Hi Yin, Thanks for the advice, but maybe I'm missing something with the Google app as I get back what looks to be a good result.
If I explain the path in more detail: On our test website, the user (whilst logged into their Google Adwords account - a test MCC account at this point) clicks on a form which posts: https://accounts.google.com/o/oauth2/auth?client_id=XXXXXXXXXXX-xxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadwords&redirect_uri=https://www.mysite.com/oauth2callback&access_type=offline&approval_prompt=auto and then the user gives access to their Adwords account and this returns an authorization code: we then on our web server request the access token with: c:\Curl\curl -k --request POST "https://accounts.google.com/o/oauth2/token" \ --data "code=AUTHORIZATION CODE OBTAINED FROM FIRST CALL&client_id=XXXXXXXXXXXX-XXXXXXXXXXXXXXXX.apps.googleusercontent.com&client_secret=XXXXXXXXXXXXXXX&redirect_uri=https://www.mysitye.com/oauth2callback&grant_type=authorization_code" -o c:\Curl\Output00002744.txt and this returns the token: { "access_token" : "ya29.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-XXXXX", "token_type" : "Bearer", "expires_in" : 3600, "refresh_token" : "1/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" } and when our web server uses this token to request the campaigns in the account and that is when we get the result: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><ResponseHeader xmlns="https://adwords.google.com/api/adwords/cm/v201509"><requestId>000529db499dd7780a819c08570880cc</requestId><serviceName>CampaignService</serviceName><methodName>get</methodName><operations>1</operations><responseTime>877</responseTime></ResponseHeader></soap:Header><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>[AuthenticationError.NOT_ADS_USER @ ; trigger:'<null>']</faultstring><detail><ApiExceptionFault xmlns=" https://adwords.google.com/api/adwords/cm/v201509"><message>[AuthenticationError.NOT_ADS_USER @ ; trigger:'<null>']</message><ApplicationException.Type>ApiException</ApplicationException.Type><errors xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="AuthenticationError"><fieldPath></fieldPath><trigger><null></trigger><errorString>AuthenticationError.NOT_ADS_USER</errorString><ApiError.Type>AuthenticationError</ApiError.Type><reason>NOT_ADS_USER</reason></errors></ApiExceptionFault></detail></soap:Fault></soap:Body></soap:Envelope> So the user is logged in when they give us access, is this not right? Thanks, Matt -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and Google+: https://googleadsdeveloper.blogspot.com/ https://plus.google.com/+GoogleAdsDevelopers/posts =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to adwords-api@googlegroups.com To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to adwords-api+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/adwords-api. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/07b7ad24-9106-4900-be94-3a187907c4fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.