APIs & Integrations
Google Ads
Overview
Pre-built tooling
Pre-built integrations
No pre-built integration yet (time to contribute: <48h)
Not seeing the integration you need? Build your own independently.
Access requirements
Pre-Requisites | Status | Comment |
---|---|---|
Paid dev account | ✅ Not required | Free, self-signup for a Google Cloud account. |
Paid test account | ✅ Not required | Free Google account can be used for testing. |
Partnership | ✅ Not required | |
App review | ⚠️ Conditional | Required for sensitive and restricted scopes or for publishing to Google Marketplace. |
Security audit | ⚠️ Conditional | May be required as part of the verification process for sensitive scopes. |
Setup guide
1
Create a Google Cloud account
If you don’t already have one, sign up for a Google Cloud account.
2
Create a new project
- Go to the Google Cloud Console.
- Click on the project dropdown at the top left of the page.
- Click New Project.
- Enter a Project Name for your project
- Under Location, select the appropriate organization or folder where this project should belong.
If you’re not part of an organization, it will default to No organization
- Click Create and wait for the project to be created.
- Select it from the project dropdown.
3
Enable the APIs you need
- Go to the API Library in the Google Cloud Console.
- Search for Gmail Ads API and select it, then click Enable.
4
Configure the OAuth consent screen
- Go to APIs & Services > OAuth consent screen in the Google Cloud Console.
- Click Get started.
- Fill in the App Information form.
- App Name: The name of the app asking for consent.
- User support email: For users to contact you with questions about their consent
- Click Next. Select the appropriate Audience:
- External: For applications available to any Google user
- Internal: For applications restricted to users within your Google Workspace organization
- Click Next. Fill in the Contact Information, these are the email addresses that Google will use to notify you about any changes to your project.
- Click Next, then check the I agree to the Google API Services: User Data Policy checkbox, and click Continue.
- Add the scopes your application needs. Under Data Access, click Add or Remove Scopes and select the scopes that correspond to the APIs you enabled. 8 Under Audience, click Add users if you selected External user type (required for testing before verification).
5
Create OAuth 2.0 credentials
- Go to APIs & Services > Credentials in the Google Cloud Console.
- Click Create Credentials and select OAuth client ID.
- Select Web application as the application type.
- Enter a name for your OAuth client.
- Under Authorized redirect URIs, add
https://api.nango.dev/oauth/callback
. - Click Create.
- A dialog will appear with your client ID and client secret. Save these credentials securely as you’ll need them when configuring your integration in Nango.
6
Publish your app (switch from Testing to Production)
To move your OAuth app from testing to production:
- Go to APIs & Services > OAuth consent screen > Audience.
- Click Publish App to switch your app from testing to production.
7
Verify your app (if required)
If your app uses sensitive or restricted scopes, you’ll need to verify it with Google:
- Once published to production, click Prepare for Verification to start the verification process.
- Review and confirm all app details, then click Save and Continue.
- Justify your use of any sensitive or restricted scopes.
- Upload a demo video showing your app’s OAuth flow and scope usage.
- Click Submit for Verification to begin Google’s review.
8
Next
Follow the Quickstart.
Need help getting started? Get help in the community.
Useful links
Contribute useful links by editing this page
Common Scopes
Scope | Description |
---|---|
openid | Access to basic profile information |
profile | Access to user’s basic profile information |
Access to user’s email address |
API gotchas
- From the scopes page, make sure to select scopes based on the APIs you enabled earlier when setting up the app.
- Under certain circumstances, Google expires a user’s refresh token and the token refresh in Nango will fail. You can find a list of reasons from Google here, including:
- The user has revoked your app’s access.
- The user changed passwords and the refresh token contains Gmail scopes.
- The user account has exceeded a maximum number of granted (live) refresh tokens.
- The user granted time-based access to your app and the access expired.
- If an admin set any of the services requested in your app’s scopes to Restricted.
- For Google Cloud Platform APIs - the session length set by the admin could have been exceeded.
- In “Testing” mode with an external user type, refresh tokens expire in 7 days unless only basic scopes are used — userinfo.email, userinfo.profile, openid, or their OpenID Connect equivalents. You can remove this 7-day limit by switch from Testing to Production. Follow step 6 in the Setup Guide above.
- Google allows up to 100 refresh tokens per account per OAuth client ID; new tokens overwrite the oldest without warning when the limit is reached.
- While setting up the OAuth credentials, the Authorized JavaScript origins should be your site URL (
https://app.nango.dev
if you’re testing from the Nango UI). - For applications using sensitive or restricted scopes, Google requires verification and a security assessment. This process can take several weeks to complete.
- Google’s OAuth consent screen has different configurations for “External” and “Internal” user types. Internal is only available for Google Workspace users and limits access to users within your organization.
- Google implements incremental authorization, allowing you to request additional scopes over time without requiring users to re-authorize all previously granted scopes.
- Google enforces rate limits on API requests, which vary depending on the specific API being used.
Contribute API gotchas by editing this page