Google Ads API in Azure Function - How to Authenticate?
I am writing an Azure Function in C# using .NET core.
I have tried to authenticate as an APPLICATION per this page.
I've tried authenticating with a service account per this page.
In both cases I'm getting an access denied error message.
The root question I have is,
Which authentication method should I use for the Google Ads API from within an Azure Function?
Update:
In my latest attempt to use a service account I have this code
GoogleAdsConfig config = new GoogleAdsConfig() { OAuth2Mode = Google.Ads.GoogleAds.Config.OAuth2Flow.SERVICE_ACCOUNT, OAuth2SecretsJsonPath = pathtojsonfile, OAuth2PrnEmail = "something@somethingelse.iam.gserviceaccount.com", OAuth2Scope = "https://www.googleapis.com/auth/adwords", DeveloperToken = "********" }; var responseMessage = ""; var client = new GoogleAdsClient(config); // Get the GoogleAdsService. GoogleAdsServiceClient googleAdsService = client.GetService(Services.V6.GoogleAdsService); // Create the query. string query = @"SELECT campaign.id, campaign.name, ad_group.id, ad_group.name, ad_group_criterion.criterion_id, ad_group_criterion.keyword.text, ad_group_criterion.keyword.match_type, metrics.impressions, metrics.clicks, metrics.cost_micros FROM keyword_view WHERE segments.date DURING LAST_7_DAYS AND campaign.advertising_channel_type = 'SEARCH' AND ad_group.status = 'ENABLED' AND ad_group_criterion.status IN ('ENABLED','PAUSED') ORDER BY metrics.impressions DESC LIMIT 50"; try { // Issue a search request. await googleAdsService.SearchStreamAsync(customerId.ToString(), query, delegate (SearchGoogleAdsStreamResponse resp) { // Display the results. foreach (GoogleAdsRow criterionRow in resp.Results) { responseMessage += "Keyword with text " + $"'{criterionRow.AdGroupCriterion.Keyword.Text}', match type " + $"'{criterionRow.AdGroupCriterion.Keyword.MatchType}' and ID " + $"{criterionRow.AdGroupCriterion.CriterionId} in ad group " + $"'{criterionRow.AdGroup.Name}' with ID " + $"{criterionRow.AdGroup.Id} in campaign " + $"'{criterionRow.Campaign.Name}' with ID " + $"{criterionRow.Campaign.Id} had " + $"{criterionRow.Metrics.Impressions.ToString()} impressions, " + $"{criterionRow.Metrics.Clicks} clicks, and " + $"{criterionRow.Metrics.CostMicros} cost (in micros) during the " + "last 7 days."; } } ); } catch (GoogleAdsException e) { responseMessage += "Failure:\n"; responseMessage += $"Message: {e.Message}\n"; responseMessage += $"Failure: {e.Failure}\n"; responseMessage += $"Request ID: {e.RequestId}\n"; throw; } return responseMessage; When I call this I get the following error:
{ "StatusCode": 16, "Details": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", "RequestId": "0Yk2OYrUATjwftZ5I0qi2g", "Failure": { "errors": [ { "errorCode": { "authenticationError": "NOT_ADS_USER" }, "message": "User in the cookie is not a valid Ads user." } ] } } I have the service account set up with the Google Ads API Enabled. Why does it think I'm "NOT AN ADS USER" ???
Firstly, we need to understand that functions should not be used to do UI-related actions. In any app service the pop up for the login ( which allows to provide the credentials) will not be supported.
E.g. : To avoid this scenario , in case of AD auth we may use service principle where we feed the required credential to acquire the token. So if we want to use the google auth SDK we need to connect to the concerned team ( Google team) to understand if this is feasible at all.
For this you may check the Server-To-Server Service Account Authentication, as below:
https://cloud.google.com/docs/authentication/production
In case you need any assistance in this, we would recommend you to reach out to the concerned support team.