2026-05-23

How to connect Meta Ads to OpenClaw

A practical guide to creating an app in Meta Developers, getting an access token, building a JSON config, and connecting the Meta Ads API to an AI agent for ad automation and reporting.

Meta Ads remains one of the main channels for performance marketing: it is used to run ads across Facebook, Instagram, Messenger, and other Meta placements. But as the number of campaigns, hypotheses, audiences, and reports grows, the ad account quickly turns into manual operational work.

A marketer constantly has to check campaigns, monitor spend, CTR, CPC, CPM, leads, conversions, disable weak combinations, prepare reports, and formulate the next hypotheses.

An AI agent can take over part of this routine: read statistics, find problematic campaigns, prepare summaries, suggest new hypotheses, assemble reports, and help control the paid acquisition workflow.

One way to do this is to connect Meta Ads to OpenClaw through the Meta Marketing API. In this guide, we’ll break down how to create an app in Meta Developers, get an access token, build a JSON config, verify API access, and prepare an agent to work with your ad account.

What is the Meta Marketing API?

The Meta Marketing API is an API for working with Meta advertising objects: ad accounts, campaigns, ad sets, ads, creatives, and insights. It can be used to read ad performance data, get a list of campaigns, analyze performance, and, when the required permissions are granted, create or modify advertising objects. Meta describes the Marketing API as a tool for creating and managing advertising campaigns programmatically. (Facebook Developers)

For reporting, the Ads Insights API is usually used. To access it, you need a Meta app and the ads_read permission. (Facebook Developers)

If the agent should not only read reports but also create or edit campaigns, you will need the ads_management permission. Meta states that ads_management allows an app to read and manage the ad account it owns or has access to. (Facebook Developers)

Important difference from Google OAuth JSON

With Google, you often have an OAuth Client JSON file that you download from Google Cloud Console.

Meta works differently. Usually, you do not download a ready-made “Meta OAuth JSON” file. Instead, you create an app in Meta Developers and collect:

  • App ID;
  • App Secret;
  • Access Token;
  • Business ID;
  • Ad Account ID;
  • a list of permissions.

After that, you can build your own JSON config for OpenClaw or another agent runtime.

Example file:

{
  "provider": "meta_ads",
  "graph_api_version": "v25.0",
  "app_id": "YOUR_META_APP_ID",
  "app_secret": "YOUR_META_APP_SECRET",
  "business_id": "YOUR_BUSINESS_ID",
  "ad_account_id": "act_YOUR_AD_ACCOUNT_ID",
  "access_token": "YOUR_ACCESS_TOKEN",
  "permissions": [
    "ads_read",
    "ads_management",
    "business_management"
  ]
}

At the time this guide was prepared, the current Graph API version was v25.0, but before implementation, it is better to check the current version in the Meta changelog. (Facebook Developers)

What you can automate after connecting Meta Ads

After Meta Ads is connected, the agent can help with tasks like:

  1. Daily campaign reporting.
  2. Checking spend, CTR, CPC, CPM, and conversions.
  3. Finding campaigns with a sudden performance drop.
  4. Comparing ad sets and creatives.
  5. Preparing hypotheses for new tests.
  6. Generating briefs for creatives.
  7. Monitoring anomalies: overspend, zero impressions, lead drop.
  8. Preparing a weekly growth summary.
  9. Creating campaign drafts through the API.
  10. Automating the reporting workflow for a marketer or founder.

The best starting mode is to give the agent read-only access first. In other words: ads_read, without the right to change campaigns. Campaign management should only be enabled after testing and with human approval.

General flow for connecting Meta Ads to OpenClaw

The process looks like this:

  1. Create a Meta Developer account.
  2. Create an app in Meta Developers.
  3. Add the Marketing API.
  4. Connect Business Manager.
  5. Check access to the required Ad Account.
  6. Get an access token.
  7. Build the JSON config.
  8. Save the JSON in the OpenClaw environment.
  9. Verify the API through curl.
  10. Connect agent commands for reports and automation.

