Skip to content

API access using own credentials (server to server flow)

sundquist edited this page Sep 20, 2018 · 6 revisions

This guide will walk you through how to setup OAuth2 for API access using your own credentials using server to server flow. These steps only need to be done once, unless you revoke or delete your OAuth2 credentials.

Step 1 - Creating OAuth2 credentials

Please use JSON keyfiles for authentication as P12 keyfiles are now deprecated for the Perl client library.

Follow the steps to generate a **service account ID and a .json or .p12 file, then come back to this page.

If you're an Google Ads user, please note that this flow requires a Google Apps Domain.

Step 2 - Setting up the client library

Using a .json file

Under the OAuth2 section of your adwords.properties file, insert your account delegate email, and path to your JSON file.

oAuth2ServiceAccountDelegateEmailAddress=INSERT_EMAIL_OF_ACCOUNT_TO_IMPERSONATE_HERE
oAuth2ServiceAccountJSONFile=INSERT_PATH_TO_YOUR_CERTIFICATE_FILE_HERE

Using a .p12 file (deprecated)

In order to use the library for service accounts you need to transform your p12 certificate as generated by the Google API Console to PEM format. Make sure no password is set. In Linux/Unix systems with openssl installed you can execute.

openssl pkcs12 -in {private-key}.p12 -out {private-key}.pem -nodes

Under the OAuth2 section of your adwords.properties file, insert your account email, account delegate email, and path to your PEM file.

oAuth2ServiceAccountEmailAddress=INSERT_OAUTH_CLIENT_EMAIL_HERE
oAuth2ServiceAccountDelegateEmailAddress=INSERT_EMAIL_OF_ACCOUNT_TO_IMPERSONATE_HERE
oAuth2ServiceAccountPEMFile=INSERT_PATH_TO_YOUR_CERTIFICATE_FILE_HERE
You can’t perform that action at this time.