Uploaded bymarcwan
PDF, PPTX2,087 views

AdWords API & OAuth 2.0, Advanced

The document discusses optimizing OAuth 2.0 requests when using the Google AdWords API. It recommends sharing access tokens across threads and servers to minimize requests. Handling access token expiration is key, including proactively refreshing tokens before expiration. A shared storage like a cache can store credentials to avoid duplicate requests. A token management server can further centralize OAuth handling. Security best practices like securely storing refresh and access tokens are also covered.

Embed presentation

Download as PDF, PPTX
Google Inc - All Rights Reserved
AdWords API - Using OAuth 2.0 Advanced usage Ray Tsang, Google, Inc. Danial Klimkin, Google, Inc.
Agenda ● Hopefully you are already using OAuth 2.0! ● Issue with unoptimized OAuth 2.0 requests ● Solutions ● Resources
Google Inc. - All Rights Reserved Refresher OAuth 2.0????
Google Inc. - All Rights Reserved ClientLogin is going away You must migrate to OAuth 2.0 ASAP ClientLogin is Going Away!
Google Inc. - All Rights Reserved Secure ○ Users enter their username/password in secure Google login page ○ Third-party application won’t receive nor store the password ○ Reduced impact if OAuth 2.0 access is compromised More Control ○ Restrict access via “scopes” ○ User can revoke access at will Standards driven ○ RFC 6749 ○ Used by many large service providers, including Google Why OAuth 2.0?
Google Inc. - All Rights Reserved Already using OAuth 2.0? Great to hear! Watch out for some common issues
Google Inc. - All Rights Reserved Access Token Expiration Anticipate the possibility that a granted token might no longer work ○ The access token has expired (expires_in value) ○ The user has revoked access ○ The account has exceeded a certain number of active token for the same application
Google Inc. - All Rights Reserved The refresh token expired if unused for six months. 25 refresh token limit per user per application ○ When exceeded, oldest refresh token is quietly invalidated ○ no user-visible warning - your application need to handle this You should only need one refresh token per user Refresh Token Expiration
Google Inc. - All Rights Reserved When an access token has expired or revoked: AuthenticationError.OAUTH_TOKEN_INVALID Cause: access token expired Resolution: get a new access token with the refresh token AuthenticationError.INVALID_GRANT_ERROR Cause: access revoked Resolution: re-authorize via the authorization URL (the consent screen) Common Errors
Google Inc. - All Rights Reserved Revoking Access
Google Inc. - All Rights Reserved Rate Limits There is a rate limit for obtaining the access token QPS may change over time based on different conditions Beware in multi-threaded and/or multi-server environment Be ready for it in Production!
Google Inc. - All Rights Reserved Multithreaded Environment Client Application Thread 1 Thread 2 Thread N . . . I have a refresh token, I need an access token! I have a refresh token, I need an access token! I have a refresh token, I need an access token!
Google Inc. - All Rights Reserved Multi-Server / Multi-Process Environment Client Application . . . I have a refresh token, I need an access token! I have a refresh token, I need an access token! I have a refresh token, I need an access token! Client Application Client Application
Google Inc. - All Rights Reserved Client ApplicationClient Application Put Them Together Client Application Thread 1 Thread 2 Thread N . . .
Google Inc. - All Rights Reserved What’s Your Platform Like? .Net
Google Inc. - All Rights Reserved Sharing the access token Sharing is caring
Google Inc. - All Rights Reserved Share the token and the expiration time Access token Calculated expiration time 12 6 39 T1 expires_in Te
Google Inc. - All Rights Reserved Multithreaded platforms can share data among threads Must be thread-safe Use the singleton pattern Use a Singleton Credential object in Java can be shared
Google Inc. - All Rights Reserved Minimize Access Token Requests Client Application Thread 1 Thread 2 Thread N . . . I have a refresh token, I need an access token! I’ll re-use the Credential I’ll re-use the Credential
Google Inc. - All Rights Reserved Minimize the number of initial access token requests is half the problem When access token expires - minimize refresh requests! Handling Expiration Credential object in Java handles expiration
Google Inc. - All Rights Reserved Use a shared storage ○ In-memory: Memcached, Infinispan, Ehcache, ... ○ Persistent: RDBMS, MongoDB, … Store securely! Don’t forget to check for expirations Use Shared storage
Google Inc. - All Rights Reserved Using a Shared Storage Client Application . . . Client Application Shared Storage 1. Check if unexpired access token is already in the shared storage Client Application 2. If expired, use the refresh token to get an access token 3. Write the credential back to the shared storage 4. Check if unexpired access token is already in the shared storage
Google Inc. - All Rights Reserved Worst case scenario: All processes simultaneously read expired access token from the shared storage ● Avoid race conditions ● Eagerly refresh stored credentials before it expires ○ e.g., If access token expires in 1 hr, refresh in 45 minutes Proactive Refresh Make sure server clocks are in sync (use NTP)
Google Inc. - All Rights Reserved Proactive Refresh Client Application Shared Storage Check if unexpired access token is already in the shared storage Periodic Refresher 1. Use the refresh token to get a new access token 2. Write the credential back to the shared storage
Google Inc. - All Rights Reserved Centralize OAuth 2.0 access token management ○ Retrieval ○ Refresh ○ Storage Service-oriented approach OAuth 2.0 Token Management Server Example - OAuth 2.0 Key Cache
Google Inc. - All Rights Reserved Using a Token Management Server Client Application Token Mgmt Server 1. I need the access token 2. Here you go! O ops! Expired, let m e fetch another one.
Google Inc. - All Rights Reserved Refresh token and access token = Credentials Store them securely! Last Note - Security!
Google Inc. - All Rights Reserved Resources Download links AdWords API OAuth 2.0 Guide Optimizing OAuth 2.0 Requests for AdWords API Google OAuth 2.0 Documentation
Google Inc. - All Rights Reserved Questions?
Google Inc. - All Rights Reserved