Step 1. Create an app in Meta Developers

First, you need to create an app in Meta for Developers. Meta states that creating an app is the first step for integrating with Meta products and APIs. (Facebook Developers)

The path usually looks like this:

Meta for Developers
→ My Apps
→ Create App

For an advertising integration, it is better to choose a business-oriented app type if Meta offers such an option in the interface.

You can use a simple name:

OpenClaw Meta Ads Automation

After creating the app, you will need:

  • App ID
  • App Secret

You can find them here:

App Dashboard
→ App settings
→ Basic

Step 2. Add the Marketing API

After creating the app, add the Marketing API product.

The path usually looks like this:

App Dashboard
→ Add Product
→ Marketing API
→ Set up

The Marketing API is needed to work with advertising objects: ad accounts, campaigns, ad sets, ads, and insights. (Facebook Developers)

Step 3. Check Business Manager and Ad Account

Before generating a token, make sure you have access to the ad account.

Check:

Business Settings
→ Accounts
→ Ad accounts

You need the Ad Account ID. It usually looks like this:

123456789012345

In the API, it is often used with the act_ prefix:

act_123456789012345

Also check that your user or system user has access to this ad account.

Step 4. Understand permissions

For a basic reporting agent, this is enough:

ads_read

This permission is needed to read ad statistics and use the Ads Insights API. (Facebook Developers)

To manage campaigns, you will need:

ads_management

It is needed to create, edit, and manage advertising objects. (Facebook Developers)

To work with business assets, you may also need:

business_management

But it is better to add it only if the agent really needs to work with Business Manager assets.

The minimum safe set for the first version of the agent:

ads_read

Extended set for automation:

ads_read
ads_management
business_management

If the app works only with your own ad account, standard access to ads_read and ads_management is usually enough. If the app manages other people’s ad accounts, broader access levels and review may be required. (Facebook Developers)

Step 5. Get a test User Access Token

For the first test, you can use Graph API Explorer.

Path:

Meta Developers
→ Tools
→ Graph API Explorer

Then:

  • Meta App: select your app
  • User or Page: User Token
  • Permissions: ads_read
  • Generate Access Token

Meta describes an access token as a string that identifies a user, app, or Page and is used to call Graph API. (Facebook Developers)

For testing, you can start with this request:

curl -G "https://graph.facebook.com/v25.0/me" \
  -d "fields=id,name" \
  -d "access_token=YOUR_ACCESS_TOKEN"

If the token works, you will get a JSON response:

{
  "id": "1234567890",
  "name": "Your Name"
}

Step 6. Check access to ad accounts

The next test is to get the list of ad accounts:

curl -G "https://graph.facebook.com/v25.0/me/adaccounts" \
  -d "fields=id,name,account_status,currency,timezone_name" \
  -d "access_token=YOUR_ACCESS_TOKEN"

Example response:

{
  "data": [
    {
      "id": "act_123456789012345",
      "name": "Main Ad Account",
      "account_status": 1,
      "currency": "USD",
      "timezone_name": "Asia/Baku"
    }
  ]
}

If the list is empty, the problem is usually in one of three places:

  • the token does not have ads_read;
  • the user does not have access to the ad account;
  • the app does not have the required access level.

Step 7. Get a System User Token for automation

A user token is suitable for testing, but for ongoing automation it is better to use a System User Token.

A system user is a technical user in Meta Business Manager. Meta describes a system user access token as an access token associated with a system user account created in Meta Business Manager. (Facebook Developers)

The usual path is:

Business Settings
→ Users
→ System Users
→ Add

Then:

Create System User
→ Assign Assets
→ Ad Account
→ Give required permissions

After that:

Generate New Token
→ Select App
→ Select permissions
→ Generate Token

For reporting:

ads_read

For management:

ads_read
ads_management
business_management

Important: save the token immediately. Do not publish it in GitHub, Notion, Google Docs, or Slack. It is secret access to the ad account.

Step 8. Build the Meta Ads JSON for OpenClaw

Now you can build a JSON file for the agent.

