Get access to Google AdWords API v201506 with ASP.NET MVC

Question

I need to use AdWrods Api v201506 for some simple operations, but i still get authorization error (I will pass it in the bottom of this post). I think the problem is not in the code (I just copy-paste it from googles documentation) but in the account settings, so the best way to find out error is show you what I do in every step.

1. Create production MCC account here (production-mcc@gmail.com). Notice that I chosen "To manage other people's accounts." as an answer for "How will you primarily use this AdWords manager account?".
2. Get developer token for production-mcc@gmail.com. It's still "waiting for approve" but it's not a problem because I will use test account.
3. Create test MCC account here (for To manage other people's accounts., test-mcc@gmail.com).
4. Create new Project in Console Google Developer as test-mcc@gmail.com (MyProject).
5. Create app in consent screen (MyProject_App).
6. Create new Client ID for web application:
   • JavaScript origins: http://localhost:50194/
   • Redirect URIs: http://localhost:50194/oauth2callback (autogenerated) and http://localhost:8080/ - without this url I not be able to generate refresh token with OAuthTokenGenerator.exe (from here). Installed application as an "Other" type and generate refresh token with OAuthTokenGenerator.exe (from here).
7. Go to Google Adwords and add client account (button +Account -> Create New AdWords Account). Save changes and copy his id.
8. Now get Client ID, Client Secret and successfully generate refresh token.
9. Install with NuGet Google.AdWords and Google.Ads.Common packages in MVC project.

10. Edit <AdWordsApi> sections in web.config file as below:

    <!-- Settings related to SOAP logging. -->
    <add key="MaskCredentials" value="true" />
    
    <!-- Settings related to general library behaviour. -->
    
    <!-- Use this key to automatically retry a call that failed due to a
         recoverable error like expired credentials. -->
    <!-- <add key="RetryCount" value="1"/> -->
    
    <!-- Set the service timeout in milliseconds. -->
    <!-- <add key="Timeout" value="100000"/> -->
    
    <!-- Use this key to enable or disable gzip compression in SOAP requests.-->
    <add key="EnableGzipCompression" value="true" />
    
    <!-- Proxy settings for library. -->
    <add key="ProxyServer" value="" />
    <add key="ProxyUser" value="" />
    <add key="ProxyPassword" value="" />
    <add key="ProxyDomain" value="" />
    
    <!-- Settings specific to AdWords API.-->
    <add key="UserAgent" value="RANDOM_STRING" />
    <add key="DeveloperToken" value="DEV_TOKEN_FROM_2_PARAGRAPH" />
    
    <!-- If your application is a simple script that makes calls to only a
         single Adwords account, then you can set your customer ID here. If you
         have multiple customer IDs to deal with in your account, then you can
         comment out this key and set the value at runtime by setting
         ((AdWordsAppConfig) user.Config).ClientCustomerId = "xxx";
    -->
    <add key="ClientCustomerId" value="CLIENT_ID_FROM_7_PARAGRAPH" />
    
    <!-- Use the following settings to skip the report header and summary rows
         when downloading a report in CSV, TSV or their gzipped formats. -->
    <add key="SkipReportHeader" value="false" />
    <add key="SkipReportSummary" value="false" />
    <add key="SkipColumnHeader" value="false" />
    
    <!-- Use the following setting to include zero impression rows when
         downloading a report. If this setting is commented out, then the server
         behaves as explained in
         https://developers.google.com/adwords/api/docs/guides/zero-impression-reports#default_behavior.
    -->
    <!-- <add key="IncludeZeroImpressions" value="true"/> -->
    
    <!-- Settings specific to use OAuth2 as authentication mechanism. You could
         run Common\Util\OAuth2TokenGenerator.cs to generate this section of the
         config file.
    -->
    <!-- Provide the OAuth2 client ID and secret. You can create one from
         https://console.developers.google.com. See
         https://github.com/googleads/googleads-dotnet-lib/wiki/Using-OAuth2
         for more details.
    -->
    <add key="OAuth2ClientId" value="CLIENT_ID_FROM_8_PARAGRAPH" />
    <add key="OAuth2ClientSecret" value="CLIENT_SECRET_FROM_8_PARAGRAPH" />
    
    <!-- The following OAuth2 settings are optional. -->
    <!-- Provide a different OAuth2 scope if required. Multiple scopes should be
         separated by spaces. -->
    <!-- <add key="OAuth2Scope" value="INSERT_OAUTH2_SCOPE_HERE" /> -->
    
    <!-- Use the following keys if you want to use Web / Installed application
         OAuth flow.-->
    
    <add key="OAuth2Mode" value="APPLICATION" />
    <!-- If you are using a single MCC account's credentials to make calls to
         all your accounts, then you can run OAuth2TokenGenerator.cs to generate
         a RefreshToken for that account and set this key in your application's
         App.config / Web.config. If you are making calls to multiple unrelated
         accounts, then you need to implement OAuth2 flow in your account and
         set this key at runtime. See OAuth folder under Examples folder for a
         web and a console application example.
    -->
    <add key="OAuth2RefreshToken" value="REFRESH_TOKEN_FROM_8_PARAGARAPH" />
    
    <!-- Optional: Specify an OAuth2 redirect url if you are building a
         web application and implementing OAuth2 web flow in your application.
    -->
    <!-- <add key="OAuth2RedirectUri" value="" /> -->
    
    
    <!-- Use the following keys if you want to use OAuth2 service account flow.
         You should comment out all the keys for Web / Installed application
         OAuth flow above. See
         https://developers.google.com/adwords/api/docs/guides/service-accounts
         https://github.com/googleads/googleads-dotnet-lib/wiki/Using-OAuth2
         for more details.
    -->
    <!--
    <add key="OAuth2Mode" value="SERVICE_ACCOUNT" />
    <add key="OAuth2ServiceAccountEmail"
        value="INSERT_OAUTH2_SERVICE_ACCOUNT_EMAIL_HERE" />
    <add key="OAuth2PrnEmail" value="INSERT_OAUTH2_USER_EMAIL_HERE" />
    <add key="OAuth2JwtCertificatePath"
        value="INSERT_OAUTH2_JWT_CERTIFICATE_PATH_HERE" />
    <add key="OAuth2JwtCertificatePassword"
        value="INSERT_OAUTH2_JWT_CERTIFICATE_PASSWORD_HERE" />
    -->
    

Now, I just copy-paste code from example in Google Developers Documentation.

After running I got exception in:

BudgetReturnValue budgetRetval = budgetService.mutate(
    new BudgetOperation[] {budgetOperation});

and it call: [AuthorizationError.USER_PERMISSION_DENIED @ ; trigger:'<null>'] According to documentation it means: "User doesn't have permission to access customer.". My question is: what I'm doing wrong with authorization? Which token or id is invalid?

PS. I described all steps which I done - not less not more.

Answer 1

I found solution for exception ([AuthorizationError.USER_PERMISSION_DENIED @ ; trigger:'<null>'] ): the problem was in refresh token - when I generated his I was loggin in my private account not as a test-mcc@gmail.com. So when you will use OAuthTokenGenerator.exe make sure that you sigin in proper account when generator shows new window and ask for permission.