I've come on to help a company out at the last minute after a developer bailed, and I'm left with some annoying quirks. I'm also very green when it comes to Facebook API. I don't have all the history, but here are the facts as I know them:
I've got a Facebook application that is used by a single Facebook account. This Facebook application reads public content of various pages (pages of clients, to be more specific) on Facebook (specifically follower and like counts). Periodically on a web server, we get these numbers and update our records for said clients.
Now, this application has executed fine for months. For security reasons, we changed the password for the Facebook account associated with this Facebook app. After recreating the access token, I started getting the following error:
To use 'Page Public Content Access', your use of this endpoint must be reviewed and approved by Facebook. To submit this 'Page Public Content Access' feature for review please read our documentation on reviewable features: https://developers.facebook.com/docs/apps/review.
My question is, why now? Why did a password reset cause this? Was this app originally grandfathered into not needing to be approved, and now that a password has been reset the app needs to be reviewed? In looking at the app's permissions it does seem it wasn't approved for this feature.
The reason I'm asking is if there's some other reason why this restriction was suddenly added, I'd like to know. Perhaps it's only applicable for certain scenarios and by updating the access token I inadvertently requested some feature the previous app never did?
Thanks.
There is no way to access public pages you do not own without getting "Page Public Content Access" approved now, this was changed a while ago already. So you are probably right, it may have worked only because of the old Token.
There are two ways to solve this:
Get Page Public Content Access approved by Facebook
Use a Page Token for all the Pages - you can only get it by having a role in the Page
Related
Is there a way to test an app implemented Facebook Graph API required Page Public Content Access permission?
I was testing the {page_id}_{post_id} endpoint in Facebook Graph API Explorer to get a post, but got the error message:
This endpoint requires the 'pages_read_engagement' permission or the 'Page Public Content Access' feature. Refer to https://developers.facebook.com/docs/apps/review/login-permissions#manage-pages and https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS for details.
This error applies to both random pages and pages that I own. I couldn't use it at all. The app I've planned to do is mostly based on Facebook posts so I may say this is it's the main function, so I just can't have the app reviewed until I can test this endpoint successfully.
What can I do to make it work? Any help would be appreciated!
It turns out I chose the wrong type to create my facebook app. I chose to create a "Business Connected Experiences" app instead of a "Manage Business Integrations" one, so I couldn't fully access to the permissions I need to query on my own page. The former only doesn't provide me the pages_user_read_content and the likes, so it was unable for me to read comments from posts. Besides, I also use an user token instead of a page token (Thanks Lars for pointing this out for me).
So, I just create a new app with the right type and everything turns out well.
Hope this will help someone someday.
I started to work at a company and I was given the task to use graph API to get a given sites public posts and its reactions and make statistics saved to a database, using nothing personal, only the things everyone can see. I need Public Page Content Access to do so but I must submit it for review which I can't because I need a feature for it which I can't develop because I need PPCA and so on...
However ( if I understood it correctly ) it was written if "My app" has someone who has the role of admin on that given page and is tester/developer/administrator then I can freely access that pages content without submitting. And this parameter checks, but the graph request still gives me this error:
https://graph.facebook.com/v3.2/page-id-with-admin-in-app-project-as-admin-too/feed?access_token=access-token
(#10) To use 'Page Public Content Access', your use of this endpoint must be reviewed and approved by Facebook. To submit this 'Page Public Content Access' feature for review please read our documentation on reviewable features: https://developers.facebook.com/docs/apps/review."
Did I miss something? Or should it be submitted anyways?
Apps are no longer being reviewed, but I need a permanent access token for a current project.
Does anyone know how to extend the access token. The current "extend access token" button that extends the token by 60 days results in this error. As does any request with an "unverified" app id.
facebook.GraphAPIError: (#200) Access to this data is temporarily disabled for non-active apps or apps that have not recently accessed this data due to changes we are making to the Facebook Platform. https://developers.facebook.com/status/issues/205942813488872/
According to Facebook:
"Beginning April 4, 2018, all apps, including those formerly approved,
must undergo App Review in order to gain access to the Events API,
Groups API, and Pages API. Apps accessing the Events API and Groups
API will lose access and require review once App Review resumes. For
apps using Pages API, review will be required once App Review resumes
or access will be removed."
You can read more about it here:
https://developers.facebook.com/docs/apps/review
https://developers.facebook.com/docs/graph-api/changelog/breaking-changes/?translation&hc_location=ufi#groups-4-4
Regarding the error that you receive, I currently have two applications. One which I've been using regularly and one that I haven't used for the past 6 months.
If I send a request to extend my token for the latter one, I receive the same error (which makes sense according to the error message), but if I send a request with the first one, I am able to extend the access token and get the expected response.
Please update us, once the problem is getting solved, let me know how much time Facebook team is taking to review.
My app integrates Facebook login with the following permissions :user_education_history and user_work_history. The app was working just fine until today morning when I attempt to login I get the following error:
invalid scopes: user_education_history, user_work_history. This message is only shown to developers other app users will ignore these permissions if present.
I went through the docs and I discovered that they were deprecated on the 4th of this month but I cannot seem to find the new permissions for the education and the work history ... any help ?
Facebook is removing access to a lot of things as a result of recent negative press surrounding data mining of their users. In almost all cases the information is simply no longer available, there is no alternative method to access it.
More information is available in the Facebook developer blog:
https://developers.facebook.com/blog/post/2018/04/04/facebook-api-platform-product-changes/
https://developers.facebook.com/blog/post/2018/04/24/new-facebook-platform-product-changes-policy-updates
Note that the message you mention is only shown to Facebook accounts with developer credentials. Regular Facebook users don't see this message and the Facebook API simply ignores requests for scopes which are no longer allowed. If the data being requested are optional in the context of the app, you should create a test Facebook account and see how it behaves when requesting the data doesn't return anything (or causes unexpected errors).
With the new deprecated offline_access method, how can one have a token that survives logouts?
Basically, I made a plugin that allows WordPress users to publish their posts to Facebook. So when a user makes a post, it auto-publishes.
In testing with the new lack-of-offline_access, it appears that if the user logs out of Facebook, this breaks the connection on the site by invalidating the saved access token.
How can I detect that and refresh the token? Does the user need to go back and do it manually? Or can I properly automate this?
Seems to me like Facebook hasn't fully thought this one through here.
...it appears that if the user logs out of Facebook...How can I detect that and refresh the token?
From: https://developers.facebook.com/docs/offline-access-deprecation/
Handling expired tokens, user password changes, uninstalled apps, and user logout
Regardless if your app requested the offline_access permission, apps
should gracefully handle an expired access tokens in situations where
a user changes their password, deauthorizes an app, or logs out. More
information on these cases including a simple code solution that leads
to a uniform user experience can be found in this blog post.
This is what you will get if the user logs out of Facebook. From a blog post from May 2011: https://developers.facebook.com/blog/post/500/
{
"error": {
"type":"OAuthException","message":"Error validating
access token: The session is invalid because the
user logged out."
}
}
EDIT
Otto says in comments:
You keep saying "your app" but you need to understand that I don't
have an App. The user is creating their own app for their own site.
It's their app, and having it suddenly unable to do what they want it
to do is kinda crap. This is why this feature isn't fully thought out.
Basically, you're saying that nobody with a website can ever log out
of Facebook or their website will stop being able to publish to
Facebook. Not a good design.
Dmcs replies:
If it's not your app, what do you can how they manage their app.
Stackoverflow is not a place for "what-if" questions.
I'm voting to close this question based on this what-if, and that the answer cannot be answered with facts and that the question would lead to debate. Stackoverflow is not a place for debate.