How to find the permission level of Google Adwords developer token - google-ads-api

We have applied for developer token in 2013 and have been using it to call all Google Adwords APIs [v201809]. Recently we have decided to add a new feature which requires a different Adwords API (TargetingIdeaService).
We are not sure what permission access level (https://developers.google.com/adwords/api/docs/access-levels#permissible_use) our developer token has and whether we can use our existing token to call this API feature.
Any idea how to find that out?

Related

Access Graph API from native iOS application to create a user

I want to gain access to the Graph API in order to integrate a native iOS Sign Up page. I was able to achieve a native implementation of Sign In using ROPC but there too after logging in the user and redeeming the refresh token, I wasn't able to read the user profile using Graph API. Can someone please explain to me as to how I can go about this?
AAD B2C tokens can not access Microsoft graph api. Customise the token such that it contains all the information you require in the first place.

Refresh Token not Working in Microsoft Graph APIs

I have been using Microsoft Graph APIs in my .NET application to read Calendar, mails and Contacts from Office 365. Now my application uses Access Token for its working, which expires after every one hour and prompts the User to re-login.
My requirement is to extend the token expiry, which can only be done using Refresh Token. I tried to include the scope "offline_access" in my app and it gave me the error "MSAL always sends the scopes 'openid profile offline_access'. They cannot be suppressed as they are required for the library to function. Do not include any of these scopes in the scope parameter."
I have modelled my application on the demo given by Microsoft for Graph APIs and MVC integration on the link:
https://learn.microsoft.com/en-us/outlook/rest/dotnet-tutorial
What wrong am I doing here or what am I missing?
Any help would be greatly appreciated.
The tutorial you are referring to is for the Outlook REST APIs. NOT Microsoft Graph. All Microsoft Graph samples are here https://developer.microsoft.com/en-us/graph/gallery/?filterBy=Samples,SDKs
There is a great getting started page that links to a tutorial to build your first app https://developer.microsoft.com/en-us/graph/get-started/asp.net
This uses MSAL v2.7 SDK that handles the refresh tokens for you and the Microsoft Graph SDK for dotnet.

Can we use google youtube data api without OAuth

After reading the documents of Google API. I know that if a project we create needs to access private data, we should use oauth. But here is my situation. we will open a business account in Youtube, and we will create a project to push videos to our own account, we don't need to operate other user's' account. Can we use google youtube data api without OAuth?
There are two ways to access private user data with Google APIs.
Strait Oauth2. where you have a consent for asking the owner of the account if you can access it
Service accounts which are technically pre authorized by the developer.
Normally I would say because you are only accessing the one account that you own, use a service account. Unfortunately the YouTube API does not support service account authentication.
Due to the lack of service account support you will have to use Oauth2. I have done this in the past.
Authentication your script once, using a server sided language of some kind. The Authentication server will return to you a Refresh token. Refresh tokens can be used at any time to get a new access token. Access tokens are used to access Google APIs and are only valid for an hour. Save this refresh token someplace. You will then be able to allow access the YouTube account in question when ever you like.
Note: You will have to watch it. Refresh tokens can on rare occasion become invalid. I recommend having a script ready that will allow you to re authenticate the application again storing a new refresh token. Its rare that it happens but it can happen best to be pre-paired.
Oauth Play ground
Part of the point of Oauth is that it identifies your application to Google though the creation of your project on Google developer console. Things like quota and access to which APIs is controlled though that. If you spam the API they will know and shut you down. (never seen this happen)
When you request access of a user it pops up with the name of the project on google developer console. This is identified by the client id and client secrete for that project on google developer console. When I use oauth playground I get asked 'Google OAuth 2.0 Playground would like to ..'
So by using playground you are using Googles client id and client secrete to create a refresh token for yourself. If N other devs are also doing this the quota for YouTube may be used up in the course of a day. Also security wise you are now giving that project access to your data. Ignore that for a second what if google suddenly decides to remove change the client id or generate a new one. Your refresh token will no longer work. What if random dev X is using it as well and he starts spamming everything and the client id gets shut down (Think this happened last year) your going to have to wait for google to upload a new client id for the one that has now been banned.
Google OAuth 2.0 Playground might seam nice but its not for daily use IMO its good for testing nothing more. Create your own project and get your own access its not hard just requires a programing language that can handle a http Post.
My tutorial Google 3 legged oauth2 flow

Do I need a dev token to access AdWords API via OAuth?

I am trying to get an access to AdWords API via OAuth.
I registered an app, created MCC account (to a different e-mail) and a test account.
I read through AdWords API documentation and don't see that I need a dev token to access an account by oauth. Just clientId, clientSecret and accessToken.
But when I try to connect to the API using google-api-adwords-dotnet library. I get "Parameter name: AdWords API requires a developer token"
What is the purpose of OAuth if I cant access the API without MCC and dev token?
Best regards,
Andrei
P.S. I can access my test account providing my dev token. But I need to access any client who granted an access to me, not just clients who are part of my MCC account.
This question was answered on AdWords API group: https://groups.google.com/forum/#!topic/adwords-api/mC7mB-YYH-Q
A developer token is required to make AdWords API calls. It's main purpose is to ensure that the developer has accepted AdWords API T&Cs, identify your requests in case we need to troubleshoot issues you are facing, etc. In the past, it was also used to identify the account to which API calls were charged, but that's no longer the case since AdWords API calls are now free.
OAuth2 tokens are used to authenticate the calls you make against a client account. You may also use ClientLogin as an alternative to OAuth2, but it is deprecated and it's use is strongly discouraged.
You need an MCC account to get a developer token, but it's not a requirement that the account you make calls to lives under that MCC. Using OAuth, you could make calls to a totally unrelated account (e.g. a client logs in from the UI), as long as you can generate an access token for the same. Right now, your developer token is under review, that's why your ability to make calls are restricted to test accounts. Once your token is approved, you should be able to make calls to any account that you have access to.

Google Apps Script "Upgraded Authorisation Experience" and OAuth

I have been playing with the new Admin SDK in conjunction with the "upgraded authorisation experience" and wondered if someone has and experience/examples on how to use it. From what I have read, if you upgrade the authorisation experience you shouldn't need to use OAuth 2.0 and get a client ID and secret from the API console.
When you upgrade the authorisation, the API console entry is automatically created so you just have to turn on Admin SDK. Your app should then run simply using your own admin credentials.
Have I misunderstood this and if so, what is the benefit of the new authorisation experience?
I can use the Admin SDK just fine if I create a client ID and secret in the API console but this is using OAuth 2.0 then.
If someone has an example of how to use the admin sdk with OAuth 1.0 i could have a look at it would be much appreciated.
You will still need get your tokens and API key...
Take from the Directory API documentation:
If your application has certain unusual authorization requirements, such as logging in at the same time as requesting data access (hybrid) or domain-wide delegation of authority (2LO), then you cannot currently use OAuth 2.0 tokens. In such cases, you must instead use OAuth 1.0 tokens and an API key. You can find your application's API key in the Google APIs Console, in the Simple API Access section of the API Access pane.
If you are looking for an oAuth2 example with GAS, Arun has a nice example he posted on GitHub, see the SO posting: How to authorize with oauth 2.0 from appscript to Google APIs?
Sorry, I don't have any oAuth1 example to interface with the new APIs.

Resources