Hey there, I’m a long time user of Meltano, and I just recently set up the Matatika variant of

tap-googleads

. The authorization process was drawn out, but I finally ended up getting it successfully set up and authorized as of today. However, now when I invoke the plugin, I can see that oAuth happened successfully. But I still end up getting an error message that looks like this:

singer_sdk.exceptions.FatalAPIError: 403 Client Error: Forbidden for path: /v14/customers/9049076709/googleAds:search

Has anyone gotten a similar error message using this tap before?

It's probably a good idea to log an issue in their repo: https://github.com/Matatika/tap-googleads/issues The team is usually quite responsive 🙂

Hi @ryan_bell I feel your pain. Google OAuth is a total pain: https://medium.com/@aaron.phethean/google-oauth-refresh-tokens-are-a-total-pain-d7d98c8fa7f8 Service principals and client secrets json are easier for developers, but not as convenient as OAuth built into an app flow... Regarding the forbidden issue you raised. I can see our integration tests ran successfully last night and being a 403 forbidden, I think you might be missing a scope / permission in the Google API setup.

Hi @ryan_bell - did you figure out the reason for your 403 error ? I am facing the same error and cannot find a missing scope/permission in the Google API setup.

Unfortunately I haven’t. I’ve gone through the auth process plenty of times, and with two different Google API Console projects, but I get the same results. Actually, now I’m stuck even further back in the process. My 403 error is now saying:

403 Client Error: Forbidden for path: /v14/customers:listAccessibleCustomers

Given that this seems to be the most basic API call, I don’t know why I wouldn’t have proper permissions to make the request. I’ve assured that I have Google Ads API enabled in my Google API Console project, that I have a Basic Access developer token, and that during the OAuth2.0 process I authorize any ads-related API. Does anyone else have any insight into this?

Are you working with the test developer token or have you already an approved developer token from google ?

I have an approved developer token with Basic Access

Definitely a pain getting these setup. What scopes are you requesting at the consent stage?

Triumphantly returning to say I figured it out. The main problem was that the Google Cloud Console project that was created at my company already had a developer token assigned to it. Although the errors were giving me no indication that this was the issue, apparently each project can only use a single developer token, and once a token has been used by a project to make a request, you have to make a new project to use a different developer token. The project I was using to get my client ID and client secret had used a test developer token in the past so my Basic Access token wasn’t working. All I did to fix it was create a new Google Cloud Console project and use that client ID and client secret to go through OAuth.

Thank you for figuring that out !!

Legend @ryan_bell !