Create the file:

~/.config/openclaw/secrets/meta-ads.json

Example:

{
  "provider": "meta_ads",
  "graph_api_base_url": "https://graph.facebook.com",
  "graph_api_version": "v25.0",
  "app_id": "123456789012345",
  "app_secret": "YOUR_APP_SECRET",
  "business_id": "987654321098765",
  "ad_account_id": "act_123456789012345",
  "access_token": "YOUR_SYSTEM_USER_ACCESS_TOKEN",
  "default_fields": {
    "campaigns": "id,name,status,objective,effective_status",
    "insights": "campaign_name,spend,impressions,clicks,ctr,cpc,cpm,actions"
  },
  "safe_mode": true
}

File permissions:

mkdir -p ~/.config/openclaw/secrets
chmod 700 ~/.config/openclaw
chmod 700 ~/.config/openclaw/secrets

nano ~/.config/openclaw/secrets/meta-ads.json

chmod 600 ~/.config/openclaw/secrets/meta-ads.json

Step 9. Verify the JSON with a script

You can quickly check that the JSON is readable and the token works.

Example Python script:

import json
import requests

CONFIG_PATH = "~/.config/openclaw/secrets/meta-ads.json"

with open(CONFIG_PATH.replace("~", "/home/YOUR_USER"), "r") as f:
    config = json.load(f)

base_url = config["graph_api_base_url"]
version = config["graph_api_version"]
token = config["access_token"]
ad_account_id = config["ad_account_id"]

url = f"{base_url}/{version}/{ad_account_id}/campaigns"

params = {
    "fields": "id,name,status,objective,effective_status",
    "limit": 10,
    "access_token": token
}

response = requests.get(url, params=params)
print(response.status_code)
print(response.json())

If everything works, you will get a list of campaigns.

Step 10. Get a list of campaigns through curl

Command for checking campaigns:

curl -G "https://graph.facebook.com/v25.0/act_123456789012345/campaigns" \
  -d "fields=id,name,status,objective,effective_status" \
  -d "limit=10" \
  -d "access_token=YOUR_ACCESS_TOKEN"

Example response:

{
  "data": [
    {
      "id": "23850000000000001",
      "name": "Lead Gen Test Campaign",
      "status": "ACTIVE",
      "objective": "OUTCOME_LEADS",
      "effective_status": "ACTIVE"
    }
  ]
}

Step 11. Get advertising statistics

The insights endpoint is used for reports.

Example:

curl -G "https://graph.facebook.com/v25.0/act_123456789012345/insights" \
  -d "level=campaign" \
  -d "date_preset=last_7d" \
  -d "fields=campaign_name,spend,impressions,clicks,ctr,cpc,cpm,actions" \
  -d "access_token=YOUR_ACCESS_TOKEN"

Example response:

{
  "data": [
    {
      "campaign_name": "Lead Gen Test Campaign",
      "spend": "128.45",
      "impressions": "45231",
      "clicks": "621",
      "ctr": "1.37",
      "cpc": "0.21",
      "cpm": "2.84"
    }
  ]
}

After that, the agent can already run its first useful workflow:

Check Meta Ads for the last 7 days.

Find campaigns with high spend and low CTR.

Prepare a summary and suggest 5 optimization hypotheses.

Step 12. Connect the JSON to the OpenClaw agent

If the agent runs in an OpenClaw environment, you can give it this instruction:

Use the Meta Ads config from this file:

~/.config/openclaw/secrets/meta-ads.json

Work only in safe mode:

  • it can read campaigns;
  • it can read insights;
  • it can prepare recommendations;
  • it cannot change budgets;
  • it cannot turn campaigns off;
  • it cannot create campaigns without confirmation.

Minimum command for the agent:

Read the Meta Ads config.

Check access to the ad account.

Get a list of active campaigns.

Prepare a report for the last 7 days.

Safe policy for the AI agent

Meta Ads means real money. The agent should not get full control immediately.

Safe starting policy:

  1. The agent can read campaigns and reports.
  2. The agent can analyze spend, CTR, CPC, CPM, and conversions.
  3. The agent can prepare recommendations.
  4. The agent can create a draft of changes.
  5. The agent cannot change budgets without confirmation.
  6. The agent cannot turn off campaigns without confirmation.
  7. The agent cannot launch new campaigns without confirmation.
  8. The agent cannot change pixels, events, or billing settings.
  9. All actions must be logged.
  10. Any write action must go through human approval.

