Amazon Ads API: 403 Forbidden / "No output data" on /v2/profiles (Client ID, Scope, and Auth Issues)

rupambhakta · November 5, 2025, 1:47pm

Hi everyone,

I’m hitting a wall connecting n8n to the Amazon Ads API. I’m trying to use the standard /v2/profiles endpoint to retrieve the profileId but consistently get a 403 Forbidden (masked as “No output data returned” in n8n).

I suspect a combination of missing headers and scope issues, but I’ve exhausted my current troubleshooting steps.

Problem Details & Steps Taken

Goal: Successfully call GET https://advertising-api-eu.amazon.com/v2/profiles to get the profile ID.
Initial Error: The node returned “No output data returned” (which the browser console showed as a 403 Forbidden).
Authentication Setup (My OAuth2 Credential):
- Type: OAuth2 API
- Client ID/Secret: Using the client’s credentials.
- Current Scope: advertising::campaign_management 4. Header Conflict Test: When I removed the manually added Amazon-Advertising-API-ClientId header, the error immediately changed to 401 Unauthorized (as expected, since n8n’s Generic OAuth2 doesn’t add the Client ID header). This proves the header is necessary.
Current (Failing) HTTP Request Configuration:
- Method: GET
- URL: https://advertising-api-eu.amazon.com/v2/profiles
- Authentication: OAuth2 API (using “Unnamed credential 2”)
- Send Headers: Manually adding the client ID (required, as shown in test 4).

The Current State

Token is Fresh: I have re-authorized the credential successfully.
Headers: Authorization: Bearer <token> (from credential) and Amazon-Advertising-API-ClientId: <client_id> (manually added) are both present.
Result: Still receiving 403 Forbidden / “No output data returned.”

Possible Issues I Need Help With

Scope Issue: Is the scope advertising::campaign_management sufficient to hit the /v2/profiles endpoint? Should I change it to include advertising::read_only?
User Permissions: My client confirmed I have Developer access. However, I suspect the specific user who clicked “Allow” might only have Viewer permissions on the advertising profile, preventing the API from showing the profile list.
- Client’s User Role: My Amazon Developer account shows I have “Developer” access, but the specific Amazon Ads Console user permissions are unknown. 3. Configuration Check: Is there a standard Amazon Ads n8n configuration that handles both the Authorization and the Amazon-Advertising-API-ClientId headers automatically, or must the Client ID always be manual?

Any guidance on which specific scope or header configuration is required for the /v2/profiles endpoint would be hugely appreciated!

Thanks!

achamm · January 20, 2026, 3:29pm

Based on the search results, your 403 Forbidden error is likely due to insufficient permissions or missing required headers for Amazon Ads API access. Here are the key things to check:

• **Verify account permissions**: According to [github.com](User Account Permissions for accessing ads api · amzn/ads-advanced-tools-docs · Discussion #47 · GitHub), users with view-only access can retrieve profiles using the `accessLevel` query parameter. Try adding `?accessLevel=view` to your URL: `https://advertising-api-eu.amazon.com/v2/profiles?accessLevel=view\`

• **Check required headers**: Based on [docs.aws.amazon.com](https://docs.aws.amazon.com/solutions/latest/amazon-marketing-cloud-uploader-from-aws/oauth-flow-in-amazon-ads-api.html), you need three headers:

`Authorization: Bearer {access_token}` (handled by OAuth2)
`Amazon-Advertising-API-ClientId: {your_client_id}` (you’re adding this manually)
`Amazon-Advertising-API-Scope: {profile_id}` (you might be missing this)

• **Profile ID chicken-and-egg issue**: Since you need a profile ID for the scope header but are trying to get profile IDs, try using your advertising account ID as the scope value initially, or check if your account has the proper advertising permissions set up in Amazon’s advertising console.

The fact that removing the Client ID header gives you 401 (vs 403) confirms the authentication is working but authorization is failing.