Monday, June 21, 2021

New authentication scope for multi-factor authentication

Last year, we started requiring multi-factor authentication in Microsoft Advertising online. Multi-factor authentication is a security process that requires you to verify your identity in two different ways.


We’ll soon require multi-factor authentication for all users who sign in through a third-party application that uses the Bing Ads API. Because security is important and we want to ensure there is enough time for full participation, we’ve set the enforcement date to March 1st, 2022.


Action required 


You must update your application and prompt users for consent using “msads.manage” scope via the Microsoft identity platform endpoint. All Microsoft Advertising developers must take action to use the new scope.  


With each API request we will check the access token to ensure the user granted consent via the new “msads.manage” scope. Upon enforcement of multi-factor authentication, any access token provisioned otherwise won’t be accepted.


We recommend that you make the necessary changes as soon as possible.

SDK support 


Support for the new “msads.manage scope” is added with Bing Ads SDKs (NET, Java, Python, and PHP) version 13.0.10 released this month. 


The new “msads.manage” scope is now used by default in all SDKs. For backwards compatibility you can temporarily use “ads.manage” or “bingads.manage” with a small code change. 



var oAuthDesktopMobileAuthCodeGrant = new OAuthDesktopMobileAuthCodeGrant(
    OAuthScope.ADS_MANAGE // temporary workaround



For more information, see our API documentation. As always please feel free to contact support or post a question in the Bing Ads API developer forum.  


Posted at