My messages on the dev forum are ignored

[Jakub Hancin]

Hello,

I am trying to solve one problem with the Google API but for some reason, 
nobody ever replies to my messages on this forum.

What am I doing wrong?

Is there some security setting that hides these messages from others?

My first thread (March 16th): https://groups.google.com/d/
msgid/adwords-api/0efaad81-5aeb-467f-a3f5-b8bca141b5f9n%40googlegroups.com 

 
My second thread (March 30th): https://groups.google.com/d/
msgid/adwords-api/17f309e2-4089-49a6-9200-fc1437a09c8en%40googlegroups.com 

 

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog:
https://googleadsdeveloper.blogspot.com/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API and Google Ads API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API and Google Ads API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/e0488b77-831b-4107-87aa-16169223e7afn%40googlegroups.com.

Cannot access client's campaigns via API

[Jakub Hancin]

Hello,

I am trying to access client's campaigns via Google Ads API but I am 
failing.

I am getting this error:

"errorCode": { "authorizationError": "USER_PERMISSION_DENIED"},
 "message": "User doesn't have permission to access customer. Note: If 
you're accessing a client customer, the manager's customer id must be set 
in the 'login-customer-id' header. See 
https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid
"

I have gone countless times through the standards, so let me recap what I 
have done and tried so far.

To be perfectly clear, the 'client' is a real account using real ads, but 
still under our control for test purposes. We have full control over the 
client in this example.

1. We have added the Customer account (789-584-) to the list of 
Sub-Accounts via the UI on the Master Manager account (506-141-).
2. The client (us again) confirmed the linking of these accounts together 
and granted access to the Manager account. The Manager account can easily 
access all the ads of the client account via UI and can see the full 
history of the client (we want to be able to perform this via API).
3. The client was sent the link to provide consent. The consent was given 
and an Authorization code was generated.
4. The Authorization code was used to generate a pair of tokens. Up to this 
point, everything went successfully as expected.
5. When the tokens are used to access client's data, we get the 403 error. 
"User doesn't have permission to access customer. Note: If you're accessing 
a client customer, the manager's customer id must be set in the 
'login-customer-id' header. See 
https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid
"

The step 5 is where our code fails.

Let me write here the details of the HTTP request. As I trust these matters 
are handled by seasoned developers, I believe you can easily figure out the 
meaning of the code below. We are using a config object where the variables 
are stored. No hyphens are used for the accounts, so the values look like 
this: 789584 or 506141:

req.setMethod('POST');
req.setHeader('Content-Type','application/json');
req.setHeader('login-customer-id',config.ManagerAccountId__c);
req.setHeader('Authorization','Bearer '+config.AccessToken__c);
req.setHeader('developer-token',config.DeveloperToken__c);
req.setEndpoint('
https://googleads.googleapis.com/v4/customers/'+config.ClientId_Account__c+'/googleAds:search'
);
req.setBody('{"pageSize": 1,"query": "SELECT campaign.id,campaign.name, 
campaign.status, campaign.end_date, campaign.start_date, 
metrics.cost_micros, campaign.campaign_budget FROM campaign"}');

We are failing miserably.

We have tried the approach of generating credentials under the client's 
account and retrying the whole authorization flow with new client ID and 
client secret (talking now abou the app client id + secret), but we could 
not even get to the Authorization code as Google rejected the new app on 
the client's side explaining the app is only in test mode (it is true that 
we have the Basic access only on the Master manager account, because 
getting even the Basic access was a huge bureaucratic pain for us -> we do 
hope we do NOT have to submit the app for basic access for each client).

Thank you for any help.

Jakub
SaaScend 

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog:
https://googleadsdeveloper.blogspot.com/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API and Google Ads API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API and Google Ads API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/17f309e2-4089-49a6-9200-fc1437a09c8en%40googlegroups.com.

Re: Cannot access client's campaigns via API

[Jakub Hancin]

Hello Ernie John Blanca Tacata,

could you please provide me your email address so that we can tackle this 
together?

Jakub

SaaScend

On Wednesday, March 24, 2021 at 11:59:41 PM UTC+1 Jakub Hancin wrote:

>
> I am not able to use the Reply privately to author option.
> I can only reply all.
>
> Please, contact me on ja...@saascend.com privately so that we can handle 
> this.
>
> Thank you.
>
> Jakub
> SaaScend
> On Tuesday, March 23, 2021 at 5:33:23 AM UTC+1 adsapiforumadvisor wrote:
>
>> Hi Jakub,
>>
>> My apologies for the delayed response. Allow me to provide support to 
>> your concern.
>>
>> The USER_PERMISSION_DENIED 
>> <https://developers.google.com/google-ads/api/docs/best-practices/common-errors#user_permission_denied>
>>  
>> error occurs when authenticating as a user with access to a manager account 
>> but not specifying *login-customer-id* in the request. With this, you 
>> need to specify the *login-customer-id* as the manager account ID 
>> without hyphens (-).
>>
>> If the issue persists after trying the provided suggestion, then please 
>> provide the following details below via *Reply privately to author* 
>> option to further investigate: 
>>
>>- Customer ID 
>>- email address / user account that has access to the MCC account and 
>>used to generate Oauth2 credential 
>>
>> <https://developers.google.com/google-ads/api/docs/first-call/oauth-cloud-project>
>>  
>>- complete request 
>>
>> <https://developers.google.com/google-ads/api/docs/concepts/field-service#request>
>>  
>>and response 
>>
>> <https://developers.google.com/google-ads/api/docs/concepts/field-service#response>
>>  
>>logs with request ID 
>>
>> <https://developers.google.com/google-ads/api/docs/concepts/call-structure#request-id>
>>  generated 
>>on your end where we can see this error 
>>
>>
>> Regards,
>> [image: Google Logo] 
>> Ernie John Blanca Tacata 
>> Google Ads API Team 
>>   
>>
>> ref:_00D1U1174p._5004Q2Dxld3:ref
>>
>

