Set Up Authorization
Stay organized with collections
Save and categorize content based on your preferences.
The Search Ads 360 API requires all requests to specify an OAuth 2.0
access token for authentication. You can follow any standard OAuth 2.0 authentication workflow
to generate the token and pass it to the Search Ads 360 API. We recommend the workflow described
below because it is suitable for fully automated conversion uploads and report downloads.
For alternatives to the workflow described below, see Using
OAuth 2.0 for Installed Applications or
Using OAuth 2.0 for Server to Server Applications. If you use an alternate workflow,
specify the following value as the scope parameter when you request an OAuth
2.0 authorization code:
https://www.googleapis.com/auth/doubleclicksearch
If you follow the server to server route, add the service account as a Search Ads 360 user.
Recommended authorization workflow
- Go to the Google API Console and select your project.
If you haven't already created a Google API Console project and OAuth credentials, follow
the instructions in Create a Google API
Console project and OAuth credentials for your client.
To find your project's OAuth client ID and secret, do the following:
- Open the Credentials page.
- In the Name column, click the name of your OAuth client.
- The client ID and secret are listed on the page.
- Open a web browser and sign into Google
with a Google Account that has
permission to access data in Search Ads 360.
This is the Google Account your API client will use to authenticate with Search Ads 360.
If the Google Account holder leaves your company and you remove Search Ads 360 access
from the account, you will need to repeat this authorization workflow and specify a
different Google Account.
- Obtain a refresh token by invoking the Search Ads 360 utility script as follows:
sa360Api.py --login
The script takes you through the process of using the Oauth client ID and secret to
obtain a refresh token. The refresh token is valid only for the Google Account you signed
into during the previous step.
As part of this process, the script generates a URL and instructs you to
visit the URL in a web browser.
-
When the browser asks you to allow OAuth client access to Search Ads 360 data,
make sure the Google Account you signed into earlier appears. (If you're signed into multiple
Google Accounts, you might be presented with a different account.)
At the end of the process, the sa360Api.py script outputs a comma-delimited
string. The first value is the client ID you provided, the second value is the client
secret you provided, and the third value is the refresh token. In the following example
output, the refresh token is in bold text:
123456789123.apps.googleusercontent.com,ABCDEFGHIJKLMNOPQR_abcdef,1/HIJklM01OPQR23NOP456rst890uvw
- Store the client ID, client secret, and refresh token in a backend database or
other secure location that's accessible to your application.
Keep the entire comma-delimited string in a convenient location if you plan to use
sa360Api.py to send sample JSON requests to the Search Ads 360 API. You'll pass the
entire string as a parameter each time you invoke the script.
- Add code to your application that does the following:
- Use the client ID, client secret, and refresh token to obtain a
fresh OAuth 2.0 access token.
- Send requests to the Search Ads 360 API using the fresh access token.
If you're using the client libraries, the next section, Set Up Your Application,
describes how to add this authorization code to your application.
If you're not using one of the client libraries, see Using OAuth 2.0 for Installed Applications for
suggestions on obtaining a fresh access token.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-28 UTC.
