I'm currently toying with the Facebook Graph Api and have been able to get some interesting results, I would like to be able to post to one of my Facebook App users pages. They have authenticated the app and confirmed the ability for my app to be able to post on there wall. I know there is the can_post check using FQL, but I haven't seen any information on this using the Graph API. Is there a possible check to make so I can see if I have the ability to post on there wall?
can_post
https://developers.facebook.com/docs/reference/fql/user/
This settings is actually a setting of the timeline:
This setting only affects the viewers of the specific timeline and does not apply to the owner of the timeline.
can_post - bool - Whether or not the viewer can post to the user's Wall
Beyond this settings, by authenticating an application and giving it certain publishing permissions, the application, using it's per-user per-app access token will be able to perform actions on behalf the actual user. Actions will be attributed to the user even though it is the application that initiated and published these stories.
To answer what I assume is your underlying question - your application, given the appropriate permissions, will always be able able to publish a story to the users timeline. The act of giving an application any permissions is the same as allowing the application to act as you and access everything you would be able to access. This includes posting a story to your own timeline (even if no other user would be able to).
Related
I'm trying to build a prototype which collects and analyses comments from Instagram. This can seemingly only be done with the Instagram Graph API. So to prototype and test I need:
A business IG account connected to a Facebook account (the account to access and read the comments of)
A Facebook App configured to access IG accounts (the account/app which gets authenticated to access the IG account)
However, this App needs to go through a verification process for each of the permissions required. The process apparently takes up to 5 days and needs a Privacy Policy on a website (neither of which I have yet).
This is a lot to do considering it is just a prototype/PoC to establish feasability and get better acquainted with using/testing the API and data.
Does anyone with experience working with the Instagram Graph API know whether I am over-thinking or misread what is required here? Or do you have to go through this before being able to access IG account comments?
I would like to access other users public data to show in my website when they configure the page by their username/id.
It means I will create an app on FB/Instagram side and with the help of this app's access token I would like to fetch public data of other user.
Is this scenario valid now? Earlier it was possible but I am not sure now with changes in policies. Even the documents are not clear enough which can say it's possible or not?
Has anyone tried this out recently?
Users: Only data of users who specifically authorized your App is available, depending on the authorized permissions. It does not matter if data of user profiles is public or not, you have to get permission from each user separately.
Pages: If you want to get data of pages you don´t own, you have to go through a review process with your App to get access to "Page Public Content": https://developers.facebook.com/docs/apps/review/feature/#reference-PAGES_ACCESS
That´s for Facebook, about Instagram you can just hit the docs (as well): https://developers.facebook.com/docs/instagram-api/business-discovery
My number one recommendation, in this case, is Facebook API or Instagram API from Data365. I may be considered biased since it is the tool I work for, but it is really a reliable tool you can get public profile data by users ID or username.
Of course, you can use the official Facebook/Instagram APIs for searching all public objects (post, user, page, event, group, place, check-in). But note, the official API has a number of restrictions. Andyrandy has already described them in his answer. Compared with official APIs, we do not have such restrictions.
Besides, our APIs provide such unique features as gender and age recognition (via face photos) along with identification of post reactions that give a competitive advantage in obtained analytics. Data365 APIs also enable developers to create monitoring tasks for a one-time or auto data update. And above all, we do not break the law but only provide web scraping within the legal framework.
When first time a user logged in through Facebook Graph API APP, whether any auto post will be triggered to others wall on user's behalf regarding new APP first Login?
APP is given permission to read_stream, publish_actions.
That is not allowed and not possible for many obvious reasons:
You are not allowed to autopost, not even on the wall of the authorized user. Every single post has to be approved by the user.
You are not allowed to prefill the message, it must be 100% user generated.
You can´t post to the wall of friends (anymore), that would be spam anyway.
...also, you will not get read_stream approved, but you would not need that permission for posting anyway:
This permission is granted to apps building a Facebook-branded client on platforms where Facebook is not already available. For example, Android and iOS apps will not be approved for this permission. In addition, Web, Desktop, in-car and TV apps will not be granted this permission.
Source: https://developers.facebook.com/docs/facebook-login/permissions/v2.2#reference-read_stream
Don´t create spammy Apps. User friends don´t care if the user just started using your App. You may want to read this too: https://developers.facebook.com/docs/apps/faq#invite_to_app
I am building a website that will require the user to provide permission for us to post a story back to the users wall when the user takes an action on my website. I would like the story to include a link back to my website so that friends can see the actions taken.
I am not sure of the correct permissions because I cannot get a link back to my website from the story post. I saw publish_stream, but that appears to be old now. Any pointers to FB policy and documentation would be appreciated. I
Instead of making stream posts, you should instead use Open Graph actions, which will give you a much better result and feel less 'spammy' to your users. I can't post code that will do this for you as it would need to fit into your existing setup, however it is a relatively simple process, which is well documented (https://developers.facebook.com/docs/opengraph/actions/):
Auth users by prompting them to give publish_actions permission and any other permissions your app might need.
Store the users access token in your database (not necessary if you're using the client-side Javascript SDK, but you might want to do it anyway)
Setup your Open Graph Actions and Objects in the Developer Dashboard.
When a user performs a relevant action in your app, make a simple Graph API call to the following endpoint:
https://graph.facebook.com/me/YOUR_APP_NAMESPACE:YOUR_ACTION? YOUR_OBJECT_TYPE=YOUR_OBJECT_URL&access_token=YOUR_ACCESS_TOKEN
Done.
You can add extra elements to the action, such as action links, however the basics are outlined above. Once you've performed those steps, the user will see something like this on their Timeline:
The part that says 'on NYCCookbook' is customisable and clicking on most parts of this story will bring Facebook users back to your site. There are many benefits you can get if you implement this all correctly.
Is it possible to ban users from using a Facebook application?
I'm not talking about the canvas or the discussions board (which is what I've found by looking around), but the application itself, that is, causing errors or preventing actions whenever the user tries to use the Graph API (in my specific case, an Android app that uses the Graph API to provide some features).
The scenario I'm envisaging is something like this:
user authenticates app to use its features and gets the access_token;
user uses the Graph API according to the app permissions;
user someday does something he shouldn't;
user is banned and, even if the access_token is still valid, Graph API requests fail, and will always fail even when deauthorizing and authorizing the app again.
Is this possible using the Graph API or the developers app console on Facebook, right now, or is there really no way to prevent users from misusing your application? I guess I may do something "out of band" to enforce this somehow, but being able to do it at the Facebook level as well would be much more effective and harder to circumvent.
See https://developers.facebook.com/docs/reference/api/application/
Use the 'banned' connection of the Application object to ban specific users from your App - you'll need the App access token to do this
Just create a blacklist of specific Facebook User IDs, and check the user's ID against the blacklist when they log into your app.
If the blacklist matches, show a message telling them that they are banned and don't allow access to any functionality.