is not available, you may send the details directly to our googleadsa...@google.com alias instead.

Regards,

Reminder: Share your feedback about the Google Ads (AdWords) API! Take the 2021 Google Ads API and AdWords API Annual Survey
 

Mark Kevin Albios Google Ads API Team

ref:_00D1U1174p._5004Q2R9zHl:ref

[Sven van Munster]

Thanks for the quick reply. Yes, the Oauth credentials are for the same email as the one that can access the login-customer-id. As as note, the email address of the manager account is the same as my own account. So hierarchy is 1...@example.com (main account) and 1...@example.com (manager account). Could it be that this is conflicting somehow? 

I will provide the input as requested privately. 

Op donderdag 18 november 2021 om 07:40:42 UTC+1 schreef adsapi:

[Google Ads API Forum Advisor]

Hi Sven,

My colleague Mat had sent you a private email regarding this case on November 18, here's a copy:

 
Hi Sven,

Thanks for providing those extra details. However, can you please privately provide us the request including the request headers and details (not as a code sample)?

Thanks,
Matt
Google Ads API Team

Reminder: Share your feedback about the Google Ads (AdWords) API! Take the 2021 Google Ads API and AdWords API Annual Survey
 

Matt Google Ads API Team

Can you access this customer without a login-customer-id? With your top MCC as login-customer-id? Here's logging instructions. Setting the logger to 'DEBUG' would get the necessary request/response log. Regards, Aryeh Baker Google Ads API Team

 

ref:_00D1U1174p._5004Q2R9zHl:ref