Yahoo! JAPAN Ads API | Developer Center
日本語About OAuth2.0
To manipulate data in an ad account using Yahoo! JAPAN Ads API, the application must be authorized by OAuth 2.0. The authentication uses Business ID, which has access to the ad account you want to manipulate data.
Summary
This page describes authorization and authentication for manipulating ad account data using the Yahoo! JAPAN Ads API.
・Relation of Yahoo! JAPAN Ads API and Business ID.
・About the Code Flow for Authorization
Relation of Yahoo! JAPAN Ads API and Business ID.
In Yahoo! JAPAN Ads, Read-only/Edit access roles of the account will be set for each Business ID. (Manage account access)
For that reason, the available ad accounts to operate and the operations that can be performed may differ per Business ID.
Figure 1. Example of accounts
The available ad accounts depend on which Business ID you authorize for Yahoo! JAPAN Ads API.
In Figure 2, User A, who has Edit access for the MCC account and account 1 and 2, authorized the application. In this case, the application using a token authorized by the Yahoo! JAPAN Ads API specifies MCC Account 2 in the base account can get, add, update, and delete ad account 1 and 2.
Figure 2. Case where user A authorized the application
When sending an API request after User B, who has Read-only access to ad account 3, authorizes the application and specifies Ad Account 3 in the base account, you can only reference ad account 3.
In Yahoo! JAPAN Ads API, the user can only request a GET operation (excluding reports and exports ), if they do not have the edit/update role.
The following error will occur if the API request is sent without the read or update permission for ad accounts.
-HTTP Status code: 403
-Error code: 0098
-Error message: Permission denied.
When authorized by the Yahoo! JAPAN Ad's root MCC account admin, you can get, add, update, or remove all ad accounts under that company by specifying the root MCC in the base account.
Please refer to the "Before you start" for specific pattern-by-pattern authentication.
About the Code Flow for Authorization
OAuth2.0 of Yahoo! JAPAN Ads API only provides authorization code flow. Other authorization flows cannot be used. The authorization code flow will be explained below.
Figure 4. Authorization code flow
In the authorization code flow of Figure 4, if the company is an advertiser/agency, "User" and "Application" will be the employees or the system of your own company with the Yahoo! JAPAN Ads API contract.
In the case of Tool providers, the "Application" will be the system of your own company with the Yahoo! JAPAN Ads API contract. The "User" will be the advertisers/agencies of other company that holds their own Business ID.
In the authorization code flow, authorization and getting access tokens will be done with the following steps.
1. When the user starts using Yahoo! JAPAN Ads, the application will send an authorization request to the authorization server (/oauth/v1/authorize) via browser.
2. If the authorization server receives an authorization request, the screen will be redirected to the "Business ID sign-in screen".
3. The user will sign in with their Business ID in the "Yahoo! JAPAN Business ID sign-in screen".
4. If the user signs in successfully, the browser displays a screen to approve the authorization of the application.
5. If the user approves the authorization of the application, the screen will be redirected to the redirect URI entered upon adding the application.
6. An access token can be acquired by sending an Auth code to the authorization server (/oauth/v1/token). The refresh token will also be returned along with the access token.
7. Send an API request to Yahoo! JAPAN Ads API using the acquired access token.
Furthermore, the authorization code flow is a flow required for obtaining the first access token. If you have done the authorization once, you can reacquire the access token using the refresh token returned in step 6.
Refer to the API call for more detailed steps of the API call.