[null,null,["Last updated 2025-08-28 UTC."],[[["\u003cp\u003eThe Search Ads 360 API requires OAuth 2.0 access tokens for authentication, obtainable through standard OAuth 2.0 workflows or the recommended workflow outlined in the document.\u003c/p\u003e\n"],["\u003cp\u003eThe recommended workflow involves obtaining a refresh token using the provided utility script and storing it securely along with the client ID and secret.\u003c/p\u003e\n"],["\u003cp\u003eApplications should be designed to use the stored credentials to obtain fresh access tokens for API requests, as detailed in the "Set Up Your Application" section or relevant OAuth 2.0 documentation.\u003c/p\u003e\n"],["\u003cp\u003eAlternative workflows for installed or server-to-server applications are available with specific scope requirements and user management considerations.\u003c/p\u003e\n"]]],["The Search Ads 360 API requires OAuth 2.0 access tokens for authentication. The recommended workflow involves creating a Google API Console project and obtaining OAuth credentials. Users sign into a Google Account with Search Ads 360 access, then use the `sa360Api.py` script to generate a refresh token. The script outputs client ID, client secret, and refresh token. Store these securely, and use them in your application to obtain a fresh OAuth access token for API requests.\n"],null,["# Set Up Authorization\n\nThe Search Ads 360 API requires all requests to specify an [OAuth 2.0](/accounts/docs/OAuth2)\naccess token for authentication. You can follow any standard OAuth 2.0 authentication workflow\nto generate the token and pass it to the Search Ads 360 API. We recommend the workflow described\nbelow because it is suitable for fully automated conversion uploads and report downloads.\n\n\nFor alternatives to the workflow described below, see [Using\nOAuth 2.0 for Installed Applications](https://developers.google.com/accounts/docs/OAuth2InstalledApp) or\n[Using OAuth 2.0 for Server to Server Applications](https://developers.google.com/identity/protocols/OAuth2ServiceAccount). If you use an alternate workflow,\nspecify the following value as the `scope` parameter when you request an OAuth\n2.0 authorization code: \n\n`https://www.googleapis.com/auth/doubleclicksearch`\n\nIf you follow the server to server route, add the service account as a Search Ads 360 user.\n\nRecommended authorization workflow\n----------------------------------\n\n1. Go to the [Google API Console](https://console.cloud.google.com/) and select your project.\n\n\n If you haven't already created a Google API Console project and OAuth credentials, follow\n the instructions in [Create a Google API\n Console project and OAuth credentials for your client](/search-ads/v2/prereqs#project).\n\n To find your project's OAuth client ID and secret, do the following:\n 1. Open the [Credentials page](https://console.cloud.google.com/apis/credentials).\n 2. In the **Name** column, click the name of your OAuth client.\n 3. The client ID and secret are listed on the page.\n2. Open a web browser and [sign into Google](https://accounts.google.com/ServiceLogin)with a Google Account that [has\n permission to access data](/search-ads/v2/prereqs#permissions) in Search Ads 360.\n\n This is the Google Account your API client will use to authenticate with Search Ads 360.\n If the Google Account holder leaves your company and you remove Search Ads 360 access\n from the account, you will need to repeat this authorization workflow and specify a\n different Google Account.\n3. Obtain a refresh token by invoking the [Search Ads 360 utility script](/search-ads/v2/prereqs#ds3py) as follows:\n\n\n `sa360Api.py --login`\n\n\n The script takes you through the process of using the Oauth client ID and secret to\n obtain a refresh token. The refresh token is valid only for the Google Account you signed\n into during the previous step.\n\n As part of this process, the script generates a URL and instructs you to\n visit the URL in a web browser.\n4. When the browser asks you to allow OAuth client access to Search Ads 360 data,\n make sure the Google Account you signed into earlier appears. (If you're signed into multiple\n Google Accounts, you might be presented with a different account.)\n\n\n At the end of the process, the `sa360Api.py` script outputs a comma-delimited\n string. The first value is the client ID you provided, the second value is the client\n secret you provided, and the third value is the refresh token. In the following example\n output, the refresh token is in **bold text** : \n\n `123456789123.apps.googleusercontent.com,ABCDEFGHIJKLMNOPQR_abcdef,`**1/HIJklM01OPQR23NOP456rst890uvw**\n5. Store the client ID, client secret, and refresh token in a backend database or other secure location that's accessible to your application.\n Keep the entire comma-delimited string in a convenient location if you plan to use\n `sa360Api.py` to send sample JSON requests to the Search Ads 360 API. You'll pass the\n entire string as a parameter each time you invoke the script.\n\n6. Add code to your application that does the following:\n 1. Use the client ID, client secret, and refresh token to obtain a fresh OAuth 2.0 access token.\n 2. Send requests to the Search Ads 360 API using the fresh access token.\n\n\n If you're using the client libraries, the next section, [Set Up Your Application](/search-ads/v2/configure),\n describes how to add this authorization code to your application.\n\n\n If you're not using one of the client libraries, see [Using OAuth 2.0 for Installed Applications](https://developers.google.com/accounts/docs/OAuth2InstalledApp) for\n suggestions on obtaining a fresh access token."]]