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog:
https://googleadsdeveloper.blogspot.com/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API and Google Ads API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API and Google Ads API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/0efaad81-5aeb-467f-a3f5-b8bca141b5f9n%40googlegroups.com.

Re: Cannot access client's campaigns via API

[Jakub Hancin]

I am not able to use the Reply privately to author option.
I can only reply all.

Please, contact me on ja...@saascend.com privately so that we can handle 
this.

Thank you.

Jakub
SaaScend
On Tuesday, March 23, 2021 at 5:33:23 AM UTC+1 adsapiforumadvisor wrote:

> Hi Jakub,
>
> My apologies for the delayed response. Allow me to provide support to your 
> concern.
>
> The USER_PERMISSION_DENIED 
> 
>  
> error occurs when authenticating as a user with access to a manager account 
> but not specifying *login-customer-id* in the request. With this, you 
> need to specify the *login-customer-id* as the manager account ID without 
> hyphens (-).
>
> If the issue persists after trying the provided suggestion, then please 
> provide the following details below via *Reply privately to author* 
> option to further investigate: 
>
>- Customer ID 
>- email address / user account that has access to the MCC account and 
>used to generate Oauth2 credential 
>
> 
>  
>- complete request 
>
> 
>  
>and response 
>
> 
>  
>logs with request ID 
>
> 
>  generated 
>on your end where we can see this error 
>
>
> Regards,
> [image: Google Logo] 
> Ernie John Blanca Tacata 
> Google Ads API Team 
>   
>
> ref:_00D1U1174p._5004Q2Dxld3:ref
>

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog:
https://googleadsdeveloper.blogspot.com/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API and Google Ads API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API and Google Ads API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/66d4f7d9-51a2-4894-9c7a-52804611a288n%40googlegroups.com.

Re: Cannot access client's campaigns via API

[Jakub Hancin]

I would appreciate any sorts of help please.

On Tuesday, March 16, 2021 at 8:01:29 PM UTC+1 Jakub Hancin wrote:

>
> Hello,
>
> I am trying to access client's campaigns via Google Ads API but I am 
> failing.
>
> I am getting this error:
>
> "errorCode": { "authorizationError": "USER_PERMISSION_DENIED"},
>  "message": "User doesn't have permission to access customer. Note: If 
> you're accessing a client customer, the manager's customer id must be set 
> in the 'login-customer-id' header. See 
> https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid
> "
>
> I have gone countless times through the standards, so let me recap what I 
> have done and tried so far.
>
> To be perfectly clear, the 'client' is a real account using real ads, but 
> still under our control for test purposes. We have full control over the 
> client in this example.
>
> 1. We have added the Customer account (789-584-) to the list of 
> Sub-Accounts via the UI on the Master Manager account (506-141-).
> 2. The client (us again) confirmed the linking of these accounts together 
> and granted access to the Manager account. The Manager account can easily 
> access all the ads of the client account via UI and can see the full 
> history of the client (we want to be able to perform this via API).
> 3. The client was sent the link to provide consent. The consent was given 
> and an Authorization code was generated.
> 4. The Authorization code was used to generate a pair of tokens. Up to 
> this point, everything went successfully as expected.
> 5. When the tokens are used to access client's data, we get the 403 error. 
> "User doesn't have permission to access customer. Note: If you're accessing 
> a client customer, the manager's customer id must be set in the 
> 'login-customer-id' header. See 
> https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid
> "
>
> The step 5 is where our code fails.
>
> Let me write here the details of the HTTP request. As I trust these 
> matters are handled by seasoned developers, I believe you can easily figure 
> out the meaning of the code below. We are using a config object where the 
> variables are stored. No hyphens are used for the accounts, so the values 
> look like this: 789584 or 506141:
>
> req.setMethod('POST');
> req.setHeader('Content-Type','application/json');
> req.setHeader('login-customer-id',config.ManagerAccountId__c);
> req.setHeader('Authorization','Bearer '+config.AccessToken__c);
> req.setHeader('developer-token',config.DeveloperToken__c);
> req.setEndpoint('
> https://googleads.googleapis.com/v4/customers/'+config.ClientId_Account__c+'/googleAds:search'
> );
> req.setBody('{"pageSize": 1,"query": "SELECT campaign.id,campaign.name, 
> campaign.status, campaign.end_date, campaign.start_date, 
> metrics.cost_micros, campaign.campaign_budget FROM campaign"}');
>
> We are failing miserably.
>
> We have tried the approach of generating credentials under the client's 
> account and retrying the whole authorization flow with new client ID and 
> client secret (talking now abou the app client id + secret), but we could 
> not even get to the Authorization code as Google rejected the new app on 
> the client's side explaining the app is only in test mode (it is true that 
> we have the Basic access only on the Master manager account, because 
> getting even the Basic access was a huge bureaucratic pain for us -> we do 
> hope we do NOT have to submit the app for basic access for each client).
>
> Thank you for any help.
>
> Jakub
> SaaScend
>
>
>
>

