PERMISSION_DENIED: Request had insufficient authentication scopes

[Tamar Broner]

Hey,

I'm trying to call this function:

google.ads.googleads.v13.services.CustomerService.ListAccessibleCustomers

with the google ads access token.

But I get this error:

Request had insufficient authentication scopes.

Error code: 7

Is anyone familiar with that?

Thanks in advance.

[Google Ads API Forum Advisor]

Hi Tamar,

Thank you for reaching out to us.

Upon checking the subject of this email, I can see that the encountered error is the PERMISSION_DENIED (https://developers.google.com/google-ads/api/reference/rpc/v14/AuthorizationErrorEnum.AuthorizationError?hl=en#user_permission_denied), which means a user doesn't have permission to access a customer and you’re accessing a client customer using 'login-customer-id’ in the request.

To address the above error, you will need to ensure that the user / email address you used to generate the credentials indeed has access (https://support.google.com/google-ads/answer/9978556?visit_id=637628826037447236-382779227&rd=1) to the account in your request. If the user / email address has access or is associated with the MCC / manager account, you will need to specify the said MCC / manager account ID as the value of the login-customer-id (https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid) field.

If the issue still persists, can you please provide the user account / email address that you used to generate API access or refresh tokens and the complete API logs (request, response, and request ID) generated on your end so that we can further check this and provide appropriate recommendations to you.

• request : https://developers.google.com/google-ads/api/docs/concepts/field-service#request
• response: https://developers.google.com/google-ads/api/docs/concepts/field-service#response
• request-id : https://developers.google.com/google-ads/api/docs/concepts/call-structure#request-id

Note that logs can be requested or provided to the developer handling the Google Ads API transactions when logging of the API requests has been enabled. You may check here and click your client library for the specific guideline to enable it.

• here: https://developers.google.com/google-ads/api/docs/best-practices/logging#client_library_logging

For REST interface requests, you can enable logging via the curl command by using the -i flag. This will cause the tool to include the HTTP response headers in the output.

You may then send the requested information via the Reply privately to author option. If this option is not available, you may send the details directly to our googleadsa...@google.com alias instead.
 

This message is in relation to case "ref:_00D1U1174p._5004Q2o7H3G:ref"

Thanks,
 

Google Ads API Team