A Google Ads developer token is the 22-character alphanumeric string you must obtain to make calls against the Google Ads API. If you want to extract Google Ads data using any code-based approach — dlt, Airbyte, a custom Python script — you need one. Understanding how the token system works, and how long it takes to get approved, is the first decision point when planning a Google Ads data pipeline.
What It Unlocks
The developer token authenticates your application to the Google Ads API. Without it, you cannot make GAQL queries, cannot retrieve campaign performance data programmatically, and cannot access anything beyond standard UI exports. Every API-based extraction tool that isn’t using its own token requires yours.
The token lives in your Google Ads Manager Account under Tools → API Center. You request one, describe your use case, and wait for Google’s review team.
Access Levels
Approval doesn’t grant all access immediately. The token system has four tiers:
| Level | Access | Daily Operations Limit |
|---|---|---|
| Test Account | Development only — no production data | N/A |
| Explorer | Limited production access — read-only, restricted fields | 15,000 |
| Basic | Full production access | 15,000 |
| Standard | Full production access | Unlimited |
Most teams building analytics pipelines need at least Basic access. Standard access matters if your pipeline needs to issue large numbers of operations daily — high-volume keyword-level reporting across a large MCC, for example.
The stated review time for Basic and Standard access is 3-5 business days. The reality, reported consistently by practitioners, is weeks to months. Plan for this in your project timeline, not as a footnote. If you need API-based extraction on a specific delivery date, start the application process well before development begins.
Why Applications Get Rejected
Google’s review focuses on whether your intended use of the API aligns with their policies. Common rejection reasons include:
Vague use case descriptions. The application asks what you’re building and why you need API access. “Analytics reporting” doesn’t pass review. “Extracting campaign performance metrics to BigQuery for weekly ROAS reporting across 12 client accounts managed in our MCC” does.
Website issues. Google reviews the website associated with your application. An incomplete site, a broken privacy policy link, or a site that doesn’t clearly describe your business will raise red flags.
Third-party tool disclosure. This one catches teams off guard. Using open-source tools like Airbyte with your developer token can violate Google’s API policies. Mentioning Airbyte or other third-party tools in your application is a common rejection trigger. The policy is that tools must be approved for API use, and many open-source connectors aren’t. Fivetran, by contrast, uses its own managed developer token — you authenticate to Fivetran with OAuth, and their token handles the API access. This is one of the reasons managed connectors exist.
Mismatched account type. The application must come from a Google Ads Manager Account (MCC). Submitting from a regular account signals you don’t understand the API access model.
Which Tools Require a Developer Token
This is the practical split that shapes your loading approach:
| Approach | Developer Token Required |
|---|---|
| BigQuery Data Transfer Service | No |
| Google Ads Scripts | No |
| Fivetran | No (they use their own) |
| dlt | Yes |
| Airbyte | Yes |
| Custom API pipeline | Yes |
If you don’t have a token and need to move quickly, BigQuery Data Transfer Service, Fivetran, or Google Ads Scripts are your options. If you can get a token approved, dlt and custom pipelines open up — with full control over which fields you extract, at what granularity, and on what schedule.
The Standard Approval Path
If you’re pursuing API access:
- Set up a proper Manager Account (MCC) if you don’t already have one. Client accounts can’t hold developer tokens.
- Navigate to Tools → API Center and click “Apply for Basic Access.”
- Write a specific, detailed use case description. Name the exact reports you need, the business purpose, and the destination system (e.g., BigQuery). Don’t mention open-source tools.
- Ensure your website is complete, with a real privacy policy and clear business description.
- Apply and wait. Check the API Center dashboard for status updates.
- If rejected, read the rejection reason carefully. The rejection letter typically identifies the specific policy concern, and you can address it in a new application — but you can’t resubmit until the issues are fixed.
Token Scope and MCC Structure
One developer token covers your entire MCC. You don’t need separate tokens per client account. The token authenticates your application; then you specify which Customer ID you’re querying within each API call. This is important for agencies or consultants managing multiple advertiser accounts — a single token with MCC-level access can retrieve data across all client accounts.
When you submit the token application, specify that you’re accessing multiple customer accounts under an MCC. This is the standard agency use case and reviewers recognize it, but you have to describe it accurately.
What Happens After Approval
With a Basic or Standard token, you can use it directly in dlt pipelines, custom Python scripts, or any tool that accepts a developer token. Configure it alongside your OAuth credentials (the token authenticates the application; OAuth authenticates the user account accessing the data).
The token itself doesn’t expire, but it can be revoked for terms of service violations. Keep it out of version control, store it in environment variables or a secrets manager, and monitor for policy communications from Google.
For the full landscape of how the developer token fits into different loading approaches, see Ad Data Extraction Tools and the Google Ads BigQuery Loading Hub. For the no-token native option, see Google Ads BigQuery DTS Hub. For building a pipeline once you have a token, see dlt Google Ads Pipeline.