MCP.directory
Updated May 2026Comparison15 min read

AI Ad Management 2026: Meta vs Google vs TikTok Ads MCP

AI ad management in 2026 means three MCP servers and the same scary question: how do you let an agent touch real budgets without lighting money on fire? Meta Ads, Google Ads, and TikTok Ads each expose an AI-friendly surface, but the auth shape, the safety knobs, and the failure modes are very different. This guide compares all three on read-only reporting, campaign edits, budget caps, and the auth scopes you should never grant by default — everything sourced from the official platform docs.

Editorial illustration: three luminous teal advertising-platform glyphs in a row — a Meta f-marker, a Google G-marker, a TikTok music-note — connected by softly glowing campaign-funnel arrows on a midnight navy backdrop.
On this page · 13 sections
  1. TL;DR + decision tree
  2. What an ads MCP does + safety primer
  3. Side-by-side matrix
  4. Auth model deep dive
  5. GAQL vs Insights vs TikTok reports
  6. Meta Ads MCP — install + recipe
  7. Google Ads MCP — install + recipe
  8. TikTok Ads MCP — install + recipe
  9. Don't grant write scopes by default
  10. Common pitfalls
  11. Community signal
  12. FAQ
  13. Sources

Read this first

These MCP servers can move real money. Before any of them touch a production ad account, (1) grant read-only OAuth scopes for the first install, (2) set an account-level spend cap on the platform, and (3) decide explicitly which write methods, if any, your client is allowed to call. The safety section walks through each one.

TL;DR + decision tree

  • You run Facebook + Instagram ads. Install Meta Ads MCP. It wraps the most-comprehensive ad API surface of the three, and the agent can answer reporting questions across campaigns, ad sets, ads, audiences, and insights without leaving your editor.
  • Search, display, YouTube, Performance Max is most of your spend. Install Google Ads MCP. Reporting depth via GAQL is unmatched; the developer-token setup is the price you pay for it.
  • TikTok-first creative team. Reach for a community TikTok Ads MCP. The category is the youngest of the three; if you don’t already run TikTok ads heavily, you probably don’t need this one yet.
  • Default the install to read-only. Reporting is 80% of the use case. Add write scopes only when a workflow justifies it.

These three are not substitutes. Each MCP wraps a single advertising platform; pick by where you already spend money, not by which API feels nicest. If you run all three platforms, install all three MCPs — auth boundaries are per-server, and a tool-routing layer (we cover one in the pitfalls section) keeps the prompt budget manageable.

What an ads MCP does + safety primer

An ads-platform MCP server is a thin wrapper over the vendor’s marketing API. Meta’s is the Graph API’s /act_{ad_account_id}/ endpoints. Google’s is the Google Ads API (the modern replacement for AdWords) keyed on a customer ID. TikTok’s is the Marketing API at business-api.tiktok.com/open_api/. The MCP server exposes those endpoints as named tools the model can call — each with a description, an input schema, and (crucially) a read or write classification.

The honest mental model is two axes: what the agent reads and what the agent can mutate. Read methods return spend, impressions, conversions, creative metadata, audience definitions, account structure — the same answers a human reads off a dashboard. Mutating methods create campaigns, change budgets, upload creatives, pause and unpause ads, edit targeting, and (most expensively) launch entirely new spend. The risk profile differs by an order of magnitude.

Every one of these MCP servers respects your OAuth grant. If the access token you provided only has the read scope, write tools either fail at the API boundary or aren’t exposed by the server at all. Three things make this safety story work in practice:

  1. Grant the narrowest scope first. ads_read on Meta, the read-only Google Ads scope, a TikTok app role that can only fetch reports. You will rarely regret this.
  2. Cap spend at the platform. Account-level spending limits exist on all three. Set them. A 60-second configuration change in Ads Manager is the only thing standing between a hallucinated tool call and a four-figure unauthorised spend.
  3. Allowlist tools in your client. Cursor, Claude Desktop, and Claude Code all expose tool-allowlisting at varying levels of granularity. Even if a server exposes a create_campaign tool, your client can refuse to list it. Combine this with platform spend caps for defence-in-depth.

If you’re new to the protocol, our What is MCP primer covers the JSON-RPC wire format, and our OAuth 2.1 for remote MCP servers deep-dive covers how scope grants actually flow through token exchange. Both are worth a skim before you wire up a write scope.

Side-by-side matrix

Every cell is sourced from the official platform docs or the most-installed community MCP repo. Live counts checked 2026-05-11 from the indexed entries on this directory.