More Related Content

PDF
Getting Started with AdWords API and Google Analytics
bymarcwan
 
PDF
Opportunity Analysis with Kratu (v2)
bymarcwan
 
PDF
Opportunity Analysis with Kratu
bymarcwan
 
PDF
Google Cloud Next 2021 Recap
byErvin Weber
 
PDF
AdWords API and OAuth 2.0
bymarcwan
 
PDF
Reporting Tips and Tricks (Spanish)
bymarcwan
 
PDF
Rate limits and performance (Spanish)
bymarcwan
 
PDF
AwReporting tool introduction (Spanish)
bymarcwan
 
Getting Started with AdWords API and Google Analytics
bymarcwan
 
Opportunity Analysis with Kratu (v2)
bymarcwan
 
Opportunity Analysis with Kratu
bymarcwan
 
Google Cloud Next 2021 Recap
byErvin Weber
 
AdWords API and OAuth 2.0
bymarcwan
 
Reporting Tips and Tricks (Spanish)
bymarcwan
 
Rate limits and performance (Spanish)
bymarcwan
 
AwReporting tool introduction (Spanish)
bymarcwan
 

Similar to AdWords API & OAuth 2.0, Advanced

PDF
Securing APIs with OAuth 2.0
byKai Hofstetter
 
PDF
OAuth 2.0
bymarcwan
 
PDF
OAuth 2.0 refresher Talk
bymarcwan
 
PDF
OAuth in the Real World featuring Webshell
byCA API Management
 
PDF
OAuth2
bySPARK MEDIA
 
PDF
OAuth2 in simple words
byKent Tong
 
PDF
Demystifying OAuth 2.0
byKarl McGuinness
 
PDF
From zero to Google APIs: Beyond search & AI... leverage all of Google
bywesley chun
 
PPTX
Oauth2 and OWSM OAuth2 support
byGaurav Sharma
 
PDF
Exploring Google APIs 102: Cloud vs. non-GCP Google APIs
bywesley chun
 
PPTX
Extended Security with WSO2 API Management Platform
byWSO2
 
PDF
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
byMatt Raible
 
PDF
What the Heck is OAuth and OIDC - UberConf 2018
byMatt Raible
 
PDF
Draft Ietf Oauth V2 12
byVishal Shah
 
PDF
OAuth: Trust Issues
byLorna Mitchell
 
PDF
Google APIs
byClub Scientifique de l'ESI - CSE
 
PPTX
OAuth2 + API Security
byAmila Paranawithana
 
PDF
Authentication with OAuth and Connected Apps
bySalesforce Developers
 
PDF
Securing the API Economy: Leveraging OAuth 2.0 for Safe Digitization - LoginR...
byKevin Mathew
 
PDF
Mobile SSO: Give App Users a Break from Typing Passwords
byCA API Management
 
Securing APIs with OAuth 2.0
byKai Hofstetter
 
OAuth 2.0
bymarcwan
 
OAuth 2.0 refresher Talk
bymarcwan
 
OAuth in the Real World featuring Webshell
byCA API Management
 
OAuth2
bySPARK MEDIA
 
OAuth2 in simple words
byKent Tong
 
Demystifying OAuth 2.0
byKarl McGuinness
 
From zero to Google APIs: Beyond search & AI... leverage all of Google
bywesley chun
 
