I am trying to pull data from Google Ads API to get campaign data without using OAuth Scopes and by just using a service account. Though I have put all the service account credential in my yaml file, I am getting "The Google account (@gmail.com user) that generated the OAuth access tokens is not associated with any Ads accounts." PLEASE HELP:)

CODE:

    from google.ads.googleads.client import GoogleAdsClient     from google.oauth2.service_account import Credentials     def get_campaigns_with_service_account(path_to_credential_file):   """Retrieves a list of campaigns using a service account.   Args:       client_id: The client ID of your Google Ads API credentials.       client_secret: The client secret of your Google Ads API credentials (optional).       refresh_token: The refresh token for your Google Ads API credentials (optional).       developer_token: The developer token for your Google Ads API project.       path_to_credential_file: The path to your service account key file in JSON format.   """   # Configure service account credentials   credentials = Credentials.from_service_account_file(       path_to_credential_file,       scopes=['https://www.googleapis.com/auth/adwords'],  # Adjust scopes as needed   )   # Create Google Ads client using service account credentials   client =GoogleAdsClient.load_from_storage("/content/drive/My Drive/Keys/google-ads.yaml")   ga_service = client.get_service("GoogleAdsService", version="v16")  # Use CampaignService   # Create a query to retrieve all campaigns   query = ("SELECT campaign.id, campaign.name, campaign.status "            "FROM campaign")   # Get a response with campaign information   customer_id = 'XXXXXX'  # Replace with your actual customer ID   def stream_response(client, customer_id, query):     return client.get_service("GoogleAdsService", version="v16").search_stream(customer_id=customer_id,       query=query)` `

MY YAML FILE:

`# Developer token ########################################################################################## # A developer token is required when making requests to the Google Ads API regardless of # # whether you're using the OAuth2 or Service Account configurations. To obtain a         # # developer token see:                                                                   # # https://developers.google.com/google-ads/api/docs/first-call/dev-token                 # ##########################################################################################     developer_token: {{token}} # Use proto plus ########################################################################################## # This parameter specifies whether the client library should return proto-plus messages  # # or protobuf messages. This value should be explicitly set to either "True" or "False", # # For more information on the differences between these two types, see our Protobuf      # # Messages guide:                                                                        # # https://developers.google.com/google-ads/api/docs/client-libs/python/protobuf-messages # ##########################################################################################     use_proto_plus: False # OAuth2 configuration ########################################################################################## # The below configuration parameters are used to authenticate using the recommended      # # OAuth2 flow. For more information on authenticating with OAuth2 see:                   # # https://developers.google.com/google-ads/api/docs/oauth/overview                       # ########################################################################################## #client_id: INSERT_ID_HERE #client_secret: INSERT_SECRET_HERE #refresh_token: INSERT_REFRESH_TOKEN_HERE # Service Account configuration ########################################################################################## # To authenticate with a service account add the appropriate values to the below         # # configuration parameters and remove the three OAuth2 credentials above. The            # # "json_key_file_path" value should be a path to your local private key json file, and   # # "impersonated_email" should be the email address that is being used to impersonate the # # credentials making requests. for more information on service accounts, see:            # # https://developers.google.com/google-ads/api/docs/oauth/service-accounts.              # # If you're authorizing with direct account access, then the "impersonated_email"        # # configuration is optional.                                                             # ##########################################################################################     json_key_file_path: /content/drive/My Drive/Keys/winged-woods-421416-bcf06a74b272.json     impersonated_email: api-creds@winged-woods-xxx.iam.gserviceaccount.com # Login customer ID configuration ########################################################################################## # Required for manager accounts only: Specify the login customer ID used to authenticate # # API calls. This will be the customer ID of the authenticated manager account. It       # # should be set without dashes, for example: 1234567890 instead of 123-456-7890. You can # # also specify this later in code if your application uses multiple manager account +    # # OAuth pairs.                                                                           # ########################################################################################## login_customer_id: XXXXXXXX # Logging configuration ########################################################################################## # Below you may specify the logging configuration. This will be provided as an input to  # # logging.config.dictConfig. Use the "level" block under the root logger configuration   # # to adjust the logging level. Note in the "format" field that log messages are          # # truncated to 5000 characters by default. You can change this to any length by removing # # the ".5000" portion or changing it to a different number.                              # # ######################################################################################## # logging:   # version: 1   # disable_existing_loggers: False   # formatters:     # default_fmt:       # format: '[%(asctime)s - %(levelname)s] %(message).5000s'       # datefmt: '%Y-%m-%d %H:%M:%S'   # handlers:     # default_handler:       # class: logging.StreamHandler       # formatter: default_fmt   # loggers:     # "":       # handlers: [default_handler]       # level: INFO # Proxy configuration ########################################################################################## # Below you can specify an optional proxy configuration to be used by requests. If you   # # don't have username and password, just specify host and port.                          # # ######################################################################################## # http_proxy: http://user:password@localhost:8000` 
 OUTPUT: FaultMessage: The Google account (@gmail.com user) that generated the OAuth access tokens is not associated with any Ads accounts. Create a new account, or add the Google account to an existing Ads account.   message: "The Google account (@gmail.com user) that generated the OAuth access tokens is not associated with any Ads accounts. Create a new account, or add the Google account to an existing Ads account." }

Tag:google-ads-api, python

Only one comment.

  1. Dave Davis

    Looks like you misunderstood the impersonation email purpose. The service account is used to impersonate an regular person who has access to the ads account. You cannot use a service account in a different way (the way you might expect).

    See here: https://developers.google.com/google-ads/api/docs/oauth/service-accounts#prerequisites

    you're trying to impersonate the service account, not a real user. Which is why you're getting this error.

    Reply

Add a new comment.