DimensionMeta Ads MCPGoogle Ads MCPTikTok Ads MCP
Underlying APIMeta Marketing API (Graph)Google Ads API (REST + gRPC)TikTok Marketing API
AuthOAuth 2.0 via Meta BusinessOAuth 2.0 + Google Ads developer tokenOAuth via TikTok for Business
Smallest read scopeads_readadwords (read-only)report read role
Write scope (for mutation)ads_managementadwords (full)campaign write role
Extra approval frictionApp review for ads_management on non-owned accountsStandard developer token review (3-10 days)TikTok for Business app review
Query languageGraph API + Insights breakdownsGAQL (Google Ads Query Language)Filtered report endpoints
Surface areaLargest — campaigns, ad sets, ads, audiences, pixels, catalogues, creativesLargest in search/display — accounts, campaigns, ad groups, keywords, assets, audiencesSmallest — campaigns, ad groups, ads, audiences, reports
Platform spend capAccount spending limit (per ad account)Account-level budget + per-campaign daily budgetTotal + daily budget per campaign
Best-fit use caseFacebook + Instagram reporting and bulk editsSearch/Display/YouTube/PMax reporting and bid tuningTikTok-first creative reporting
MCP.Directory page/servers/meta-ads/servers/google-adsCommunity (no canonical)

Three takeaways. First, Meta has the largest API surface by raw tool count — campaigns, ad sets, ads, custom audiences, lookalikes, pixel events, product catalogues, creative drafts all live in one Graph. Second, Google Ads has the deepest reporting via GAQL, which reads close enough to SQL that the model writes valid queries from scratch more reliably than against Meta’s Insights breakdown grammar. Third, TikTok’s MCP surface is the youngest — community wrappers exist but vary in completeness; treat them as “works for reporting, audit before you trust mutation methods.”

Auth model deep dive

Each platform sells you the same idea — OAuth 2.0 against a business identity — but the implementations diverge in ways that bite when you wire up an MCP for the first time. Knowing the shape of each flow up front saves an afternoon of squinting at 401 responses.

Meta: Business Login and the app review wall

Meta’s flow is OAuth 2.0 over Facebook Login for Business (sometimes labelled “Business Login” in the UI), with the wrinkle that the access token you get is scoped not just by permissions but by which ad account, page, or business manager the user authorised. Tokens come in three flavours: a short-lived user token (about an hour), a long-lived user token (around 60 days), and a System User token issued under a Business Manager which doesn’t expire. For any server-side agent, use the System User token — it’s the only one that survives a long-running deployment without a refresh loop. The deeper friction is app review: ads_management, business_management, and pages_read_engagement are all classified as advanced permissions. Until your Meta app passes review, the token only works against ad accounts where the authorising user is an admin or where you’ve added test users. Roles also matter at the ad-account level: even a token with ads_management can’t edit a campaign if the user lacks the “Advertiser” or “Admin” role on the specific ad account.

Google: OAuth plus the developer-token gate

Google Ads is the odd one out. You complete an OAuth 2.0 flow like normal — client ID, client secret, refresh token, the standard offline-access scopes — but every single API call also requires a developer-token header that lives on your Google Ads MCC, not on the OAuth credentials. The token has access levels — Test Account, Explorer, Basic, and Standard. Per Google’s own docs, Test Account access (granted automatically on signup) only works against test accounts and allows 15,000 operations per day; Basic Access allows the same quota against production accounts but requires a review with roughly a 2-business-day turnaround; Standard Access removes operational limits but takes around 10 business days. The catch most teams miss: your token, your app, your OAuth-flow user can all have different developer-token access levels, and the call fails if the token attached to the request isn’t approved for the account you’re hitting. For an internal agent operating on your MCC, Basic is fine. For an MCP wrapper you intend to distribute, start the Basic-access application the day you start writing code.

TikTok: TikTok for Business app + sandbox mode

TikTok’s OAuth flow runs through TikTok for Business rather than the consumer TikTok app. You register an application in the TikTok for Business developer portal, get a client key and secret, and the authorising user grants access from inside their Business Center. New apps start in sandbox mode: the OAuth flow works, but the advertiser_id you can call against is a test advertiser provisioned for development, not real ad accounts. To promote to production you submit the app for review with a use-case description and screencast — similar shape to Meta’s flow but a faster review in practice. Permissions are role-based on the Business Center side: even with a valid token, fetching reports requires the “ads.report.read” permission to be granted to your app for that specific advertiser_id.

