I want to use the FacebookClient to post a message on my own site. I need to have a user access token (no expiration). That's possible with the Grpah API explorer. The token need the publish_pages en manage_pages permission.
But since 1 may it is not possible anymore to get this permission without review. I understand that a review is needed now when anyone has to post on my business facebook, but in my case, only I need to post the message. How can I get this without reviewing?
Related
I am posting to a facebook page I manage using facebook API. Till yesterday I was able to post using facebook graph API. Suddenly I started seeing the permission issue for publish_pages permission. It is as if this specific permission has been revoked from the token (I verified using token debugger). When I try to generate a new user access token with relevant publish_page permissions, I do not see the permission for publish_page in the graph explorer.
The token I was using was generated using user access token with relevant permission to get a token for page.
From doc I see that we do need App review for publish_page permission. But so do we need it for manage_page permission. My token has manage_page permission and I can see option for this manage_page permission in graph explorer when I generate user access token.
I see option to get publish_page permission when I try to generate token for page. But when I try to select the option I get below error:
Invalid Scopes: publish_pages. This message is only shown to developers. Users of your app will ignore these permissions if present. Please read the documentation for valid permissions at: https://developers.facebook.com/docs/facebook-login/permissions
Do I need to get my app verified before I can post to page I manage?
What else can I try?
There is a bug report about this: https://developers.facebook.com/support/bugs/2261820083829739/
I still get an error for one of my Apps that was working before, so I can confirm that it is still not fixed:
Invalid Scopes: read_page_mailboxes, instagram_basic,
instagram_manage_insights
Edit: Just found another bug report about it: https://developers.facebook.com/bugs/600976503711113/
I am using PHP for accessing Facebook friends location. I want to access location of all friends. I read that it requires "access tokens" to get client's public information from here
https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
and here
https://www.sammyk.me/access-token-handling-best-practices-in-facebook-php-sdk-v4
Is that token will be provided by Facebook at that instant of time or my app needs to wait till friend's approval.
I saw this post on stack overflow: How to get user access token?
But i still i can't figure out what if friend is offline. How that token will be passed to my application?
Or is it like that "Tokens are generated by Facebook at time when my application made the request but i can only access the user information later using the same token if he has given permission (when he gets logged in)".?
I am unable to find any explanation regarding this.
Thanks.
You can´t get the location of friends at all. Friend permissions have been removed for privacy reasons, you can only get data of users who authorized your App too. Check out the changelog for more information: https://developers.facebook.com/docs/apps/changelog
That being said, there are different Access Tokens. You can get an App Token without authorization, but you need to implement an authorization process for User or Page Tokens.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
I have an application, that runs on server. On that server is background task, that will post status update on few social networks (Facebook, Twitter, G+). It must be completely server-side.
In Twitter API I'm able to use OAuth header to authorize API request. OAuth HTTP header uses consumer key, consumer secret, access token and access token secret to create the header. With this I'm able to post/update/delete tweets with no user interaction.
How can I do this for Facebook? I found a solution to obtain a long-lived access_token (2 months), but we don't want to regenerate access_token every 60 days. We want to use it for manage our Facebook page - post status updates, but completely server-side.
Am I able to do this for Facebook? Thanks for answers.
PS: I searched stackoverflow hundred-times but with no solution for my problem.
Thanks.
It is not possible for User Access Tokens (they can only be extended to 60 days and need to be refreshed by the user after that), but for posting to a Page you should use a Page Token anyway. An Extended Page Token is valid forever.
Here are some Links to help you get that Extended Page Token:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/
http://www.devils-heaven.com/extended-page-access-tokens-curl/
A Page Token will post "as Page" btw, but that´s probably what you want. And auto-posting on user profiles is not really allowed anyway, every message has to be 100% user generated and every posting should get authorized by the user.
Pay attention to Access Tokens Expiration & Extentions.
The Page Access Token could be a good solution to only server side calls for testing and data analysis purposes.
Take your User Access Token from Graph API Tool
Extend your User Access Token
Call https://graph.facebook.com/v2.11/me/accounts with your user access token extended
*all calls are GET and this procedure does not use APP Access Token.
My app got white-listed for using the Ads API.
I was wondering in regarding to the authentication flow.
Say, that I need to retrieve and execute actions via the API on daily tasks ( with no user interaction) , I find the authentication process quite cumbersome.
Is there a way to work with my app access token instead of a user access token?
I want to be able to approve my app only once for each user and then to be able to work with no user interaction.
Can I achieve this?
App access token is not relevant for this case.
I had to work with the user access token.
I followed this doc: https://developers.facebook.com/docs/reference/ads-api/
Eventually , one should use some client side code in order to get a user permissions and then make another request for getting the user token.
So you'll have to call
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=ads_management,offline_access&response_type=code
Get the authentication code and make another call:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=AUTHORIZATION_CODE
Then you'll get an access token which is valid only for two months, in opposed to what Facebook docs says in here:
https://developers.facebook.com/roadmap/offline-access-removal/
"Ads APIs are special cased to allow collection of statistics offline. PMD partners should use server-side OAuth flow in order to receive a non-expiring token rather than a token that has longer expiration time."
Too bad that the access token is not really valid forever...
According to "Exception 4" in this document , if you have Ads API access you should be able to get a non-expiring token if you use the correct workflow. Following the guidelines outlined here, if you use the server side OAuth flow, to make the following request you should get a non-expiring token:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
thx for the feedback regarding the Access token process being cumbersome. Because this is a one to many solution - a single App ID can manage multiple ad accounts, on behalf of multiple people - we need to make calls on behalf of people.
You should be able to get a persistent access token for Ads API. If you are not getting it, please provide exact steps you are following so we can see if there is a bug or you might be missing a step.
Thx.
I've tried do develop automatic code that would fetch data from ads campaigns under account. My plan is to have server that would query every day to get data from impressions/clicks/costs of ads and save it for later use.
I use https://developers.facebook.com/tools/explorer to get access_token for getting data (insights) from those campaign pages but when I log out to try offline_access it tells access_token is old, cause of password change or access_token getting outdated.
Isn't the whole point of offline_access to grant acccess when user is not logged in?
And besides that.. what's with most of my calls ending having reply as follows:
"(#294) Managing advertisements requires the extended permission ads_management, and a participating API key"
I've given access_token that has ads_management, but I have no idea what this Participating Api key even means. Do I need to add this to url call or something? Where do I get this Api Key?
Edit: I want to be able to get data from add campaign pages, so I'm not talking about Apps in page
You will want to read up on the deprecation of the offline_access here: https://developers.facebook.com/docs/offline-access-deprecation/
But most importantly follow the guide here on how to handle invalid access tokens:
https://developers.facebook.com/blog/post/500/
You app is to monitor the error messages coming back from the API and handle it gracefully.
I have the same issue and I found this bug can be reason of our problem. It's already accepted and assigned, but still not solved. I hope it's really bug and not a secure hole, that was closed :)