How to submit facebook app for review - facebook-graph-api

We’ve created successful a bot and also can test with page token generated from facebook developer portal (the token must contain page_messagaging permission to be able to send reply message).
But when we submit to facebook to review, it seems they use real account to test and the token doesn’t contain page_messaging permission. (log from our server says: {“error”:{“message”:”Unsupported post request. Object with ID ‘me’ does not exist, cannot be loaded due to missing permissions, or does not support this operation. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api”,”type”:”GraphMethodException”,”code”:100,”fbtrace_id”:”DPdtxdcTKaf”}})
The submission has been rejected 3 times now.
And have no solution now.
Anyone experience in this? Could you please help us resolve?
Really appreciate!

Related

AWS cognito verification link issue

I tried to signup with my email using aws cognito. I received the email verification link and when i clicked on it says 'Invalid link provided, please request a link again'. But when i tried to login it was successful. Why is it happening.
This could be caused by your Email provider visiting links before presenting the email to you. For example Outlook has something called Safe Links. This will cause the verification link to be consumed before you have a chance to click it.
I had the same issue and after about a day of debugging I reached out to AWS Enterprise Support. Outlook Safe Links is something they mentioned within a few minutes of chatting. If you are a part of a larger organization it is probably unfeasible to have it disabled. You can try signing up with a different Email Provider such as Gmail and see if the links are untouched.
I offer no solution to the problem, just a possible explanation.

What does it mean "error_subcode": 33 in the facebook response error?

Does anybody know what does it mean error_subcode: 33 in the facebook response error? I know it's related to a mission permission but I want to be 100% sure.
We received the following error:
{"error":{"message":"Unsupported get request. Object with ID 'XXXX'
does not exist, cannot be loaded due to missing permissions, or does
not support this operation. Please read the Graph API documentation at
https://developers.facebook.com/docs/graph-api","type":"GraphMethodException","code":100,"error_subcode":33,"fbtrace_id":"BRwGjA9kkKU"}}
But in the Facebook API documentation about Graph API https://developers.facebook.com/docs/graph-api/using-graph-api/ , I cannot find error_subcode with value 33.
I want that I can rely on this subcode to verify that I don't have permissions to get the resource from Facebook API because I don't want to rely on the error message.
Here is the Facebook bug portal link to the similar issue:
https://developers.facebook.com/bugs/316526372199563/
The gist of it is:
these users registered for Facebook/Messenger using their phone number and such users are not yet queryable by the API. This is on the roadmap for the API, please keep an eye on our changelog for when this goes live in a future version: https://developers.facebook.com/docs/graph-api/changelog"
I can't offer a definitive solution, as there seem to be multiple possible causes. However, I encountered this today and wish to offer this possible cause.
If you are encountering this error when you are testing your Facebook TEST app, it might be related to the fact that you're in TEST app mode.
In my case, I worked on implementing Facebook login for a while. When my partner joined in development, he couldn't log in in his development environment. He got the error you mention for the 'me' endpoint:
{
"error": {
"message": "Unsupported get request. Object with ID 'me' does not exist, cannot be loaded due to missing permissions, or does not support this operation. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api",
"type": "GraphMethodException",
"code": 100,
"error_subcode": 33,
"fbtrace_id": "____"
}
}
This had actually already been deployed and tested to our production environment, where we are both able to register and log in just fine.
After I added him as Administrator to the Facebook TEST app, the issue resolved and he could register and log in on his own development environment.
So, you may want to check if this is applicable to you. An easy way to check is to use the keys for the real app in your development environment.
Error subcode 33 information as per Facebook official documentation:
Error code 100, subcode 33
Unsupported post request.
This error may occur if your access token is not added as a system user with appropriate permissions to the ad account that owns a Custom Audience. Verify the ad account in Business Manager and verify all system users appear under the ad account as Admin:
Click on Business Settings
Click the ad account
Select Add people
Search for system user and add them as Admins
Retry your API call
Here's the link to the Facebook marketing API error reference.
https://developers.facebook.com/docs/marketing-api/error-reference/
This contains the resolution for error 33 along with all the other errors.