Specific advice if you’re wiring this for an agent

  • Pick read-only scopes by default. Meta: ads_read. Google: the OAuth scope plus Test-Account or Basic-Access developer-token level (read-only GAQL is allowed at all tiers). TikTok: the report read role.
  • Escalate only when a workflow needs it. An agent that pauses an underperforming ad needs write scope on campaigns; an agent that summarises spend never does.
  • Never grant ads_management write scope to an LLM-driven flow without a budget cap. Meta’s Account Spending Limit, Google’s Account-level Budget, and TikTok’s campaign daily + total budgets are the safety net. Set them before, not after, the first write call.

A useful decision matrix when you’re choosing scopes for a new agent. Reporting-only agent over your own accounts? Meta ads_read + Google Test or Basic developer token + TikTok report read role, no app review needed for any of them. Reporting agent that needs to serve client accounts? Same Meta + TikTok scopes, but Google requires Basic Access (2-day review) at minimum, Standard if you’ll be running arbitrary GAQL volumes. Write-capable agent against your own accounts? Add Meta ads_management and complete the Meta app review, swap Google to a fully-scoped OAuth grant (still Basic developer token is fine), add TikTok’s campaign-write role. Write-capable agent against client accounts? You’re now an agency platform: full Meta app review with detailed use-case write-up, Google Standard developer-token review, TikTok app review with screencast. The build cost rises non-linearly with each step, so keep workflows that can stay read-only there.

GAQL vs Meta Insights vs TikTok reports

The query layer is where the three platforms feel most different to an AI agent. Google gives you a SQL-like dialect (GAQL), Meta gives you a field-and-breakdown vocabulary that runs through the Insights API, and TikTok gives you a request-shaped reporting endpoint with dimension and metric arrays. The model handles all three, but well-formed query generation is much more reliable against GAQL than against the other two.

Google Ads — GAQL (closest to SQL)

GAQL reads like a SQL SELECT with a fixed grammar: a FROM clause that names a single resource, a comma-separated SELECT list of field paths, an optional WHERE, ORDER BY, and LIMIT. A representative query an agent might generate to answer “which campaigns had at least 100 clicks last week and what was their cost?”:

SELECT
  campaign.id,
  campaign.name,
  metrics.cost_micros,
  metrics.clicks,
  metrics.conversions
FROM campaign
WHERE segments.date DURING LAST_7_DAYS
  AND metrics.clicks >= 100
ORDER BY metrics.cost_micros DESC
LIMIT 50

That’s the entire syntax. Models have seen tens of thousands of these in training; freeform GAQL generation from an English question is the most reliable query-language-from-LLM workflow in the advertising space.

Meta — Insights API with fields and breakdowns

Meta’s Insights API isn’t a query language — it’s a parameterised GET against /{ad_account_id}/insights where you pass fields, breakdowns, time_range, and filtering as URL parameters. The mental model is closer to OpenAPI than SQL. The equivalent of the GAQL query above looks roughly like:

GET /v18.0/act_123/insights
  ?fields=campaign_id,campaign_name,spend,clicks,actions
  &level=campaign
  &date_preset=last_7d
  &filtering=[{"field":"clicks","operator":"GREATER_THAN_OR_EQUAL","value":100}]
  &sort=spend_descending
  &limit=50

The model writes these reliably with one big caveat: conversions don’t come back as a column. They arrive inside the actions array keyed by action_type (for example, offsite_conversion.fb_pixel_purchase), and you pick out the conversion you want client-side. Newer MCP wrappers paper over this in tool-level post-processing, but if yours doesn’t, expect to spend the first prompt explaining the actions array to the model.

TikTok — reporting endpoints with dimension + metric arrays

TikTok’s reporting endpoint at /open_api/v1.3/report/integrated/get/ takes a JSON body with dimensions (campaign_id, ad_id, etc.) and metrics (spend, impressions, clicks, conversions) plus a start_date and end_date. Same question, TikTok shape:

POST /open_api/v1.3/report/integrated/get/
{
  "advertiser_id": "7234567890",
  "report_type": "BASIC",
  "dimensions": ["campaign_id"],
  "metrics": ["spend", "clicks", "conversion"],
  "start_date": "2026-05-04",
  "end_date": "2026-05-10",
  "filtering": [{"field_name": "clicks",
    "filter_type": "GTE", "filter_value": "100"}],
  "order_field": "spend",
  "order_type": "DESC",
  "page_size": 50
}

Three things to know: filter syntax is an array of objects with explicit operator names, dimension and metric names are snake_case strings rather than dotted paths, and pagination uses page and page_size instead of a cursor. The model gets this roughly right on the first try if the MCP server’s tool descriptions name the dimensions/metrics vocabulary; without that hint, expect to correct field names once or twice per session.

