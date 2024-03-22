



This document describes how to authenticate to the Ad Manager API. Authentication methods vary depending on the interface you use and the environment your code runs in, but all API requests must include an Ad Manager API-scoped access token.

The Ad Manager client library uses your application's default credentials to generate an Ad Manager API-scoped access token. This guide explains how to configure default credentials for your application.

Even if you are not using a client library, you must create credentials and use them to authorize requests.

For more information about authentication and authorization, see the Using OAuth 2.0 guide.

Determine the authentication type Authentication Type Description Service Account Select this if you want to authenticate as a dedicated account rather than a specific individual. Learn more about. Web Application Ad Manager Select this to authenticate as a user to allow the application to access data. Advanced Local Development Select this if you want to authenticate as your own Google account or a service account for your local development environment. .Enable Ad Manager API

Enable the Ad Manager API in your Google API Console cloud project.

When prompted, select a project or create a new project.

Create credentials

Click the authentication type tab and follow the steps to create your credentials.

Service account on Google Cloud

To authenticate your workloads running in Google Cloud, use the credentials of the service account associated with the compute resource where your code is running.

For example, you can attach a service account to a Compute Engine virtual machine (VM) instance, Cloud Run service, or Dataflow job. This approach is the recommended authentication method for code running on Google Cloud compute resources.

For more information about the resources to which you can attach service accounts, and for help attaching service accounts to resources, see the Attaching Service Accounts documentation.

On-premises or on another cloud provider

The recommended way to set up authentication from outside of Google Cloud is to use Workload Identity federation. Create a credentials configuration file and set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to it. This approach is more secure than creating a service account key.

If you cannot configure Workload Identity federation, you must create a service account and create a key for the service account.

Open the Google API Console Credentials page.

[資格情報]on the page,[資格情報の作成]Select[サービス アカウント]Choose.

Click the email address of the service account for which you want to create a key.

Click the Keys tab.

[キーの追加]Click the drop-down menu and[新しいキーの作成]Choose.

Select JSON as the key type and click Create.

Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of your JSON file.

Export Linux or macOS GOOGLE_APPLICATION_CREDENTIALS=KEY_FILE_PATH Setting Windows GOOGLE_APPLICATION_CREDENTIALS=KEY_FILE_PATH Web application

Open the Google API Console Credentials page.

When prompted, select the project where you enabled the Ad Manager API.

[資格情報]on the page,[資格情報の作成]and then choose your OAuth client ID.

Select the application type for your web application.

Fill out the form and click Create. Applications using languages ​​and frameworks such as PHP, Java, Python, Ruby, and .NET must specify authorized redirect URIs. A redirect URI is an endpoint to which your OAuth 2.0 server can send responses. These endpoints must follow Google's validation rules.

After creating your credentials, download the client_secret.json file. Store your files securely in a location that only your application can access.

From here, follow the steps to obtain an OAuth 2.0 access token.

regional development

Set up application default credentials (ADC) in your local environment.

Install the Google Cloud CLI and initialize it by running the following command:

gcloud init

Create local credentials for your Google Account and set a project ID for the project that has the Ad Manager API enabled.

gcloud auth application-default login –scopes=”https://www.googleapis.com/auth/admanager” gcloud auth application-default set-quota-project PROJECT_ID

Alternatively, set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of your key file to authenticate as a service account.

Export for Linux or macOS GOOGLE_APPLICATION_CREDENTIALS=KEY_FILE_PATH Set up Windows GOOGLE_APPLICATION_CREDENTIALS=KEY_FILE_PATH Set up your Ad Manager network Tip: If you're a third-party developer, ask your clients to complete this step by sending them the following steps. Navigate to your service account Ad Manager Network. Click the Administrator tab. Make sure API access is enabled. Click the Add Service Account User button. Fill out the form using your service account email. Service account users must be added to the appropriate roles and teams for API integration. Click the Save button. A message appears asking you to confirm adding the service account.[ユーザー]tab and click Service Account Filter to view existing service account users. Go to Web Application Ad Manager Network. Click the Administrator tab. Make sure API access is enabled. Go to Local Development Ad Manager Network. Click the Administrator tab. Make sure API access is enabled.If there is no client library

Even if you're not using a client library, we highly recommend using the OAuth2 library for authentication.

For detailed instructions on obtaining an access token, see Using OAuth2 with Google APIs.

access token

Include an access token in your requests to the API by including either the access_token query parameter or the Authorization HTTP header bearer value. Query strings tend to appear in server logs, so we recommend using HTTP headers when possible.

for example:

GET /v1/networks/1234 Host: admanager.googleapis.com Permission: Bearer ya29.a0Ad52N3_shYLX GET https://admanager.googleapis.com/v1/networks/1234?access_token=1/fFAGRNJru1FTz70BzhT3Zg Scope

Each access token is associated with one or more scopes. Scopes control the set of resources and operations that an access token allows. The Ad Manager REST API has only one scope. Authorization must be performed at the user level within the product.

Scope Permissions https://www.googleapis.com/auth/admanager View and manage campaigns in Google Ad Manager.