Oauth2 and OWSM OAuth2 support
byGaurav Sharma
 
Exploring Google APIs 102: Cloud vs. non-GCP Google APIs
bywesley chun
 
Extended Security with WSO2 API Management Platform
byWSO2
 
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
byMatt Raible
 
What the Heck is OAuth and OIDC - UberConf 2018
byMatt Raible
 
Draft Ietf Oauth V2 12
byVishal Shah
 
OAuth: Trust Issues
byLorna Mitchell
 
Google APIs
byClub Scientifique de l'ESI - CSE
 
OAuth2 + API Security
byAmila Paranawithana
 
Authentication with OAuth and Connected Apps
bySalesforce Developers
 
Securing the API Economy: Leveraging OAuth 2.0 for Safe Digitization - LoginR...
byKevin Mathew
 
Mobile SSO: Give App Users a Break from Typing Passwords
byCA API Management
 

More from marcwan

PDF
Mcc scripts deck (日本語)
bymarcwan
 
PDF
Getting started with Google Analytics and the AdWords API
bymarcwan
 
PDF
Bid Estimation with the AdWords API (v2)
bymarcwan
 
PDF
07. feeds update
bymarcwan
 
PDF
AdWords Scripts and MCC Scripting
bymarcwan
 
PDF
AwReporting Update
bymarcwan
 
PDF
Shopping Campaigns and AdWords API
bymarcwan
 
PDF
API Updates for v201402
bymarcwan
 
PDF
AdWords API Targeting Options
bymarcwan
 
PDF
OAuth 2.0 (Spanish)
bymarcwan
 
PDF
End to-end how to build a platform (Spanish)
bymarcwan
 
PDF
Api update rundown (Spanish)
bymarcwan
 
PDF
AdWords Scripts (Spanish)
bymarcwan
 
PDF
Mobile landing pages (Spanish)
bymarcwan
 
PDF
Rate limits and performance
bymarcwan
 
PDF
OAuth 2.0 refresher
bymarcwan
 
PDF
Mobile landing pages
bymarcwan
 
PDF
End to-end how to build a platform
bymarcwan
 
PDF
AwReporting Tool
bymarcwan
 
PDF
Api update rundown
bymarcwan
 
Mcc scripts deck (日本語)
bymarcwan
 
Getting started with Google Analytics and the AdWords API
bymarcwan
 
Bid Estimation with the AdWords API (v2)
bymarcwan
 
07. feeds update
bymarcwan
 
AdWords Scripts and MCC Scripting
bymarcwan
 
AwReporting Update
bymarcwan
 
Shopping Campaigns and AdWords API
bymarcwan
 
API Updates for v201402
bymarcwan
 
AdWords API Targeting Options
bymarcwan
 
OAuth 2.0 (Spanish)
bymarcwan
 
End to-end how to build a platform (Spanish)
bymarcwan
 
Api update rundown (Spanish)
bymarcwan
 
AdWords Scripts (Spanish)
bymarcwan
 
Mobile landing pages (Spanish)
bymarcwan
 
Rate limits and performance
bymarcwan
 
OAuth 2.0 refresher
bymarcwan
 
Mobile landing pages
bymarcwan
 
End to-end how to build a platform
bymarcwan
 
AwReporting Tool
bymarcwan
 
Api update rundown
bymarcwan
 

Recently uploaded

PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PPTX
Code Like Bro -A guide for better Coding
byMadan Panthi
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PDF
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
PDF
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
PDF
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
PPTX
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
PDF
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
PDF
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
PDF
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
PDF
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
Code Like Bro -A guide for better Coding
byMadan Panthi
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 