Cannot retrieve image in browser when using OAuth token and Jira

I am building a frontend client for Jira and am running into some conflicting authentication methods I think.
I have setup the OAuth2 authentication method for logging in and hitting the Jira API. I have a button on a login page that redirects to Jira, you log in, hit "allow" and are redirected to my app. This step completes fine, I have a token and a secret and can make api calls just fine.
Next, I make an api call to get the user data, which returns fine. One of the pieces of data is a set of avatar urls. I put one of the urls into my site's markup. Here is where the problem begins.
If my browser session that I used to login is still active, I get an avatar. BUT if not, I get an "anonymous" avatar from Jira.
All the while, my OAuth token/api calls all seem to return fine.
This makes sense as Jira is using cookie based auth and I am not. So if that cookie dies in my browser, the call to the image will fail.
My ultimate question is how to handle this? Is this my responsibility to put an expiration on the token? What happens if they select "Stay logged in"? I don't think I get that knowledge on the OAuth side.
I kind of feel like I am missing something but I cannot figure out what. This seems like a problem that has been fixed or isn't even really a problem.
One solution would be just to switch to a cookie based authentication but OAuth seems more secure.
I've also tried directly hitting it from my server but that also yields an anon avatar. As does a curl with the access token. Maybe I didn't provide it in the correct way?
Any thoughts or ideas on this would be greatly appreciated. Thanks in advance.

Access Facebook page statuses with an app access token

Reading the API docs (https://developers.facebook.com/docs/reference/api/page/) I assumed that in order to read a public pages status updates, I would require "any valid access_token or user access_token" (quoting the docs here).
However, if I try to get the status updates for the public page, using my app access token, I receive the following response: "A user access token is required to request this resource"
GET 20531316728/statuses?access_token=myappaccesstoken
So, my question is if the docs are just plain wrong, I'm doing something wrong or whatever?
There is a clarification that needs to occur by Facebook [1]. The docs are either outdated or Facebook has changed their mind on handling these updates which is interesting seeing that
GET /PAGE_ID/feed?access_token=myappaccesstoken
Works (and holds all the statuses). I was told by someone in IRC #facebook that maybe the statuses call is more expensive (Not too bought on this idea).
My current stance is that either
any valid access_token or user access_token was supposed to imply those excluding app tokens
Facebook realizes that one can bypass the OAuth Flow by using an app token on pages when Facebook desired some form of authentication.
In the end, these are all assumptions.
I haven't been able to get a clear answer out of any Facebook employee as to whether this is indeed a bug or an intentional removal of this feature.
[1] - http://developers.facebook.com/bugs/480742545315442

Offline_access and Api-Key confusion

I've tried do develop automatic code that would fetch data from ads campaigns under account. My plan is to have server that would query every day to get data from impressions/clicks/costs of ads and save it for later use.
I use https://developers.facebook.com/tools/explorer to get access_token for getting data (insights) from those campaign pages but when I log out to try offline_access it tells access_token is old, cause of password change or access_token getting outdated.
Isn't the whole point of offline_access to grant acccess when user is not logged in?
And besides that.. what's with most of my calls ending having reply as follows:
"(#294) Managing advertisements requires the extended permission ads_management, and a participating API key"
I've given access_token that has ads_management, but I have no idea what this Participating Api key even means. Do I need to add this to url call or something? Where do I get this Api Key?
Edit: I want to be able to get data from add campaign pages, so I'm not talking about Apps in page
You will want to read up on the deprecation of the offline_access here: https://developers.facebook.com/docs/offline-access-deprecation/
But most importantly follow the guide here on how to handle invalid access tokens:
https://developers.facebook.com/blog/post/500/
You app is to monitor the error messages coming back from the API and handle it gracefully.
I have the same issue and I found this bug can be reason of our problem. It's already accepted and assigned, but still not solved. I hope it's really bug and not a secure hole, that was closed :)