Hi Sherwin, I have found this thread that matches exactly the issue that I'm experiencing. I am trying to migrate our API call from using OAuth OOB flow to use a service account instead, as OOB will be blocked from Oct 3, 2022, according to an email from Google.
I followed the guide linked and configured python client library, but got the NOT_ADS_USER error. The following are the logs: ``` /usr/local/lib/python3.8/site-packages/google/ads/googleads/v11/services/services/google_ads_service/client.py line 3327 in search response = rpc( /usr/local/lib/python3.8/site-packages/google/api_core/gapic_v1/method.py line 154 in __call__ return wrapped_func(*args, **kwargs) /usr/local/lib/python3.8/site-packages/google/api_core/grpc_helpers.py line 50 in error_remapped_callable return callable_(*args, **kwargs) /usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 216 in __call__ response, ignored_call = self._with_call(request, /usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 257 in _with_call return call.result(), call /usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 126 in result raise self._exception /usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 241 in continuation response, call = self._thunk(new_method).with_call( /usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 266 in with_call return self._with_call(request, /usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 257 in _with_call return call.result(), call /usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 126 in result raise self._exception /usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 241 in continuation response, call = self._thunk(new_method).with_call( /usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 266 in with_call return self._with_call(request, /usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 254 in _with_call call = self._interceptor.intercept_unary_unary(continuation, /usr/local/lib/python3.8/site-packages/google/ads/googleads/interceptors/exception_interceptor.py line 99 in intercept_unary_unary self._handle_grpc_failure(response) /usr/local/lib/python3.8/site-packages/google/ads/googleads/interceptors/exception_interceptor.py line 71 in _handle_grpc_failure raise self._get_error_from_response(response) GoogleAdsException: (<_InactiveRpcError of RPC that terminated with: status = StatusCode.UNAUTHENTICATED details = "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project." debug_error_string = "UNKNOWN:Error received from peer ipv4:142.250.70.234:443 {grpc_message:"Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", grpc_status:16, created_time:"2022-09-21T06:36:19.909217836+00:00"}" >, <_InactiveRpcError of RPC that terminated with: status = StatusCode.UNAUTHENTICATED details = "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project." debug_error_string = "UNKNOWN:Error received from peer ipv4:142.250.70.234:443 {grpc_message:"Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", grpc_status:16, created_time:"2022-09-21T06:36:19.909217836+00:00"}" >, errors { error_code { authentication_error: NOT_ADS_USER } message: "User in the cookie is not a valid Ads user." } request_id: "dqYyLJV7xi-TvefjLuriiw" , 'dqYyLJV7xi-TvefjLuriiw') -------------------- >> begin captured logging << -------------------- google.auth.transport.requests: DEBUG: Making request: POST https://oauth2.googleapis.com/token urllib3.connectionpool: DEBUG: Starting new HTTPS connection (1): oauth2.googleapis.com:443 urllib3.connectionpool: DEBUG: https://oauth2.googleapis.com:443 "POST /token HTTP/1.1" 200 None google.ads.googleads.client: INFO: Request ------- Method: /google.ads.googleads.v11.services.GoogleAdsService/Search Host: googleads.googleapis.com Headers: { "developer-token": "REDACTED", "x-goog-api-client": "gl-python/3.8.14 grpc/1.48.1 gax/2.8.2 gccl/17.0.0", "x-goog-request-params": "customer_id=8177090057" } Request: customer_id: "8177090057" query: "\n SELECT\n campaign.id,\n campaign.name,\n metrics.impressions,\n metrics.clicks,\n metrics.cost_micros,\n segments.date\n FROM campaign\n WHERE segments.date BETWEEN \'2022-04-18\' AND \'2022-04-20\'\n " Response ------- Headers: { "google.ads.googleads.v11.errors.googleadsfailure-bin": "\n2\n\u0003\u0001\u000e\u0012+User in the cookie is not a valid Ads user.\u0012\u0016dqYyLJV7xi-TvefjLuriiw", "grpc-status-details-bin": "\b\u0010\u0012\u0001Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.