AdWords API & OAuth 2.0, Advanced

  • 1.
    Google Inc -All Rights Reserved
  • 2.
    AdWords API -Using OAuth 2.0 Advanced usage Ray Tsang, Google, Inc. Danial Klimkin, Google, Inc.
  • 3.
    Agenda ● Hopefully youare already using OAuth 2.0! ● Issue with unoptimized OAuth 2.0 requests ● Solutions ● Resources
  • 4.
    Google Inc. -All Rights Reserved Refresher OAuth 2.0????
  • 5.
    Google Inc. -All Rights Reserved ClientLogin is going away You must migrate to OAuth 2.0 ASAP ClientLogin is Going Away!
  • 6.
    Google Inc. -All Rights Reserved Secure ○ Users enter their username/password in secure Google login page ○ Third-party application won’t receive nor store the password ○ Reduced impact if OAuth 2.0 access is compromised More Control ○ Restrict access via “scopes” ○ User can revoke access at will Standards driven ○ RFC 6749 ○ Used by many large service providers, including Google Why OAuth 2.0?
  • 7.
    Google Inc. -All Rights Reserved Already using OAuth 2.0? Great to hear! Watch out for some common issues
  • 8.
    Google Inc. -All Rights Reserved Access Token Expiration Anticipate the possibility that a granted token might no longer work ○ The access token has expired (expires_in value) ○ The user has revoked access ○ The account has exceeded a certain number of active token for the same application
  • 9.
    Google Inc. -All Rights Reserved The refresh token expired if unused for six months. 25 refresh token limit per user per application ○ When exceeded, oldest refresh token is quietly invalidated ○ no user-visible warning - your application need to handle this You should only need one refresh token per user Refresh Token Expiration
  • 10.
    Google Inc. -All Rights Reserved When an access token has expired or revoked: AuthenticationError.OAUTH_TOKEN_INVALID Cause: access token expired Resolution: get a new access token with the refresh token AuthenticationError.INVALID_GRANT_ERROR Cause: access revoked Resolution: re-authorize via the authorization URL (the consent screen) Common Errors
  • 11.
    Google Inc. -All Rights Reserved Revoking Access
  • 12.
    Google Inc. -All Rights Reserved Rate Limits There is a rate limit for obtaining the access token QPS may change over time based on different conditions Beware in multi-threaded and/or multi-server environment Be ready for it in Production!
  • 13.
    Google Inc. -All Rights Reserved Multithreaded Environment Client Application Thread 1 Thread 2 Thread N . . . I have a refresh token, I need an access token! I have a refresh token, I need an access token! I have a refresh token, I need an access token!
  • 14.
    Google Inc. -All Rights Reserved Multi-Server / Multi-Process Environment Client Application . . . I have a refresh token, I need an access token! I have a refresh token, I need an access token! I have a refresh token, I need an access token! Client Application Client Application
  • 15.
    Google Inc. -All Rights Reserved Client ApplicationClient Application Put Them Together Client Application Thread 1 Thread 2 Thread N . . .
  • 16.
    Google Inc. -All Rights Reserved What’s Your Platform Like? .Net
  • 17.
    Google Inc. -All Rights Reserved Sharing the access token Sharing is caring
  • 18.
    Google Inc. -All Rights Reserved Share the token and the expiration time Access token Calculated expiration time 12 6 39 T1 expires_in Te
  • 19.
    Google Inc. -All Rights Reserved Multithreaded platforms can share data among threads Must be thread-safe Use the singleton pattern Use a Singleton Credential object in Java can be shared
  • 20.
    Google Inc. -All Rights Reserved Minimize Access Token Requests Client Application Thread 1 Thread 2 Thread N . . . I have a refresh token, I need an access token! I’ll re-use the Credential I’ll re-use the Credential
  • 21.
    Google Inc. -All Rights Reserved Minimize the number of initial access token requests is half the problem When access token expires - minimize refresh requests! Handling Expiration Credential object in Java handles expiration
  • 22.
    Google Inc. -All Rights Reserved Use a shared storage ○ In-memory: Memcached, Infinispan, Ehcache, ... ○ Persistent: RDBMS, MongoDB, … Store securely! Don’t forget to check for expirations Use Shared storage
  • 23.
    Google Inc. -All Rights Reserved Using a Shared Storage Client Application . . . Client Application Shared Storage 1. Check if unexpired access token is already in the shared storage Client Application 2. If expired, use the refresh token to get an access token 3. Write the credential back to the shared storage 4. Check if unexpired access token is already in the shared storage
  • 24.
    Google Inc. -All Rights Reserved Worst case scenario: All processes simultaneously read expired access token from the shared storage ● Avoid race conditions ● Eagerly refresh stored credentials before it expires ○ e.g., If access token expires in 1 hr, refresh in 45 minutes Proactive Refresh Make sure server clocks are in sync (use NTP)
  • 25.
    Google Inc. -All Rights Reserved Proactive Refresh Client Application Shared Storage Check if unexpired access token is already in the shared storage Periodic Refresher 1. Use the refresh token to get a new access token 2. Write the credential back to the shared storage
  • 26.
    Google Inc. -All Rights Reserved Centralize OAuth 2.0 access token management ○ Retrieval ○ Refresh ○ Storage Service-oriented approach OAuth 2.0 Token Management Server Example - OAuth 2.0 Key Cache
  • 27.
    Google Inc. -All Rights Reserved Using a Token Management Server Client Application Token Mgmt Server 1. I need the access token 2. Here you go! O ops! Expired, let m e fetch another one.
  • 28.
    Google Inc. -All Rights Reserved Refresh token and access token = Credentials Store them securely! Last Note - Security!
  • 29.
    Google Inc. -All Rights Reserved Resources Download links AdWords API OAuth 2.0 Guide Optimizing OAuth 2.0 Requests for AdWords API Google OAuth 2.0 Documentation
  • 30.
    Google Inc. -All Rights Reserved Questions?
  • 31.
    Google Inc. -All Rights Reserved