Authentication

Requests to the ReachPlanService must supply an approved developer token, OAuth credentials, and a customer ID that your OAuth credentials can access.

This guide covers authentication details specific to ReachPlanService. If you haven't already, first complete the steps outlined in Get started, then come back to this point.

Developer token and OAuth credentials

In addition to the guidance presented by Get started, keep the following points in mind:

  1. Your developer token must be allowlisted to connect to the ReachPlanService, even if it's already approved for use with other Google Ads API services. For more information, see the eligibility requirements.
  2. You must accept the Google Ads API Terms of Service in order to connect to the Google Ads API.
  3. The user who owns your OAuth refresh token determines which customer IDs you can query in the ReachPlanService. This informs your integration and is explained in more details below.

Customer IDs

Most services within the Google Ads API operate on specific Google Ads accounts and campaigns. As a result, most requests require both a customer ID to identify the account you're managing or querying, and OAuth credentials that have permission to access that customer ID. However, ReachPlanService is meant for video planning activities that might occur before you know the specific customer ID where you would run a campaign.

For partners who build tools for internal use in their organization, we recommend one of the following choices:

  1. If your planners don't have access to your clients' Google Ads accounts: Generate OAuth credentials using the installed application flow for a user with access to your developer token's manager account. Then create or obtain a Google Ads account for each team that uses your tool, and link them to your manager account. When making requests to ReachPlanService provide the customer ID corresponding to a user's team.

  2. If your planners have access to a Google Ads manager account that manages your clients' accounts: Implement the web application flow to allow your app to use your planners' OAuth credentials. Then you can pass in the customer ID corresponding to the customer of your plan.

For partners who build a tool for external users, we recommend similar approaches:

  1. Generate OAuth credentials using the installed application flow for a user with access to your developer token's manager account. Create a Google Ads account per external client and link them to your manager account. Then configure your tool to provide a client's corresponding customer ID when they're generating plans.

  2. Give your users the ability to grant your tool access to their accounts by using the web application flow. Once a user grants permission, use the CustomerService to provide them with a list of Google Ads accounts they can access.

The goal is to ensure planners have the lowest possible friction when using the ReachPlanService. Before you integrate the API, select one of the two approaches according to your situation and identify a few customer IDs to test. If in doubt, use the first suggested approach for your tool type.