Meta Ads MCP — install + recipe

Meta Ads
Meta Adspipeboard-co
1-Click ReadyRemote

Optimize Facebook ad campaigns with AI-driven insights, creative analysis, and campaign control in Meta Ads Manager for

developer toolsanalytics data3.6k43

What it does best

Meta Ads MCP is the right answer when most of your spend lives on Facebook and Instagram. The Marketing API exposes more primitives than the other two platforms combined — custom audiences, lookalikes built from pixel events, dynamic product ads against a catalogue, creative drafts and asset feeds — and the MCP shims wrap that API directly. Reporting agents lean on the Insights endpoint, which slices spend and conversions by campaign / ad set / ad / demographic / placement / device with a single tool call. The headline strength is breadth: anything a human can do in Ads Manager has an API equivalent, and the MCP tool naming follows the API closely.

Pick this if you...

  • Run paid social on Facebook and Instagram and need an agent that can answer questions about spend, ROAS, and ad-set performance
  • Maintain custom audiences and want the agent to read audience definitions and overlap reports
  • Use Meta’s pixel and want conversion-level breakdowns in the same tool surface as campaign reporting
  • Are willing to go through Meta app review if you eventually need write access to ad accounts you don’t own

Recipe: weekly ROAS report with audience overlap call-out

In Cursor with Meta Ads MCP installed and a Meta Business access token (granted ads_read only — no ads_management for this workflow):

Use the Meta Ads MCP against ad_account_id 'act_1234567890'.
For the last 7 days, return per-campaign spend, conversions,
and ROAS. Sort descending by ROAS. Then for the bottom 3 campaigns
by ROAS, check their ad-set targeting against my saved custom
audiences — flag any pair with > 30% overlap as a likely
audience-cannibalisation issue. Summarise as a markdown table.

The model issues two tool calls: a campaign-level Insights query for the time window, and a targeting + audience-overlap lookup for the underperforming ad sets. Both endpoints are read-only — ads_read is sufficient. The output lands as a table you can paste into a weekly review doc. Notice what we didn’t do: we didn’t ask the agent to pause the underperformers. That requires write scope, which we haven’t granted.

Skip it if...

Your spend is dominated by search or YouTube. The Marketing API exposes a lot, but it can’t see Google Ads campaigns or TikTok reach. If Facebook + Instagram is a side channel for you, run the Google Ads MCP as your primary and only install Meta’s when you specifically need it.

G
Google Adsgoogle-ads-mcp
1-Click ReadyRemote

Easily launch and manage Google Ads from any AI client using our remote MCP server—no setup or coding required.

48310

Google Ads MCP shines on reporting depth, because GAQL — the Google Ads Query Language — is the closest thing in the advertising-API world to SQL. The model has seen tens of thousands of GAQL examples in training (the docs at developers.google.com/google-ads/api/docs/query/overview are exhaustive and well-indexed), and it writes valid queries against the right resources with high reliability. The supported resources cover everything you’d need: campaign, ad_group, ad_group_ad, keyword_view, customer, search_term_view, conversion actions, audiences, and roughly a hundred more. Cross-channel inside Google’s ecosystem (search + display + YouTube + Performance Max) ships in one MCP.

  • Spend on Google search ads, display, YouTube, or Performance Max — anything that lives under a Google Ads MCC account
  • Have an internal team that already knows GAQL, or want the model writing GAQL from scratch (it’s good at this)
  • Need granular reporting at the search-term and keyword level, not just campaign aggregates
  • Can tolerate the developer-token request flow up front — test access is instant; standard access is a 3-10 day review

In Claude Code with Google Ads MCP installed, OAuth completed, and your developer token + customer ID configured in env vars:

Use the Google Ads MCP against customer_id '123-456-7890'. Run
this GAQL across the last 30 days:

  SELECT
    keyword_view.resource_name,
    ad_group_criterion.keyword.text,
    metrics.cost_micros,
    metrics.conversions,
    metrics.clicks
  FROM keyword_view
  WHERE metrics.clicks > 50
    AND metrics.conversions < 0.5
    AND segments.date DURING LAST_30_DAYS
  ORDER BY metrics.cost_micros DESC
  LIMIT 20

Tell me total wasted spend across these keywords (cost / 1e6),
and group them by ad group. Return as JSON.

