Security with AdWords Developer Token and OAuth2: possible misuse of token

0
votes

I was told to change the password for our AdWords API account, which i did. I thought that i have to change our used CredentialsObject for the OAuth2 authentification, too. But that seems not necessary.

If i want to reset the developer token Google says it takes up to several weeks to regain a new approved developer token. But we can not afford to not use AdWords data for this time period. So this option is no option for us..

I am now really wondering/concerning about security issues: What if an ex employee has taken a copy of the OAuth2 credentials object with him and can still access all API data? He does not have to know the new password and could still access our data...

How can i restrict the abuse of the developer token when employees left the company? Is there no other way than resetting the developer token? Or is this more a question of laws and contracts which deny misuse of company data by an ex employees? (scope is german laws in our case)

1
google-apigoogle-ads-api

1 Answers

0
votes

Tricky one! Legal matters aside (I am no expert in German IP legislation) one approach that I can think of is to set up a new My Client Center, then re-apply for the developer token in this new MCC to be authorized. You could even get in contact with your AdWords rep to explain the situation and maybe speed this process up a bit.

Once/if the developer token in the new MCC is authorized you can link your AdWords accounts to the new MCC, test and finally (provided you are happy) hit the 'reset developer token' button in your current MCC.

Or you could just contact your old employee and ask him/her 'Don't Be Evil' ;-)

Good luck!