My application use facebook authentication to ask the user permissions to manage his ads. i use the following scope:'public_profile,ads_management,ads_management'
but in the login window it shows only public profile which will an invalid access token for the ads management.
have a look at this answer https://stackoverflow.com/a/25901780/5410373
the ads_management extended permission is only granted to whitelisted apps. So if the Graph endpoint you're hitting requires that permission then you'll have to get your app approved. Check out the getting started overview https://developers.facebook.com/docs/reference/ads-api/overview
and this answer : https://stackoverflow.com/a/24753070/5410373
All permissions except
public_profile
user_friends
email
require a review of your app by Facebook before you can use them publically. See https://developers.facebook.com/docs/apps/review/login#do-you-need-review
Related
I'm trying to run the following:
<my_insta_fbid>?fields=business_discovery.username(<business_page>)
on https://developers.facebook.com/tools/explorer
But I'm getting an error (#10) permission denied
My app is approved for instagram_basic, User Token also includes it
Business verification is passed too
I have Instagram Graph API and Instagram Basic Display products included
Instagram account is connected to my fb that generates user token(but created separately)
Insta account I use is included into Instagram Basic Display
Of course, I use and request instagram business accounts
I tried both Live and Development app modes
All the other requests related to <my_insta_fbid> like name or biography work. The only that fails is business_discovery
What else am I missing?
I found it!
My tests have shown that I was missing the instagram_manage_insights permission.
I didn't find any mentions of this in the documentation but it worked in my case
I have approved access to Facebook user_videos permission. This is supposed to give me access to the user/live_videos endpoint. However when my users hit this endpoint the exception is returned from Facebook.
(#10) To use live-video-api on behalf of people who are not admins, developers and testers of your app, your use of this endpoint must be reviewed and approved by Facebook. To submit this feature for review please read our documentation on reviewable features: https://developers.facebook.com/docs/apps/review
If I hit this endpoint with my account I can access my live video just fine. But not with other users who have authorized access to the user_videos permission.
Approved permission
Why would I not be able to access the users live videos using $fb->get('/{user-id}/live_videos'?
Instead I get the exception.
I am using Facebook Ad Api to create ads. How ever when i grant a user Administrator Role (1001) with the following api call:
https://graph.facebook.com/v2.5/<AD_ACCOUNT_ID>/users?role=1001&uid=xxxxx
it successfully creates the user, and when i get all the users using the following request:
https://graph.facebook.com/v2.5/<AD_ACCOUNT_ID>/users
it successfully returns the array as:
"{"data":[{"name":"firstname lastname","permissions":[1,2,3,4,5,7],"role":1001,"id":"101xxxxxxxxxx352"}}"
but when i try to create an Ad campaign or Adset with the newly added user the following exception is thrown:
[FacebookAds\Http\Exception\AuthorizationException]
(#272) This Ads API call requires the user to be admin of the application. User 16xxxxx351 not admin or developer for application 109xxxxxxxx0403.
And when i go to my app and assign the user with an Administrator or Developer Role, I can make requests successfully.
Why is facebook not allowing a user created with administrator role from the api not make api calls to its Ad Api ? And why does it allow when the user is granted Administrator/Developer role make requests ?
This is because the objects you can promote are not based upon an adaccount but are based upon your user.
You can see the connection objects a user has access to by make the following request:
<API_VERSION>/act_<AD_ACCOUNT_ID>/connectionobjects?access_token=<ACCESS_TOKEN>
The documentation states:
this call returns the IDs of all objects for which the current session
user is an administrator, and the IDs of apps for which the user is
listed as a developer or advertiser.
If you don't want to make additional administrators for your app, you can create system user in Facebook Business Manager, grant him administrator (or even advertiser) rights for Ad Account.
https://developers.facebook.com/docs/marketing-api/business-manager-api
And use his token to manage ads. In my case I used it to retrieve targeting of ads, to find where leads came to lead form from.
https://www.facebook.com/marketingdevelopers/videos/vb.606699326111137/883648801749520/
I really surprise when use http://www.friend.ly site. I'm login Facebook and after go to http://www.friend.ly. I'm surprise because I don't confirm extended permission but this site can get email, address... Any ideas?
My Information
Information get from friend.ly site
They are using the Facebook Registration Plugin which basically renders an iframe from Facebook's server. Due to cross-domain browser restrictions, they can't actually access any of that data until you submit the form by clicking the register button.
If you read the section on the Graph API documentation about authorization you'll see that if they're using an OAuth 2.0 access token then they can retrieve any information that you have publicly available without your authorization. You can see the examples below.
The Graph API as such allows you to easily access all public information about an object. For example, https://graph.facebook.com/btaylor (Bret Taylor) returns all the public information about Bret. For example a user's first name, last name and profile picture are publicly available.
To get additional information about a user, you must first get their permission. At a high level, you need to get an access token for the Facebook user. After you obtain the access token for the user, you can perform authorized requests on behalf of that user by including the access token in your Graph API requests:
https://graph.facebook.com/220439?access_token=...
For example https://graph.facebook.com/btaylor?access_token=... (Bret Taylor) returns additional information about Bret Taylor.
The Graph API uses OAuth 2.0 for authorization. Please read the authentication guide which provides details of Facebook's OAuth 2.0 implementation, how to request permissions from a user and obtain an access token.
Getting an access token for a user with no extended permissions allows you to access the information that the user has made available to everyone on Facebook. If you need specific information about a user, like their email address or work history, you must ask for the specific extended permissions. The reference documentation for each Graph API object contains details about the permissions you need to access each connection and property on that object.
This quote is from the facebook documentation located here:
https://developers.facebook.com/docs/reference/api/
I was reading about FB Graph API in this page. Please see the section Authorization
They say that
At a high level, you need to get an
access token for the Facebook user.
I am confused. How do i get the logeed in users access token in my website
https://developers.facebook.com/docs/reference/api/
You don't get a logged in user's access token. Once a user is authenticated, you receive an access token to be able to see/manipulate that user's data, depending on what permissions you have requested from that user.
This is well documented in the "Authentication" section of the developer documentation: https://developers.facebook.com/docs/authentication/