The agent issues a single search request and parses the response. GAQL handles the heavy lifting on the API side — you’re not asking the agent to filter 100k rows client-side. The output gives you a precise list of negative keyword candidates with dollar amounts attached. Again, this workflow needs only the read-only OAuth scope; promoting the identified keywords to negatives requires the full scope and is a workflow we’d guard behind a separate, narrower agent with a tighter tool allowlist.

You don’t run Google Ads, or you need write access immediately and can’t wait the few days for standard developer-token approval. Test access works fine against your own accounts; if you need to operate on client accounts via an MCC and want it production-ready Monday, file the request today. The token is granted at the developer level, not per user — once approved, the whole MCC unlocks.

TikTok Ads MCP — install + recipe

TikTok Marketing API wrapper

TikTok Ads MCP

Community-maintained · OAuth via TikTok for Business

TikTok docs →

What it does best

TikTok Ads MCP is for teams whose paid social is TikTok-first. The Marketing API covers campaign creation, ad-group targeting, creative upload, Spark Ads boosts of existing organic content, and the standard reporting endpoints. Multiple community wrappers exist — none are first-party from TikTok at time of writing — and they vary in completeness. The headline use case is reporting on TikTok Ads Manager campaigns from inside your AI editor without context-switching to the dashboard, which matters more for TikTok than for Meta or Google because Ads Manager’s TikTok UI is the youngest and most likely to change layout.

Pick this if you...

  • Run TikTok ads as a primary channel — in-feed, Spark Ads boosts, top-view placements, branded effects
  • Want reporting from inside your AI editor and don’t mind running a community MCP wrapper
  • Already have a TikTok for Business app registered (the OAuth flow won’t work otherwise)
  • Are explicitly okay auditing community-maintained MCP code before trusting it with mutation methods

Recipe: top creatives by CPA in the last 14 days

In any MCP client with a TikTok Ads MCP installed and OAuth completed against TikTok for Business:

Use the TikTok Ads MCP against advertiser_id '7234567890'.
Pull every active ad in the last 14 days. For each, return ad
name, total spend, total conversions, CPA, and a thumbnail URL
of the creative. Sort ascending by CPA and return the top 10.
Also tell me which of these are Spark Ads vs in-feed creatives
based on the creative_type field.

The model issues a list call for ads on the advertiser ID and an aggregation call for performance metrics, joins them client-side, sorts and returns. You get a thumbnail-attached leaderboard in chat. TikTok’s reporting endpoints are read-only by API permission, so this is safe even on a permissive grant — but the same caveats about write scopes apply if you later add a campaign-creation workflow.

Skip it if...

TikTok isn’t in your top-three paid channels. The community MCPs are useful but rougher around the edges than Meta’s and Google’s wrappers; if you’re only running occasional TikTok ad sets, the dashboard is still quicker than wiring up the MCP. Revisit when TikTok becomes a meaningful share of spend or when a first-party MCP ships.

Don’t grant write scopes by default

This is the section to read twice if you’re responsible for ad spend. The risks aren’t hypothetical — they’re directly proportional to the OAuth scopes you grant on day one, and the most common mistake is “I’ll just grant full access to make sure everything works.” Don’t. Three concrete moves:

1. Start in read-only mode

Meta: grant only ads_read (plus business_management if the account is owned by a Business Manager). Google Ads: pick the read-only OAuth scope variant. TikTok: assign the read-tier role to the app. Run your reporting workflows for a week. Confirm the agent answers everything you need without touching write endpoints — it usually does.

2. Set platform-side spend caps

Meta: Business Settings → Payments → Account spending limit. Google Ads: Account-level budget (Tools → Budgets & Bidding) and per-campaign daily caps. TikTok: campaign-level total + daily budget. These caps live on the platform, not on the agent, so they survive bugs, hallucinations, misconfigured tool allowlists, and the “I’ll just try it” impulse from anyone with prompt access.

3. Use a write-capable agent only for one workflow

When you eventually do need write access — pausing underperformers, reallocating budgets — wire up a separate MCP client / agent with its own narrower OAuth grant and a tighter tool allowlist. Don’t fold write capability into your general-purpose reporting agent. The cost of one more configured client is much smaller than the cost of one wrong mutating tool call.

Audit which tools your server exposes

Some MCP server builds expose mutating tools that you could call if you had the scope, even when you only granted read scopes — the calls would just fail at the API. That’s defence-in-depth: scope is the source of truth. But for community-maintained servers (which includes TikTok and several Meta wrappers), read the tool list in the repo README before installing. If you see create_campaign or update_budget and you only want reporting, consider a tool-allowlist in your client.

