The Developer Roadmap states in the Graph API search changes paragraph:
User access tokens will be required for all search Graph API calls except Posts, Places and Pages. App access tokens may also be used for Post search Graph API calls. Places and Pages search Graph API calls will still require an App access token. Search for Applications will no longer be supported.
But this Developer Blog Post says in the Graph API search changes paragraph:
App access tokens will be required for all search Graph API calls except Places and Pages. Search for application will no longer be supported.
So the first says that I will not need an User access token to search for posts (but I may use an App access token if I want to). And the second says that I need to use an App access token. I'm confused. Which one is correct?
There are a few things regarding the search API that I would like to mention to clear your confusion.
You can use the User Access Token for the Graph API search, for all types of nodes like Post, Places and Pages and retrieve the User's view of the result which might differ from other two cases. The difference arises basically from the permissions that other have for the respective User. I would recommend this over the others basically because the result might be more User respective.
You can use App Access token to get the Public view of the data from the Graph API Search. The data retrieved might be different or same as the other cases. Using this is a best thing to do in case of doubt over what access token is to be used.
To complicate the things further, you may even get away using Graph API search without any access token (Sample request /search?type=post&q=video). Although this is highly not recommended because Facebook might just change the API anytime requiring further changes in your app.
So in short use User Access token if you would want User view of data or if you just want public data for some statistics etc. you may use App Access token.
And to answer your question You will be required to use the App Access token after July 10,2013
Related
I would like to access other users public data to show in my website when they configure the page by their username/id.
It means I will create an app on FB/Instagram side and with the help of this app's access token I would like to fetch public data of other user.
Is this scenario valid now? Earlier it was possible but I am not sure now with changes in policies. Even the documents are not clear enough which can say it's possible or not?
Has anyone tried this out recently?
Users: Only data of users who specifically authorized your App is available, depending on the authorized permissions. It does not matter if data of user profiles is public or not, you have to get permission from each user separately.
Pages: If you want to get data of pages you don´t own, you have to go through a review process with your App to get access to "Page Public Content": https://developers.facebook.com/docs/apps/review/feature/#reference-PAGES_ACCESS
That´s for Facebook, about Instagram you can just hit the docs (as well): https://developers.facebook.com/docs/instagram-api/business-discovery
My number one recommendation, in this case, is Facebook API or Instagram API from Data365. I may be considered biased since it is the tool I work for, but it is really a reliable tool you can get public profile data by users ID or username.
Of course, you can use the official Facebook/Instagram APIs for searching all public objects (post, user, page, event, group, place, check-in). But note, the official API has a number of restrictions. Andyrandy has already described them in his answer. Compared with official APIs, we do not have such restrictions.
Besides, our APIs provide such unique features as gender and age recognition (via face photos) along with identification of post reactions that give a competitive advantage in obtained analytics. Data365 APIs also enable developers to create monitoring tasks for a one-time or auto data update. And above all, we do not break the law but only provide web scraping within the legal framework.
So if I go to the Facebook Graph API Explorer and paste in the following:
653851844748299?fields=from,permalink_url,id
Why do I only get a valid result if I use a user or page access token?
Why do I get an error if I use an application access token?
Going to https://www.facebook.com/video.php?v=653851844748299 shows the video exists (though you do have to be logged in to see it).
Per the documentation, application tokens are intended for use "to modify and read the app settings" and to "to publish Open Graph actions".
They are of limited other use, in part because their ability to modify the application settings makes them rather more dangerous than an individual user/page's token.
By preventing them from being very useful outside of their intended use, it's a lot less likely you'll leak one to the client.
Some user data that would normally be visible to an app that's making a request with an user access token isn't always visible with an app access token.
(https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens)
Until a few days ago the Python script I was using to generate an RSS feed for my own Facebook News Feed was working fine. The script I was using first signed on to Facebook using my log in information and then called up this page and parsed it for an access token:
http://developers.facebook.com/docs/reference/api
I'm not sure that is exactly the way Facebook wants people to get an access token, but reading through all the information on Graph API I can't seem to find anything that says, "Here's how you get that token you need to access your own stuff." It all seems to be directed at people trying to do far fancier stuff.
How do I obtain an access token such that the page referenced here will return the JSON format data I need?
res = browser.open('https://graph.facebook.com/me/home?access_token=%s' % acct)
Start by reading about Access Tokens as there are different types.
Then, to read the user news feed (home connection), you need a user access_token
To retrieve one using the server-side method, you need to follow this document
To understand the flow of the server-side method you can refer to this diagram (source: Login Architecture document ):
I'm able to fetch my friends list using Facebook API (which requires me to log into my FB account) and I'm trying to show my friends list to other people visit my site.
I've tried using Twitter and its quite simple. https://api.twitter.com/1/friends/ids.json?cursor=-1&screen_name=codef0rmer returns my followers ids.
Is that possible using Facebook API, If yes, How to do that?
To access the /friends connection you need a valid access token for the current session. This means you can't access this connection for other users
https://developers.facebook.com/docs/reference/api/user/
https://developers.facebook.com/docs/reference/fql/friend/
This means that unless you get a users friends and store them in your database, you won't be able to do this. ( Unless you use longer living access tokens (I say longer living as offline access is being deprecated)
Saying this, I'm not sure if you are allowed to store this information. I know friendslists aren't allowed to be shown to other users so this is potentially dangerous territory on facebook TOS. The privacy policy is here https://developers.facebook.com/policy/ but I think this is something you may need to clarify with Facebook directly as it looks like a slightly grey area
I know it is possible to get the locale of the user with getSignedRequest, and it is possible to get the locale of the user with https://graph.facebook.com/me?fields=locale once they have authorised the app. But what is the equivalent graph api url that I can use before they have authorised the app? All my code is with the graph api so I really dont want to have to switch now to using the whole facebook->getSignedRequest() stuff. I can't find it anywhere but seems silly this functionality has not been provided in graph api?
You have to pick between using the signed_request (which is sent in a POST request to all apps on Facebook) or authorizing the user.
If you don't do one of these, then you won't know what the Users ID is, so you will never be able to identify their locale.
The signed_request just requires you to be able to capture request data and then perform the parsing logic outlined in the doc linked to above - it doesn't require the use of any SDK or API, just the ability to read requests (most languages will be able to do this).