Skip to main content
Adjar works through the Google Ads API. To let it in, you’ll collect a few credentials into one google.json file. This page walks through each one. How the pieces fit: a manager account, the Google Ads account you manage, and a Google Cloud OAuth client each supply some of the six values in google.json, which the adjar CLI then uses to call the Google Ads API.

Prerequisites

  • A Google Ads account you want to manage
  • A Google account to sign in with — it owns the manager account and approves access
  • The Google Cloud console (creating a project is free)
  • curl for the final step (preinstalled on macOS and Linux)
1

Create and link a manager account

Google issues developer tokens only to a manager account — an umbrella Google Ads account (you may see it called “My Client Center” or MCC) that sits above your regular ad accounts and manages them. Already have one? Skip to the next step.
  1. Create a manager account at Google Ads → Manager accounts.
  2. In the manager account, click Link existing account, enter the Customer ID of the account you want to manage (the xxx-xxx-xxxx shown top-right in that account), and click Send request.
  3. Sign in to that account, open Admin → Access and security → Managers, and Accept the request.
Reference: Link accounts to your manager account.
2

Apply for a developer token

In your manager account, open Admin → API Center and request a token (Google’s guide walks through the form). New tokens start with test access, which reaches only test accounts — so apply for basic access to use your real account.Google reviews each basic-access request and usually replies by email in 3–5 business days, often asking what you’ll use the API for. Reply promptly — something like this clears review:
“We use the Google Ads API through Adjar, a command-line tool, to manage our own company’s Google Ads account. It exports the account into version-controlled config files, shows proposed changes as diffs for review, and applies the approved changes through the API. We are not reselling API access or building a tool for third parties.”
3

Create an OAuth client

  1. In the Google Cloud console, create a project (or pick one) and enable the Google Ads API for it.
  2. Configure the OAuth consent screen (you may find it under Google Auth Platform): choose External, add an app name and support email, and list your own Google account under Test users.
  3. Open Clients → Create client, set Application type to Desktop app, and click Create. Desktop clients allow localhost redirects automatically, so there’s no redirect URL to set.
  4. Copy the Client ID and Client secret — your client_id and client_secret.
Reference: Manage OAuth clients.
4

Get a refresh token

There’s no app running to catch Google’s response, so do this by hand:
  1. Open this URL in a browser (paste in your client_id), sign in as the user with access to the ad account, and approve: 
    https://accounts.google.com/o/oauth2/v2/auth?client_id=YOUR_CLIENT_ID&redirect_uri=http://localhost:3000&response_type=code&scope=https://www.googleapis.com/auth/adwords&access_type=offline&prompt=consent
    access_type=offline and prompt=consent are what make Google return a refresh token.
  2. The browser lands on http://localhost:3000/?code=... and shows a connection error — that’s expected, nothing is running there. Copy the value after code= from the address bar (up to the next &); if it contains %2F, change that to /.
  3. In a terminal, run the command below to exchange the code for a refresh token. Do it right away — the code is single-use and expires fast: 
    curl -s https://oauth2.googleapis.com/token \
  -d client_id=YOUR_CLIENT_ID \
  -d client_secret=YOUR_CLIENT_SECRET \
  -d code=THE_CODE \
  -d redirect_uri=http://localhost:3000 \
  -d grant_type=authorization_code
    The response contains your refresh_token.
Reference: OAuth for desktop apps.

Assemble the credentials file

Put all six values into one google.json file: 
{
  "developer_token": "...",
  "client_id": "...",
  "client_secret": "...",
  "refresh_token": "...",
  "login_customer_id": "1234567890",
  "customer_id": "9876543210"
}
  • developer_token — from your manager account’s API Center.
  • client_id / client_secret — from your OAuth client.
  • refresh_token — from the exchange above.
  • login_customer_id — your manager account’s ID, digits only (no dashes).
  • customer_id — your ad account’s ID, digits only (Google shows it as 987-654-3210 top-right). This is the value you pass to adjar import --account.

Point Adjar at the file

Save the file anywhere, then point Adjar at it: 
# per command
adjar plan --config config/google.toml --credentials /path/to/google.json

# or once, via the environment (e.g. in your shell profile or CI)
export ADJAR_CREDENTIALS=/path/to/google.json
--credentials takes priority over ADJAR_CREDENTIALS. Either way, give the path to the JSON file, not a folder. There are no implicit or default locations — credentials are always explicit. With google.json ready, head to the Quick Start to import your account.