For the first version, it is better to use only ads_read.

What you can delegate to the agent after connection

1. Daily Meta Ads Summary

Check Meta Ads every morning for yesterday.

Show spend, leads, CPC, CTR, and CPM.

Mark campaigns where performance got worse.

Suggest 3 actions for today.

2. Weekly Growth Report

Build a weekly report for Meta Ads.

Compare the last 7 days with the previous 7 days.

Highlight winning campaigns, losing campaigns, and new hypotheses.

3. Creative Fatigue Detection

Find ad sets where CTR is falling and CPM is rising.

Suggest where creative fatigue may be happening.

Prepare a brief for new creatives.

4. Budget Risk Monitor

Check campaigns with a sharp increase in spend.

If spend increased but conversions did not, mark it as a risk.

5. Hypothesis Generator

Based on the last 14 days of performance, suggest 10 hypotheses:

  • audience tests;
  • creative angles;
  • offer tests;
  • landing page tests;
  • retargeting tests.

Common mistakes when connecting the Meta Ads API

Mistake 1. Confusing an API key with an access token

Meta Ads does not use a simple API key like this:

{
  "api_key": "..."
}

You need an access token with the required permissions.

Mistake 2. The token exists, but there is no access to the ad account

The token may be valid, but if the user or system user does not have access to the ad account, the API will not return the required data.

Mistake 3. Missing ads_read

For reports, ads_read is required. Without it, the Insights API will not work correctly. (Facebook Developers)

Mistake 4. Using a User Token for production

A user token is suitable for tests, but for a persistent server-side workflow it is better to use a system user token.

Mistake 5. Giving the agent ads_management immediately

This is risky. If the agent interprets a task incorrectly, it may change campaigns, budgets, or statuses. It is better to start in read-only mode.

Mistake 6. The token is stored in an open file

The file with the token must be stored as a secret:

chmod 600 ~/.config/openclaw/secrets/meta-ads.json

It must not be committed to a repository.

Why manual setup is difficult

On paper, everything looks simple: create an app, get a token, make an API request.

In practice, problems appear:

  • it is unclear which app type to choose;
  • it is unclear which permissions are needed;
  • a user token quickly becomes inconvenient for automation;
  • the system user does not have access to the ad account;
  • the ad account ID is used without act_;
  • the API version is outdated;
  • the app is in the wrong mode;
  • there is no advanced/full access for external accounts;
  • the agent was given permissions that are too broad;
  • write actions are not logged;
  • the token is stored insecurely.

That is why connecting Meta Ads is not just “getting a JSON.” It is a combination of a Meta Developer App, Marketing API, permissions, Business Manager, Ad Account, access token, server environment, and safety rules.

How GolemWorkers simplifies this

If you want to automate Meta Ads but do not want to manually set up a server, configure the environment, store tokens, write API requests, and assemble an agent runtime, you can use a ready-made environment.

On GolemWorkers, you can run AI agents in prepared infrastructure. Such an agent can work as an AI marketer: read advertising statistics, prepare reports, find problems, suggest hypotheses, and help manage the paid acquisition workflow.

Example workflow:

Every morning, the agent checks Meta Ads.

It collects spend, CTR, CPC, CPM, and conversions.

Then it prepares a summary:

  • what is working;
  • what has dropped;
  • where overspend is happening;
  • which campaigns need attention;
  • which hypotheses to test next.

The main value is not the API itself, but the fact that advertising operations turn into a managed process.

Conclusion

Connecting Meta Ads to OpenClaw through the Meta Developer JSON API requires several steps:

  1. Create an app in Meta Developers.
  2. Add the Marketing API.
  3. Get access to Business Manager and the Ad Account.
  4. Generate an access token.
  5. Build the JSON config.
  6. Save it in the OpenClaw environment.
  7. Verify /me, /me/adaccounts, /campaigns, and /insights.
  8. Set safe rules for the AI agent.

For the first version, it is better to start with ads_read and read-only reports. When the agent works reliably, you can carefully add write actions through ads_management, but only with human confirmation.

This turns Meta Ads from manual routine into a system: the agent monitors advertising, prepares reports, finds anomalies, and helps make growth decisions faster.