Common Errors

This page lists common errors and provides tips on preventing and handling them. For a complete list of errors, review the error references. For further support, visit our forum.

google.auth.exceptions.RefreshError

invalid_grant
SummaryToken has been expired or revoked.
Common causes A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of Testing is issued a refresh token expiring in 7 days.
How to handle Your Google project's publishing status is Testing so the refresh token expires every 7 days and receives an invalid_grant error. Go to the Google API Console and navigate to the OAuth consent screen. Then change the publishing status to In production following these instructions to avoid the refresh token expiring in 7 days.
Prevention tips See Unverified apps.

AuthenticationError

CLIENT_CUSTOMER_ID_INVALID
SummaryClient customer ID is not a number.
Common causes Using an improper client customer ID.
How to handle N/A
Prevention tips 123-456-7890 should be 1234567890. See Get started for details.
CLIENT_CUSTOMER_ID_IS_REQUIRED
SummaryClient customer ID was not specified in the HTTP header.
Common causes Not specifying a client customer ID in the HTTP header.
How to handle N/A
Prevention tips Client customer ID is required for all calls, so make sure you've specified one in the HTTP header. Consider using our client libraries as they handle this for you.
CUSTOMER_NOT_FOUND
SummaryNo account found for the customer ID provided in the header.
Common causes Trying to access an account that was just created before the account is established in the backend.
How to handle Wait an initial five minutes, then retry every 30 seconds.
Prevention tips Wait a few minutes after the account is created before issuing requests against it.
SummaryThe access token in the request header is either invalid or has expired.
Common causes The access token has been invalidated.
How to handle Request a new token. If you're using one of our client libraries, consult its documentation on how to refresh the token.
Prevention tips Store and reuse access tokens until they expire.
NOT_ADS_USER
SummaryThe Google account used to generate the access token is not associated with any Google Ads account.
Common causes The login information provided corresponds to a Google account that does not have Google Ads enabled.
How to handle Make sure to sign in with a valid Google Ads account (typically your manager account) for the OAuth flow. You can also invite the Google account to access an existing Google Ads account by signing in to your manager account, selecting the customer or manager account in question, navigating to Tools and Settings > Access and security, then adding the Google account email address.
Prevention tips N/A
OAUTH_TOKEN_INVALID
SummaryOAuth access token in the header is not valid.
Common causes Your access token passed with the HTTP header was not correct.
How to handle N/A
Prevention tips Make sure you've passed the correct access token associated with your account. It's sometimes confused with refresh tokens and authorization codes. If you would like to get a credential that can access all client accounts under a manager account, make sure you get the refresh token for the manager account. For more details, see our guide on access token and refresh token and OAuth2.

AuthorizationError

CUSTOMER_NOT_ENABLED
SummaryThe customer account cannot be accessed because it is not in an enabled state.
Common causes This occurs when the customer account hadn't finished signup or had been deactivated.
How to handle Sign in to the Google Ads UI and ensure that you've completed the signup process for this account. For deactivated accounts, see Reactivate a cancelled Google Ads account.
Prevention tips You can proactively check if a customer account is deactivated by checking for a status of CANCELLED.
DEVELOPER_TOKEN_NOT_APPROVED
SummaryThe developer token is only approved for use with test accounts and attempted to access a non-test account.
Common causes A test developer token was used to access a non-test account.
How to handle Ensure that you do in fact want to access a non-test account. If so, then you need to apply to have your developer token upgraded to Standard or Basic access.
Prevention tips N/A
DEVELOPER_TOKEN_PROHIBITED
SummaryThe developer token is not allowed with the project sent in the request.
Common causes Each Google API Console project can be associated with the developer token from only one manager account. Once you make a Google Ads API request, the developer token is permanently paired to the Google API Console project. If you don't use a new Google API Console project, you'll get a DEVELOPER_TOKEN_PROHIBITED error when making a request.
How to handle N/A
Prevention tips If switching to a developer token under a new manager account, you'll need to create a new Google API Console project for Google Ads API requests that use the new manager's token.
USER_PERMISSION_DENIED
SummaryThe authorized customer does not have access to the operating customer.
Common causes Authenticating as a user with access to a manager account but not specifying login-customer-id in the request.
How to handle N/A
Prevention tips Specify the login-customer-id as the manager account ID without hyphens (-). Client libraries have built in support for this.