Configuring an ADF Linked Service Connection for Google AdWords
For information on how to enable a connection for use with linked services, see Configuring a Linked Service Connection.
Field labels in this walkthrough follow the underlying Azure Data Factory property names. The exact labels shown in the BimlFlex Connection Editor may differ once the corresponding UI work ships; this page will be updated when screenshots are added.
After selecting Google AdWords from the Linked Service Type dropdown, the form required for creating a Google AdWords Linked Service will appear.
Screenshot pending. The Google AdWords linked service form is captured against the BimlFlex Angular UI; the screenshot will be added once that UI work ships.
Choosing an Authentication Method
| Method | Best For | Setup Complexity |
|---|---|---|
| Service Authentication | Server-to-server, CI/CD pipelines | Medium — requires a Google Cloud service account and private key; requires self-hosted IR |
| User Authentication | Interactive scenarios, OAuth-based access | Medium — requires an OAuth client ID, client secret, and refresh token |
Recommendation: Service Authentication requires a self-hosted Integration Runtime (Microsoft does not support it on Azure IR for this connector). Prefer Service Authentication when you can run a self-hosted IR and want server-to-server auth, storing the Private Key in Azure Key Vault; otherwise use User Authentication, which works with the Azure-managed AutoResolveIntegrationRuntime.
Complete Example: Service Authentication with Azure Key Vault
A self-hosted Integration Runtime is shown below because Microsoft only supports ServiceAuthentication for the Google AdWords connector on a self-hosted IR.
| Field | Example Value |
|---|---|
| Connect via Integration Runtime | bfx-shir-01 |
| Customer ID | 1234567890 |
| Developer Token | aBcDeFgHiJkLmNoPqRsTuV |
| Authentication Type | ServiceAuthentication |
[email protected] | |
| Azure Key Vault Linked Service | bfx-kv |
| Secret Name (for Private Key) | BFX-LND-GoogleAdWordsPrivateKey |
| Google Ads API Version | <current-version> |
Substitute the current Google Ads API version (for example, the highest non-sunset version listed in Google's API release notes). Google deprecates and removes older versions on a published schedule, so a pinned version in this doc would rot. See the Google Ads API release notes and sunset dates for the versions currently supported at runtime.
Required Fields
Common Required Fields
Most required fields for a Google AdWords Linked Service connection depend on the Authentication Type used. There are some fields that are required regardless of Authentication Type.
These common required fields are:
- Connect via Integration Runtime
- Customer ID
- Developer Token
- Authentication Type
- Google Ads API Version
Common optional fields are:
Authentication Type Dependent Required Fields
The remaining field requirements are dependent on Authentication Type.
Required fields for Service Authentication:
- Email (Service Account Email)
- Private Key (or Azure Key Vault)
Required fields for User Authentication:
- Client ID
- Client Secret (or Azure Key Vault)
- Refresh Token (or Azure Key Vault)
Connect via Integration Runtime
Connect via Integration Runtime is required for a Google AdWords Linked Service connection.
The default value is AutoResolveIntegrationRuntime.
To use a custom runtime, type the name into the editable dropdown or select from the Azure Integration Runtimes saved in BimlFlex settings.
When a custom value is saved in the linked service form, it will be added to the custom integration runtimes.
The custom values that appear in this dropdown can be maintained in Settings under Azure - AzureIntegrationRuntime.
Customer ID
The Customer ID identifies the Google Ads account that the connector reads from.
This is the 10-digit identifier shown in the Google Ads UI, entered without dashes (for example, 1234567890).
The Google Ads API expects the unhyphenated form; BimlFlex passes the value through to the ADF clientCustomerID property as entered.
Developer Token
The Developer Token is issued by Google to the manager (MCC) account that grants access to the Google Ads API for the customer accounts it manages.
Obtain it from the Google Ads API Center on the manager account; it is required regardless of Authentication Type.
The Developer Token maps to the ADF developerToken property and should be stored in Azure Key Vault when possible.
Authentication Type
The Google AdWords Linked Service connection can use Service Authentication or User Authentication.
When using Service Authentication, an Email (service account) and Private Key are required.
For User Authentication, a Client ID, Client Secret, and Refresh Token are required.
Service Authentication
Service Authentication is supported only on a self-hosted Integration Runtime. Configure a self-hosted IR before using this authentication mode. See the Microsoft Learn connector page for the current restriction.
Service Authentication uses a Google Cloud service account to authorize API access. The service account must be created in the Google Cloud Console (which generates the email address and the private key JSON file), then granted access to the target Google Ads account from the Google Ads UI under Admin → Access and security.
The Email field accepts the service account email address (for example, [email protected]), and the Private Key field accepts the PEM-formatted private key from the service account JSON key file.
It is suggested that Azure Key Vault be used in place of manually entering the Private Key.
User Authentication
User Authentication uses an OAuth 2.0 client credential and a long-lived refresh token to authorize API access on behalf of a user.
The Client ID and Client Secret are obtained when registering an OAuth client in the Google Cloud Console. The Refresh Token is generated by completing the OAuth consent flow against the target Google Ads account.
It is suggested that Azure Key Vault be used in place of manually entering the Client Secret and Refresh Token.
Google Ads API Version
Specify the Google Ads API version to target (for example, the highest non-sunset version listed in Google's API release notes). Avoid pinning to an arbitrary historical value; Google deprecates and removes versions on a published schedule, and an outdated version will start to fail at runtime once Google retires it. Consult the Google Ads API release notes and sunset dates for the versions currently supported.
Login Customer ID
Optionally specify a manager (MCC) account Customer ID under which API calls are authorized.
Use Login Customer ID when the Customer ID identifies a child account and authorization is delegated through a manager account.
The Login Customer ID maps to the ADF loginCustomerID property.
Azure Data Factory Linked Service Additional Information
For additional information on ADF Google AdWords Linked Service and its connection requirements see the Azure Data Factory Google AdWords Connector documentation.