If you’re building agents that go further — autonomous pausing, budget rebalancing, creative rotation — you’re stepping into territory covered by the OWASP MCP Top 10 threat model. The agent should run with a dedicated service identity (not your personal OAuth token), the OAuth grant should be the narrowest that still lets the workflow function, and every mutating call should land in an append-only audit log you can replay. None of this is exotic — it’s the same posture you’d take with any automation that can spend money, the MCP layer just makes the failure modes novel-looking.

Budget guardrails: concrete patterns

The safety section above sets the strategy. This section is the implementation checklist. Four guardrails, in order of how much each one bounds the worst case:

  1. API-side daily and lifetime caps. Meta’s AdSet accepts daily_budget (cents) and lifetime_budget as fields you can set at creation or update time; Google’s Budget resource accepts amount_micros (one millionth of the account currency) and a delivery_method of STANDARD or ACCELERATED; TikTok’s Campaign accepts budget and budget_mode with values like BUDGET_MODE_DAY and BUDGET_MODE_TOTAL. Set these on every campaign the agent can touch, even ones it isn’t supposed to modify — they cap the blast radius if the agent calls the wrong tool.
  2. Account-level spending caps. One level above per-campaign limits. Meta exposes this in Business Settings → Payments → Account Spending Limit; Google exposes it as Account-level Budget under Tools → Budgets & Bidding; TikTok limits at the campaign level only, so on TikTok you use per-campaign daily + total budgets as the cap of record. These are platform-side and survive any agent configuration drift — set them at numbers that bound the worst day you could financially absorb, not the average day.
  3. Spending-cap alerts. All three platforms emit webhooks or email alerts when daily spend exceeds a threshold. Wire one to a Slack channel, an on-call rotation, or a kill-switch trigger. The point isn’t to catch the agent before damage happens — that’s what the hard caps are for — but to learn that the agent did something unexpected before the bill arrives. A spend curve that doubles overnight is the kind of signal you want surfaced inside an hour, not an end-of-month invoice.
  4. Pause-everything kill switch as an MCP tool.Give the agent a pause_all_campaigns tool that flips every active campaign on the account to PAUSED. Don’t give it a corresponding resume_all_campaigns tool — resume is a deliberate human action. This asymmetry matters: a panicking or confused agent that can pause everything causes a few hours of lost spend, while an agent that can pause and resume can cause a flapping outage that’s far harder to debug. Audit-trail logging closes the loop: log every mutating tool call with the agent’s prompt, the tool arguments, the response, and the timestamp — store it append-only, never let the agent read or modify the log from inside the same session.

Common pitfalls

Meta access tokens silently expire

Short-lived Meta user tokens expire in about an hour and long-lived tokens in roughly 60 days. The MCP server surfaces that as cryptic API errors. Either use a System User token (recommended for server-side use; doesn’t expire) or wire up a refresh-token flow. Stuffing a short-lived token into an env var and forgetting about it is the single most common cause of “the agent stopped working” in this category.

Google Ads developer-token confusion

A common stumble: people grant OAuth and assume that’s enough. It isn’t — every Google Ads API request also needs a developer-token header from the Google Ads UI (API Center inside the MCC). Test-access tokens work only against accounts the developer owns or test accounts. Standard access (operating on client accounts) requires a review with a screencast and privacy policy. Apply for it early in your build, not the week before you want to ship.

TikTok advertiser_id vs business_id mix-up

TikTok’s API uses an advertiser_id (the ad account) and a business_id (the parent business). Several community MCPs accept one or the other inconsistently across tools. If a tool call fails with a 404 or empty response, the first thing to check is which ID type the failing tool wants. Pin the IDs in your system prompt to avoid the agent guessing.

Three at once = description bloat

Each of these servers exposes 10-30 tools depending on configuration. Stacking all three in one client adds 50+ tool descriptions to every prompt. Use a tool-routing layer (see our MCP context bloat post) to scope what the model sees per turn, or run one MCP per client window when the workflows are different enough to warrant the split.

Tokens in transcripts

Ad-platform tokens grant real money. Some MCP clients log full request/response pairs for debugging. Check your client’s logging settings and rotate any token you suspect was logged. The same rule applies to anywhere the transcript could be sent for model evaluation or feedback — assume the worst and rotate.