\u001a\u0001\nDtype.googleapis.com/google.ads.googleads.v11.errors.GoogleAdsFailure\u0012L\n2\n\u0003\u0001\u000e\u0012+User in the cookie is not a valid Ads user.\u0012\u0016dqYyLJV7xi-TvefjLuriiw", "request-id": "dqYyLJV7xi-TvefjLuriiw" } Fault: errors { error_code { authentication_error: NOT_ADS_USER } message: "User in the cookie is not a valid Ads user." } request_id: "dqYyLJV7xi-TvefjLuriiw" google.ads.googleads.client: WARNING: Request made: ClientCustomerId: 8177090057, Host: googleads.googleapis.com, Method: /google.ads.googleads.v11.services.GoogleAdsService/Search, RequestId: dqYyLJV7xi-TvefjLuriiw, IsFault: True, FaultMessage: User in the cookie is not a valid Ads user. --------------------- >> end captured logging << --------------------- ``` Please advice, thank you! On Wednesday, July 27, 2022 at 7:47:18 PM UTC+10 Google Ads API and AdWords API Forum wrote: > Hi Vitaly, > > Thank you for posting your concern. > > With regard to the NOT_ADS_USER > <https://developers.google.com/google-ads/api/docs/best-practices/common-errors?hl=en#not_ads_user> > error, > this error occurs when login user account / email address used to generate > the access token is not associated with any Google Ads account. With this, > make sure to log in with a valid Google Ads account (typically your manager > account) for the OAuth flow. > > Also, I would recommend using the Desktop app flow ( > https://developers.google.com/google-ads/api/docs/oauth/client-library) > instead and not the service account flow if you can. You can only use > it unless you need a domain-specific feature (for example, impersonation). > One step being incorrect means that it won't work for service accounts, > which appears to be the case here. > > However, if you still want to use service account, then make sure you to > follow this guide > <https://developers.google.com/google-ads/api/docs/oauth/service-accounts?hl=en> > and > use your desired client library > <https://developers.google.com/google-ads/api/docs/client-libs?hl=en> to > lessen the incorrect set up because as I mentioned earlier one incorrect > set up and service accounts will not work. > > If the error persists after trying the provided suggestions, then please > provide the email address / user account used to set up service account and > complete request > <https://developers.google.com/google-ads/api/docs/concepts/field-service#request> > and response > <https://developers.google.com/google-ads/api/docs/concepts/field-service#response> > logs > with request ID > <https://developers.google.com/google-ads/api/docs/concepts/call-structure#request-id> > generated > on your end to investigate. Please provide the requested details via *Reply > privately to author* option. > > Kind regards, > Sherwin VIncent > Google Ads API Team > On Tuesday, July 19, 2022 at 5:18:49 PM UTC+8 vitaly....@suse.com wrote: > >> Hi Google team, >> >> I am facing the following issue. I was able to get the data via API using >> the refresh token which was created manually with OAuth 2.0 Playground. But >> it is valid just for 7 days. Now I am trying to make it work with service >> account but seems like I am doing something wrong. I am using >> google-ads.yaml file where I provide developer_token, json_key_file_path >> and impersonated_email, which I guess should be (###@###- >> 123456.iam.gserviceaccount.com) and login customer_id. Here is the >> error I am getting: >> >> "Request is missing required authentication credential. Expected OAuth 2 >> access token, login cookie or other valid authentication credential. See >> https://developers.google.com/identity/sign-in/web/devconsole-project >> .","grpc_status":16}" >> >, errors { >> error_code { >> authentication_error: NOT_ADS_USER >> } >> message: "User in the cookie is not a valid Ads user." >> } >> request_id: "2m7ydydG--mQc5rNksXw3w" >> , '2m7ydydG--mQc5rNksXw3w') >> >> Please assist. >> >> Thanks, >> >> Vitaly >> > -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog: https://googleadsdeveloper.blogspot.com/ =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API and Google Ads API Forum" group. To post to this group, send email to adwords-api@googlegroups.com To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "Google Ads API and AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to adwords-api+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/d6e9b471-643e-41b8-bf88-81ee80adc298n%40googlegroups.com.