Google Ads

Manage Google Ads accounts, campaign operations, reporting, and conversion workflows through OAuth-backed Google Ads API access.

Setup Prerequisites

Most customers only need the Google user that already manages the ad account. Teams that bring their own Google Ads API app or developer token should also confirm the developer prerequisites.

• Google user with access to the target Google Ads customer account or the manager account (MCC) that owns it.
• Active Google Ads account with billing, policy, and customer ID available for the conversions endpoint.
• Google Ads API developer token approved for the access tier needed by your use case.
• Google Cloud OAuth consent screen configured for production, not left in external testing mode.
• OAuth client ID and client secret for a web application, with the Opius redirect URI added to the authorized redirect URIs.
• OAuth scope https://www.googleapis.com/auth/adwords.
• Offline access enabled so AdPilot can refresh access tokens for scheduled monitoring.

OAuth Setup

1. Go to your drone’s Settings > Integrations.
2. Click Connect next to Google Ads.
3. Sign in with the Google user that can see the target customer or MCC account.
4. Complete any Google two-step verification, passkey, or organization MFA challenge.
5. Approve Google Ads API access.
6. Select the manager account and customer account if AdPilot shows an account picker.
7. Confirm the provider card shows Connected.
8. Open AdPilot setup and confirm the selected Google Ads account appears in the readiness checklist.

Do not connect with a personal Google account that cannot see the production ad account. AdPilot preserves the selected account mapping, so switching to a different user later can make pending approvals stale.

Permission Scope

AdPilot still asks for spend approval before launch, budget increases, bid-strategy changes, or reactivation. OAuth permission alone does not authorize spend.

Re-Auth Handling

Google tokens can stop refreshing when the user revokes access, the OAuth project is still in external testing mode, the token is unused for an extended period, the connected account exceeds token limits, or a Workspace policy requires reauthentication.

MFA is controlled by Google, not by Opius. Expect MFA during reconnect and after Google security events such as password changes, new device checks, passkey changes, or Workspace session-control prompts. For launch readiness, check Google Ads auth monthly, after any Google security-policy change, and before approving a major spend action.

When the dashboard shows Auth expired, Reconnect required, Missing scope, or Account unavailable, follow Google Ads OAuth re-auth.

Limitations And Known Constraints

• AdPilot cannot see accounts the connected Google user cannot see in Google Ads or the selected MCC.
• Developer-token access tier, Google Ads API quotas, and account policy state can block otherwise valid operations.
• Reporting can lag behind live spend, especially for conversion metrics.
• Provider policy review can reject ads after submission; AdPilot can monitor the rejection but needs a revised approval before resubmission.
• Existing rejected or expired AdPilot approvals are not revived by reconnecting Google Ads.
• Google conversion setup requires the selected customer ID and conversion action details. It is separate from the Meta Pixel plus CAPI readiness guide.

Troubleshooting

• If the expected account is missing, reconnect with the MCC user that owns or manages the customer account.
• If the dashboard reports Missing scope, reconnect and approve the full Google Ads permission prompt.
• If refresh fails soon after setup, confirm the OAuth consent screen is not in external testing mode.
• If MFA blocks reconnect, finish the Google challenge in the OAuth window and retry from the provider card.
• For campaign, budget, tracking, or approval blockers, use AdPilot troubleshooting.