Meta API rate limits surprise you under burst writes

Meta’s Marketing API enforces aggressive per-app and per-account rate limits, scaled by your app’s historical spend (the “ads_management_write” bucket in particular). An agent that creates 30 ads in a loop after lunch will hit the wall and start receiving error code 80004 with retry-after hints. The fix is two parts: use Meta’s bulk endpoints (POST /act_X/asyncadrequestsets for batched ad creation) when the operation supports them, and wrap every mutating tool in your MCP with exponential backoff that respects the X-Business-Use-Case-Usage response header. Don’t hand the agent a tight loop and a write scope and assume the API will pace itself.

Google Ads dev token sandbox vs production

The classic Google Ads stumble: your developer token is at Test-Account access level (the default after signup), so every API call against your real MCC returns DEVELOPER_TOKEN_NOT_APPROVED. The token technically works — it works fine against the test accounts you created via the Google Ads API Center — but against production accounts it fails until you apply for Basic Access and pass the 2-business-day review. Many devs hit this on day one of integration and assume the token is broken; the fix is filing the Basic Access form in the API Center inside your MCC, not generating a new token. Apply for Basic Access the moment you start the project; you can build against test accounts while the review is pending.

Community signal

Three sources that capture how teams actually experience these APIs in the wild, pulled from official docs and public developer threads:

Google’s own access-levels doc states the Basic Access turnaround flatly: “2 business days” for Basic, “10 business days” for Standard. The same doc clarifies that Standard Access is “only granted to developers who require unlimited Google Ads API operations, such as large companies or tools that serve many users.” The takeaway: most agent-shaped workloads sit comfortably at Basic, which is the path of least resistance. Standard is a request you make when you genuinely need unlimited operations on third-party MCCs, not a default to apply for. (Source: developers.google.com/google-ads/api/docs/access-levels)

The official Marketing API rate-limit pagefrom Meta documents that rate limits are scored per app and per ad account against an “ads_management_write” bucket whose usage scales with your historical spend — small accounts hit limits faster than large accounts at the same write volume. This is the underlying explanation for why agent-driven bulk-create workflows often work fine in a sandboxed test account and then fail in production: the production account’s smaller spend history gives it a smaller per-hour write budget. (Source: developers.facebook.com/docs/graph-api/overview/rate-limiting)

TikTok’s Marketing API portal documents that all production calls require a vetted app in the TikTok for Business developer portal, and sandbox advertisers cannot be used for production traffic. The portal lists the step-by-step app-review submission flow with required metadata: use case, screencast, privacy policy URL. Community wrappers occasionally bundle a sandbox-only advertiser_id in their README; that’s a useful starting point but won’t fetch any real campaign data. (Source: business-api.tiktok.com/portal/docs)

Frequently asked questions

Can an AI agent actually spend my ad budget through these MCP servers?

Yes — and that is the first thing to design around. All three MCP servers expose tool methods that mutate state: create a campaign, raise a daily budget, duplicate an ad set, pause or unpause a campaign. Whether the agent can call those tools depends on (a) the OAuth scopes you granted, (b) whether the MCP server build you installed exposes write methods at all, and (c) any tool-allowlist your client supports. The safe default for any first-time install is read-only: grant ads_read on Meta, the Google Ads read scope, and a read-tier TikTok app role. Promote to write only when a specific workflow demands it, and pair the upgrade with an API-side spend cap. We cover the safety pattern in detail in the safety section below.

What's the difference between Meta's ads_read and ads_management scopes?

ads_read returns campaign structure, insights, audiences, and metrics — everything a reporting agent needs. ads_management adds the ability to create, edit, pause, and delete campaigns, ad sets, ads, and budgets. An MCP server built to surface only Insights API endpoints can live entirely on ads_read; a server that exposes campaign-mutation tools requires ads_management plus the standard pages_read_engagement and business_management scopes for the ad account. Meta's app review process treats ads_management as a sensitive permission — expect to submit a screencast and use-case description to go from development to live. Until then, the token only works against ad accounts you own or test users.

Does Google Ads MCP need a developer token, and is that hard to get?

Yes — the Google Ads API requires both OAuth credentials and a developer token, and the developer token is the friction point. Test access (read and write against your own accounts) is granted immediately when you fill the form in the Google Ads UI. Standard access — required to call the API against accounts you don't own — needs a review, including a working integration demo, a privacy policy URL, and proof your tool follows the Required Minimum Functionality. For an internal agent operating on your own MCC account, test access is fine. For an MCP server you intend to share publicly, plan three to ten business days for the review.

How do I cap how much an agent can spend if it goes wrong?

