Google Ads · BYO Setup Guide

Set up your own
Google Cloud OAuth client.

Google Ads is the most involved BYO setup: you need a Google Cloud project, an OAuth 2.0 client, and a Google Ads developer token from your Manager (MCC) account. Budget about 15 minutes of clicking plus 2–4 weeks for Google’s Standard Access token approval if you don’t already have it.

~15 min setup Hard 2–4 weeks dev-token review

⚠

Important: Google Ads needs THREE things, not two

Unlike Meta, Google Ads requires a developer token in addition to the OAuth client ID + secret. The developer token is tied to your Google Ads Manager (MCC) account, not your Google Cloud project. If you don’t have an MCC account yet, create one at ads.google.com/manager before starting this guide.

✓

Use BYO if

· You already have a Google Ads Standard Access developer token
· You need your own rate limits (Google Ads API quotas are per-token)
· Enterprise / agency with your own Google Cloud project
· Compliance requires data isolation

✗

Stick with shared app if

· You don’t have a Google Ads Manager (MCC) account
· You only have a Test Access developer token (can’t query real accounts)
· You can’t wait 2–4 weeks for Standard Access approval
· Your team just wants to ship fast

Before you begin

A Google Cloud account with billing enabled (free tier is fine for OAuth, but Google Ads API quotas are cheaper with billing on).
A Google Ads Manager (MCC) account with admin access at ads.google.com/manager.
A Google Ads developer token — preferably Standard Access. Test Access tokens only work against sandbox accounts.

Create a Google Cloud project

Open console.cloud.google.com, click the project dropdown in the top-left → New Project. Name it VelaReach or anything recognisable. Billing isn’t required for the OAuth flow itself, only for higher Google Ads API quotas later.

https://console.cloud.google.com/projectcreate

Google Cloud · New Project

Project name *

A unique, human-friendly name.

Organization Location *

Cancel Create

Google Cloud will issue a numeric project ID automatically — you don't need to note it down.

Enable the Google Ads API

Inside your new project: hamburger menu → APIs & Services → Library. Search for “Google Ads API” (make sure it’s the one from Google, not a third-party wrapper). Click Enable.

ⓘ

This unlocks the /v23/customers:listAccessibleCustomers endpoint VelaReach calls after OAuth to discover your ad accounts.

Configure the OAuth consent screen

APIs & Services → OAuth consent screen. Choose External (unless your Google Workspace admin has given you an Internal option). Fill in:

· App name — VelaReach or your company-prefixed name
· User support email — an address you actually read
· Authorised domains — velareach.metaminds.store and your own domain if you’re hosting VelaReach elsewhere
· Developer contact information — same email as above

Under Scopes, click Add or Remove Scopes and add:

https://www.googleapis.com/auth/adwords

https://console.cloud.google.com/apis/credentials/consent

OAuth consent screen · App information

App name * User support email * Authorised domains

Press Enter after each domain. Add your own domain if you host a custom VelaReach instance.

Scopes

                .../auth/adwords
              

Save and Continue

Create an OAuth 2.0 Client ID

APIs & Services → Credentials → + Create Credentials → OAuth client ID. Application type: Web application. Name it VelaReach-Web.

Under Authorised redirect URIs, click + Add URI and paste:

https://api.velareach.metaminds.store/api/v1/integrations/google/callback

https://console.cloud.google.com/apis/credentials/oauthclient

Create OAuth client ID

Application type * Name Authorised redirect URIs

↑ Click "+ Add URI" and paste this exact URL.

Create

After clicking Create, Google pops a modal with your Client ID and Client Secret — copy both immediately.

🔒

The Client Secret is shown ONCE. If you close the dialog without copying it, you’ll have to reset the secret (which invalidates any existing connections). Paste it into VelaReach right away or a password manager.

Get your developer token from the MCC

Open ads.google.com and switch to your Manager (MCC) account in the top bar. Click Tools & Settings (wrench icon) → Setup → API Center. Your developer token is displayed there.

https://ads.google.com/aw/apicenter

Google Ads · Tools & Settings › API Center

Developer token

22-character alphanumeric token.

Access Level

● Standard Access ○ Test Access

↑ Standard Access is required for production accounts. Test Access only works on Google's sandbox.

⚠

If your token says "Test Access", it will NOT work with real ad accounts. Click Apply for Standard Access and fill out Google’s form (business name, use case, compliance questions). Google reviews in 2–4 weeks. You can save everything in VelaReach now and come back after approval.

Paste all three credentials into VelaReach

Back in VelaReach: Settings → Integrations → click the Google Ads card → Manage → Advanced → Set up BYO app. Google Ads shows a 3-field form (not 2 like Meta):

· OAuth 2.0 Client ID — ends in .apps.googleusercontent.com
· Client Secret — starts with GOCSPX-
· Developer Token — the 22-character string from Step 5

Click Test & save. VelaReach validates the format of all three and checks the developer token is present.

Reconnect through your new app

Click Reconnect now → from the success panel. VelaReach opens the Google consent screen using your Client ID. Sign in with the user that has access to your Ads accounts, grant the adwords scope, and you’ll be redirected back to VelaReach. The account picker will show every MCC + sub-account the developer token and access token combination can see.

ⓘ

Your consent screen displays your company name instead of "VelaReach" — better for client-facing demos.

Troubleshooting

“This app is blocked” when I try to sign in

Your OAuth consent screen is in Testing mode, which restricts sign-ins to email addresses you’ve added to the test users list. Go to APIs & Services → OAuth consent screen → Test users and add your teammates’ Google accounts, OR publish the app (click Publish App at the top).

“Developer token not approved for use with this customer”

Your developer token is in Test Access mode. You need Standard Access to query real customer accounts. Open ads.google.com → Tools & Settings → API Center → Apply for Standard Access. This is a Google approval process that takes 2–4 weeks — there’s no way to bypass it.

“redirect_uri_mismatch” error

The URL you pasted in Step 4 doesn’t match what VelaReach is sending. Go to your OAuth 2.0 Client ID in Google Cloud Credentials, click Edit, and verify the URL is character-for-character: https://api.velareach.metaminds.store/api/v1/integrations/google/callback — no trailing slash, no typo in the subdomain.

I see accounts in the picker but they’re all empty / zero spend

You’re probably looking at MCC-level aggregate rows without actual ad accounts beneath. Check your Google Ads MCC hierarchy: the account picker shows every customer the developer token can reach, including parent managers that don’t themselves run ads. Untick the empty rows and keep only the leaf ad accounts.

My refresh token keeps expiring

Your OAuth consent screen is still in Testing status. Google invalidates refresh tokens for apps in Testing every 7 days. Publish the app from OAuth consent screen settings — publishing is free and doesn’t require verification for the adwords scope (it’s non-sensitive).

💬

Google Ads BYO is the hardest — we’re happy to help.

Email support@velareach.com with your workspace name and we’ll jump on a 15-minute screen share to walk through Google Cloud, OAuth consent screen, and the developer token application together.