Google Ads API - Trying to access from service account
I am trying to pull data from Google Ads API to get campaign data without using OAuth Scopes and by just using a service account. Though I have put all the service account credential in my yaml file, I am getting "The Google account (@gmail.com user) that generated the OAuth access tokens is not associated with any Ads accounts." PLEASE HELP:)
CODE:
from google.ads.googleads.client import GoogleAdsClient from google.oauth2.service_account import Credentials def get_campaigns_with_service_account(path_to_credential_file): """Retrieves a list of campaigns using a service account. Args: client_id: The client ID of your Google Ads API credentials. client_secret: The client secret of your Google Ads API credentials (optional). refresh_token: The refresh token for your Google Ads API credentials (optional). developer_token: The developer token for your Google Ads API project. path_to_credential_file: The path to your service account key file in JSON format. """ # Configure service account credentials credentials = Credentials.from_service_account_file( path_to_credential_file, scopes=['https://www.googleapis.com/auth/adwords'], # Adjust scopes as needed ) # Create Google Ads client using service account credentials client =GoogleAdsClient.load_from_storage("/content/drive/My Drive/Keys/google-ads.yaml") ga_service = client.get_service("GoogleAdsService", version="v16") # Use CampaignService # Create a query to retrieve all campaigns query = ("SELECT campaign.id, campaign.name, campaign.status " "FROM campaign") # Get a response with campaign information customer_id = 'XXXXXX' # Replace with your actual customer ID def stream_response(client, customer_id, query): return client.get_service("GoogleAdsService", version="v16").search_stream(customer_id=customer_id, query=query)` `
MY YAML FILE:
`# Developer token ########################################################################################## # A developer token is required when making requests to the Google Ads API regardless of # # whether you're using the OAuth2 or Service Account configurations. To obtain a # # developer token see: # # https://developers.google.com/google-ads/api/docs/first-call/dev-token # ########################################################################################## developer_token: {{token}} # Use proto plus ########################################################################################## # This parameter specifies whether the client library should return proto-plus messages # # or protobuf messages. This value should be explicitly set to either "True" or "False", # # For more information on the differences between these two types, see our Protobuf # # Messages guide: # # https://developers.google.com/google-ads/api/docs/client-libs/python/protobuf-messages # ########################################################################################## use_proto_plus: False # OAuth2 configuration ########################################################################################## # The below configuration parameters are used to authenticate using the recommended # # OAuth2 flow. For more information on authenticating with OAuth2 see: # # https://developers.google.com/google-ads/api/docs/oauth/overview # ########################################################################################## #client_id: INSERT_ID_HERE #client_secret: INSERT_SECRET_HERE #refresh_token: INSERT_REFRESH_TOKEN_HERE # Service Account configuration ########################################################################################## # To authenticate with a service account add the appropriate values to the below # # configuration parameters and remove the three OAuth2 credentials above. The # # "json_key_file_path" value should be a path to your local private key json file, and # # "impersonated_email" should be the email address that is being used to impersonate the # # credentials making requests. for more information on service accounts, see: # # https://developers.google.com/google-ads/api/docs/oauth/service-accounts. # # If you're authorizing with direct account access, then the "impersonated_email" # # configuration is optional. # ########################################################################################## json_key_file_path: /content/drive/My Drive/Keys/winged-woods-421416-bcf06a74b272.json impersonated_email: api-creds@winged-woods-xxx.iam.gserviceaccount.com # Login customer ID configuration ########################################################################################## # Required for manager accounts only: Specify the login customer ID used to authenticate # # API calls. This will be the customer ID of the authenticated manager account. It # # should be set without dashes, for example: 1234567890 instead of 123-456-7890. You can # # also specify this later in code if your application uses multiple manager account + # # OAuth pairs. # ########################################################################################## login_customer_id: XXXXXXXX # Logging configuration ########################################################################################## # Below you may specify the logging configuration. This will be provided as an input to # # logging.config.dictConfig. Use the "level" block under the root logger configuration # # to adjust the logging level. Note in the "format" field that log messages are # # truncated to 5000 characters by default. You can change this to any length by removing # # the ".5000" portion or changing it to a different number. # # ######################################################################################## # logging: # version: 1 # disable_existing_loggers: False # formatters: # default_fmt: # format: '[%(asctime)s - %(levelname)s] %(message).5000s' # datefmt: '%Y-%m-%d %H:%M:%S' # handlers: # default_handler: # class: logging.StreamHandler # formatter: default_fmt # loggers: # "": # handlers: [default_handler] # level: INFO # Proxy configuration ########################################################################################## # Below you can specify an optional proxy configuration to be used by requests. If you # # don't have username and password, just specify host and port. # # ######################################################################################## # http_proxy: http://user:password@localhost:8000`
OUTPUT: FaultMessage: The Google account (@gmail.com user) that generated the OAuth access tokens is not associated with any Ads accounts. Create a new account, or add the Google account to an existing Ads account. message: "The Google account (@gmail.com user) that generated the OAuth access tokens is not associated with any Ads accounts. Create a new account, or add the Google account to an existing Ads account." }
Looks like you misunderstood the impersonation email purpose. The service account is used to impersonate an regular person who has access to the ads account. You cannot use a service account in a different way (the way you might expect).
See here: https://developers.google.com/google-ads/api/docs/oauth/service-accounts#prerequisites
you're trying to impersonate the service account, not a real user. Which is why you're getting this error.