Cap on the platform side, not on the agent side. Meta supports account-level spend caps (Business Settings → Payments → Account spending limit) — set this even if you don't need it for budgeting reasons, because it puts a hard ceiling on any agent-driven mistake. Google Ads supports daily budgets per campaign and shared budgets across campaigns; combine that with the Account-level budget for billed organizations. TikTok Ads Manager supports campaign-level total and daily budgets. Setting a spend cap takes 60 seconds and bounds the worst-case blast radius of a hallucinated tool call. Do this before granting any write scope.

Is there a first-party Meta Ads MCP or are they all community?

At time of writing there is no Meta-published official MCP server. The most-installed community implementations wrap the Marketing API directly using the same Graph API endpoints documented at developers.facebook.com/docs/marketing-apis. Treat any community server like you'd treat any third-party Marketing API client: pin the version, read the tool list before installing, and audit which methods touch mutating endpoints. The MCP Marketplace card on this directory page links to the canonical repo and install configs for the most-used build.

Can I use these MCPs from Claude Desktop, Cursor, and VS Code?

Yes — all three are stdio MCP servers that install via the standard mcpServers JSON block in any client that supports the protocol. The Open server page link on the install card on this post gives you the canonical config for Meta Ads and Google Ads; for TikTok Ads, the community wrappers all follow the same shape. The auth secrets land in env vars or in your client's secrets store — never paste an OAuth refresh token directly into a prompt or commit it to a repo, because MCP transcripts often end up in model training feedback loops.

Which one should I install first?

Whichever platform you spend the most on, and start in read-only mode. The 80% use case for an ads MCP is reporting — answering 'what's our ROAS this week broken down by campaign,' 'which ad set is underperforming on CPA,' 'show me yesterday's top-spending creatives' — and read scopes are enough for all of that. Add write scopes only when a specific workflow (auto-pause underperformers, programmatic budget reallocation) justifies the additional blast radius and you've set the API-side spend cap to bound it. Most teams never need write at all.

What about Twitter/X Ads, LinkedIn Ads, Reddit Ads, Snap Ads MCP?

The community has thin or no production-grade MCP coverage for these as of mid-2026. X dropped its broad ads API access tier; LinkedIn's Marketing API is gated behind a partner program that's slow to approve; Reddit Ads and Snap Ads have OpenAPI specs but no commonly-used MCP wrapper. If you need any of them, a thin custom MCP that wraps the platform's REST endpoints is faster than waiting for community adoption. We track new servers in this category on /servers/category/advertising.

Can an MCP agent edit budgets safely?

Yes, if you architect for it. The pattern that works in production: (1) grant a narrow OAuth scope that allows budget mutation but not campaign creation or deletion, (2) wrap the underlying API call in a thin MCP tool that enforces a hard maximum (for example, refuse any daily_budget_micros greater than 100 USD per call), (3) require the model to pass the current budget value alongside the proposed new value so the server can reject deltas above a per-call cap, and (4) write every successful mutation to an append-only audit log keyed by agent session ID. The most common failure mode is granting a generic write scope and trusting prompt-level instructions to bound the agent — the model will follow them most of the time, but the cost of the one time it doesn't is exactly the budget the agent could see. Cap on the server side, not the prompt side. The Google Ads API exposes daily_budget_micros on Budget resources, Meta exposes daily_budget and lifetime_budget on AdSet, and TikTok exposes budget on the Campaign object — all three can be safely raised under guardrails, but never grant unbounded write authority.

What's the latency for getting yesterday's spend across all 3 platforms?

Roughly 2-5 seconds end-to-end for a parallel fetch when the data is already in cache on the platform side. Meta's Insights API typically returns same-day fresh data within 30-90 seconds; yesterday's spend is rock-solid. Google Ads serves attributed conversion data with up to a 3-hour freshness lag but cost data is real-time, so yesterday's spend is also fine. TikTok's reporting endpoints lag the dashboard by 1-3 hours for conversions but cost shows up within 15 minutes. The bottleneck in an agent flow is rarely the API — it's the model deciding which tool to call. If you want sub-2-second responses, pre-aggregate the daily-spend metric in a single MCP tool that issues all three platform calls in parallel and returns one unified object. Most community wrappers don't do this out of the box; a custom 50-line MCP that aggregates is worth writing if dashboard latency matters.

Sources

Meta Ads

Google Ads

TikTok Ads

Related comparisons

Internal links

Keep reading

Protocol

OAuth 2.1 for remote MCP servers

Read

Security

MCP security: 200k exposed servers + OWASP MCP Top 10

Read

Roundup

Best knowledge-base MCP servers 2026

Read