Hardcode your developertoken in your software, do not put it in any (human readable) configuration file. Do not ship debugging files etc. with your software.
Note that when someone does retrieve your developertoken, say by extensive debugging or monitoring, you have to change your developertoken. That will be a tough decision because doing so will invalidate the software of all your users. One way to get around that is to set up a service yourself that sends out the developertoken, and have your software retrieve the developertoken every 30 minutes or so. On Wednesday, December 28, 2016 at 10:56:57 PM UTC+1, Drew Loika wrote: > > Thanks for the help Vishal. My question is regarding how Google expects my > desktop product used by my customers to issue API requests while > maintaining the secrecy of my developer token. Obviously this isn't > possible as described, so does Google expect me to embed the token in the > application and not maintain the secrecy of my developer token? Or are > desktop applications just not supported for the AdWords API? Or...? > > > On Wednesday, December 28, 2016 at 1:44:17 PM UTC-8, Vishal Vinayak > (Adwords API Team) wrote: >> >> Hi Drew, >> >> To access an AdWords account's data via the API, you need two things: a >> developer >> token >> <https://developers.google.com/adwords/api/docs/guides/first-api-call#request_a_developer_token> >> (associated >> with a manager account) and valid OAuth credentials >> <https://developers.google.com/adwords/api/docs/guides/first-api-call#set_up_oauth2_authentication> >> (associated >> with the target AdWords account or the manager account of the target >> AdWords account). >> >> Access levels related to a developer token define the limits on your >> account (such as test vs production accounts and the number of operations >> that you can perform with your token). You are required to set your >> developer token in the SOAP header of your request, when trying to make an >> API call. OAuth credentials, however, can be used to control data access to >> a user on a particular account. The access token generated using the OAuth >> credentials should be set in the HTTP header of your request, when making >> an API call. This implementation is a part of all of our client libraries >> <https://developers.google.com/adwords/api/docs/clientlibraries>, which >> can be used to make API calls without having to go through the hassle of >> constructing the SOAP request manually (client libraries can be used to >> develop both Web and Desktop based applications). >> >> Hope this helps. If you have additional questions, please feel free to >> revert. >> >> Regards, >> Vishal, AdWords API Team >> > -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and Google+: https://googleadsdeveloper.blogspot.com/ https://plus.google.com/+GoogleAdsDevelopers/posts =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to adwords-api@googlegroups.com To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to adwords-api+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/adwords-api. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/979ca901-def0-4b23-a4ad-ab2cc9f0fc32%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