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog:
https://googleadsdeveloper.blogspot.com/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API and Google Ads API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API and Google Ads API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/f4620fd9-3ffe-4385-9f2c-026bc2fe502en%40googlegroups.com.

Cannot access client's campaigns via API

[Jakub Hancin]

Hello,

I am trying to access client's campaigns via Google Ads API but I am 
failing.

I am getting this error:

"errorCode": { "authorizationError": "USER_PERMISSION_DENIED"},
 "message": "User doesn't have permission to access customer. Note: If 
you're accessing a client customer, the manager's customer id must be set 
in the 'login-customer-id' header. See 
https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid";

I have gone countless times through the standards, so let me recap what I 
have done and tried so far.

To be perfectly clear, the 'client' is a real account using real ads, but 
still under our control for test purposes. We have full control over the 
client in this example.

1. We have added the Customer account (789-584-) to the list of 
Sub-Accounts via the UI on the Master Manager account (506-141-).
2. The client (us again) confirmed the linking of these accounts together 
and granted access to the Manager account. The Manager account can easily 
access all the ads of the client account via UI and can see the full 
history of the client (we want to be able to perform this via API).
3. The client was sent the link to provide consent. The consent was given 
and an Authorization code was generated.
4. The Authorization code was used to generate a pair of tokens. Up to this 
point, everything went successfully as expected.
5. When the tokens are used to access client's data, we get the 403 error. 
"User doesn't have permission to access customer. Note: If you're accessing 
a client customer, the manager's customer id must be set in the 
'login-customer-id' header. See 
https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid";

The step 5 is where our code fails.

Let me write here the details of the HTTP request. As I trust these matters 
are handled by seasoned developers, I believe you can easily figure out the 
meaning of the code below. We are using a config object where the variables 
are stored. No hyphens are used for the accounts, so the values look like 
this: 789584 or 506141:

req.setMethod('POST');
req.setHeader('Content-Type','application/json');
req.setHeader('login-customer-id',config.ManagerAccountId__c);
req.setHeader('Authorization','Bearer '+config.AccessToken__c);
req.setHeader('developer-token',config.DeveloperToken__c);
req.setEndpoint('https://googleads.googleapis.com/v4/customers/'+config.ClientId_Account__c+'/googleAds:search');
req.setBody('{"pageSize": 1,"query": "SELECT campaign.id,campaign.name, 
campaign.status, campaign.end_date, campaign.start_date, 
metrics.cost_micros, campaign.campaign_budget FROM campaign"}');

We are failing miserably.

We have tried the approach of generating credentials under the client's 
account and retrying the whole authorization flow with new client ID and 
client secret (talking now abou the app client id + secret), but we could 
not even get to the Authorization code as Google rejected the new app on 
the client's side explaining the app is only in test mode (it is true that 
we have the Basic access only on the Master manager account, because 
getting even the Basic access was a huge bureaucratic pain for us -> we do 
hope we do NOT have to submit the app for basic access for each client).

Thank you for any help.

Jakub
SaaScend



-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog:
https://googleadsdeveloper.blogspot.com/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API and Google Ads API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API and Google Ads API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/bed7b69c-118d-4e45--375f8544685dn%40googlegroups.com.

Google Ads API does not allow me to access client data on linked accounts

[Jakub Hancin]

Hello,

I am trying to access linked data on a client account from the managerial 
account via a HTTP GET message.

I am using an approach that worked very well on the testing token, with 
testing managerial account and testing client account underneath.

I did confirm the linkage on the client account and the account is 
accessible from the google dashboard, I can see the campaigns and 
everything when in as a manager.

However, when trying to access the same information via HTTP requests 
(providing all the necessary credentials of course - same principle I did 
under testing token circumstances) I get a 403 error.

The message says to include the manager's customer id as the 
login-customer-id.
I am already doing that, therefore no added value for me in that advice.

I have the Google Ads API enabled, the application is created, I have the 
Oauth credentials, consent on the client is dealt with and calling the 
requests with all the required credentials.

Am I forgetting something crucially important? Do I have to include some 
kind of additional scope (that costs 15000-75000 dollars to aquire)?

Would appreciate any thoughts where to (re)begin debugging this.

[image: error403.png]

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog:
https://googleadsdeveloper.blogspot.com/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API and Google Ads API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API and Google Ads API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/6e0f4317-4fb3-499a-be36-ee2e0f21cc54n%40googlegroups.com.