Skip to main content

Set up the Google Ads MCP server

The Google Ads MCP server provides read-only access to Google Ads campaigns, ad groups, keywords, ads, and performance metrics through the Google Ads Query Language (GAQL). This guide covers getting a developer token, creating OAuth credentials in Google Cloud, and connecting the server to MintMCP.

Prerequisites

  • A MintMCP admin account
  • A Google Ads Manager account (MCC) — required for the developer token. If you don't have one, create it at ads.google.com → Manager accounts.
  • A Google Cloud project with permission to enable APIs and create OAuth credentials

Get a Google Ads developer token

The developer token identifies your application to the Google Ads API. It's a 22-character string issued from a Manager account (MCC) — not from individual advertiser accounts — and sent on every API request. MintMCP stores it as the connector's GOOGLE_ADS_DEVELOPER_TOKEN environment variable.

  1. Sign in to your Google Ads Manager account (MCC) at ads.google.com.
  2. Go to Tools & SettingsSetupAPI Center.
  3. Complete the API access form — company name and a working website URL, an API contact email, and accept the terms.
  4. Copy the Developer token.

A new token starts with Test Account access and can only query test accounts. To query production accounts, apply for Basic Access from the same API Center. The application is reviewed manually and can take a few days, and Google may email your API contact for clarification. Until it's approved, calls against production accounts return DEVELOPER_TOKEN_NOT_APPROVED.

Access levelWhat it unlocks
Test AccountTest accounts only (default for a new token)
Basic AccessProduction accounts, capped daily operations
Standard AccessHigher quotas, granted on further review

See Google's developer token policy for the full application requirements.

Enable the Google Ads API

  1. Go to console.cloud.google.com and select or create a project.
  2. Go to APIs & ServicesLibrary, search for Google Ads API, and click Enable.

Create the OAuth client

The OAuth client gives MintMCP a Client ID and secret to broker each user's Google sign-in. Create one Web application client and point its redirect URI at MintMCP's callback.

  1. Go to console.cloud.google.com/auth/clients and click Create client.

  2. Set Application type to Web application and give it a name (for example, MintMCP OAuth). The name only identifies the client in the console.

    Create OAuth client ID form with application type set to Web application and a name field

  3. Under Authorized redirect URIs, click Add URI and enter MintMCP's callback URL:

    https://app.mintmcp.com/oauth/callback

    Leave Authorized JavaScript origins empty. This URI must match the Redirect URL in the connector's OAuth settings exactly, or sign-in fails with redirect_uri_mismatch, and changes can take a few minutes to take effect.

    Authorized redirect URIs field set to the MintMCP OAuth callback URL

  4. Click Create. Google shows the Client ID and Client secret once — copy both now, because you can't view the secret again after closing the dialog.

    OAuth client created dialog showing the Client ID and Client secret

Reopen the client anytime from the Clients list to edit its redirect URIs or rotate the secret.

OAuth client detail page showing Client ID, redirect URIs, and the client secret with rotation options

Add Google Ads to MintMCP

  1. In MintMCP, go to MCP storeManage store.

  2. Find the Google Ads connector and click to install it.

  3. When prompted, set the GOOGLE_ADS_DEVELOPER_TOKEN environment variable to the developer token from the API Center.

  4. Open the connector's OAuth settings and enter:

    SettingValue
    Authorization URLhttps://accounts.google.com/o/oauth2/v2/auth
    Token URLhttps://oauth2.googleapis.com/token
    Scopehttps://www.googleapis.com/auth/adwords
    Client IDClient ID from the OAuth client you created
    Client SecretClient Secret from the OAuth client you created

  5. Confirm the Redirect URL shown in the connector's OAuth settings matches the URI you added to the OAuth client (https://app.mintmcp.com/oauth/callback). They must be identical, or sign-in fails with redirect_uri_mismatch.

  6. Click Save.

The first time a user calls a tool, MintMCP directs them to sign in with Google and consent to the adwords scope. MintMCP stores and refreshes their token automatically on every subsequent call.

Security considerations

  • Each user authenticates individually through OAuth, so tool calls run against that user's own Google Ads access — limited by their existing Google Ads permissions.
  • The server provides read-only access; it builds GAQL queries from structured arguments and does not create or modify campaigns.
  • The adwords scope grants broad Google Ads API access; read-only behavior is enforced by the server's tool surface, not by the scope.
  • The developer token is a shared, org-level credential — keep it out of version control and restrict who can view it in MintMCP.

Next steps