Hey Luke thanks for sharing this was previously possible. Based on the documentation you shared, I don't interpret it as saying a Developer Token shouldn't be shared at all, but rather that you should not "share it using insecure mechanisms". This is the same language that they use for the client id and secret, which you still require we share with Fivetran when creating connections. 

I will look into service accounts to see if it may work for us.

Thanks,

Andrew

Following up on this, while exploring a new approach may be promising, is there any possibility for us to use our own developer token despite the general deprecation? We have already built the OAuth functionality and are ready to roll it out if we can get around this roadblock. A quick fix would make a big difference for us. Thanks.

Hi Andrew,

Thanks for following up on this and providing more info. That is a fair conclusion. I agree that the language in that doc doesn't clearly state that sharing is prohibited.

However, we've heard more direct feedback from Google on this topic in the past. A customer applied for the Standard access level on their developer token. They intended to use that token for their Fivetran Google Ads connection. They received the following rejection from the Google Ads API Compliance Team: 

We are unable to grant your request for a developer token to be used with a third-party tool Fivetran that you do not manage. This is a violation of the Google Ads API Policies, and is not a permissible use case for API access.

A developer token is a means to enable your application to connect to the Google Ads API. This token must belong to and be managed by the developer responsible for building and maintaining the codebase of the app. You should not share your developer token with another entity whose codebase you don’t manage. Additionally you should not build your app in a manner that requires clients to obtain a developer token for it to be used.

I assume you'll run into the same issue with Google for your token. Have you discussed this with them? If they confirm this does not violate their policies, we can add this feature back.

Cheers,
Luke

Hey Lucas,

Another authentication method we're exploring is service accounts. Could that solution work for your use case?

This means that this is not something that Fivetran currently supports but might consider implementing, is that correct?

Hi Andrew,

Regarding service accounts, yes, we plan to support this. We've completed development for service accounts on Google Ads and Google Analytics. We'll start rolling this feature out once we complete testing.

I also have an update on using customers' Google Ads developer tokens. 

We’ve decided to cancel the deprecation of this feature and instead make it generally available to all customers.

Google’s developer policies note that third parties, like Fivetran, cannot require users to provide their own developer token. Therefore, our recommended approach remains to authenticate connections using Fivetran’s developer token whenever feasible. But we will allow the use of your own developer token as an optional authentication method. However, if issues arise with the use of a different developer token, Fivetran cannot resolve the issue, and it must be addressed with Google. Fivetran cannot guarantee the availability of this option should Google change its policies in the future.  

We're in the process of reinstating this feature now, and we plan to start rolling it out to all customers soon. I'll keep you updated on this rollout here.

Cheers,
Luke