I'm just starting to create a in-facebook app. I'm bugging at the first step, when a user access my app for the first time. Basically, I want a welcome page to explain what is that app before requesting an access to information. A cute image with cats, whatever, but not sending directly the user to the login to my app dialog.
So, user didn't sign in to my app, I only have the "app access token" to work with the graph. According to this official Facebook dev page (at the end), I'm supposed to have some basic information access.
Question is : how ? What are the calls that I can make to the graph with an app access token ?
/me is a no go, it requires a user access token.
/$user_id is public information, with or without a token, I can retrieve basic info. But I don't have any user_id to use through the $signedRequest (which gives only country,locale & age)
How am I to get (quote):
- Basic Profile Info of a User (ID, Name, Username, Gender)
- A User’s Friends and their IDs
- Permissions granted by the User to your App
You shouldn't be using your application token for anything other than administration of your app.
It's not possible to get data before a user actually grants it.
The paragraph you mentioned is within the limits of your application
While an App Access Token is largely for the purposes of publishing
information back to Facebook on behalf of the user, there is a limited
set of information that can be retrieved from Facebook using an App
Access Token.
Basic Profile Info of a User (ID, Name, Username, Gender)
A User’s Friends and their IDs
Permissions granted by the User to your App
Say I know User001 added my app, and I want to check on some items for administration. I don't have User001's access token (or rather I shouldn't be manually using it) So instead I supply the application access token to get data that would normally return
Notice I can supply an app token allowing me to see friends (of the user who added the app) but if I choose an object not mentioned in those bullet points...
Basic Profile Info of a User (ID, Name, Username, Gender):
Yes. https://graph.facebook.com/USER_ID?fields=id,name,%20username,%20gender&access_token=APP_ACCESS_TOKEN
A User’s Friends and their IDs
If you request https://graph.facebook.com/USER_ID/friends?access_token=APP_ACCESS_TOKEN, you would get:
{ "error": {
"message": "Can't lookup all friends of 100001234567. Can only lookup for the logged in user or the logged in user's friends that are
users of your app.",
"type": "NoIndexFunctionException",
"code": 604 } }
The answer for legal solution is, NO, you must use user access token.
Similar disscussion here Get the Friends of my friend using the Graph API
Permissions granted by the User to your App
Yes. https://graph.facebook.com/USER_ID/permissions?access_token=APP_ACCESS_TOKEN
Related
I am trying to pull information(name, posts, email, etc) of arbitrary public Facebook accounts. I have a Facebook App. However, I am unable to pull anyone's data because there is no "universal access token" that would allow me access every public account's data.
To test the app, I made a dummy Facebook account and gave that account a developer role in the app. Based on Facebook documentation, since my app is in development mode and the dummy account has a role in the app, I should be able to pull its data. Even with an access token where all of the boxes are enabled, I am still unable to access this data.
Suppose 123456789 is the Facebook id of account I am trying to get info from
Get request from admin account - GET/v3.3/123456789?fields=posts
I expected to get a list of all of the posts from the user; however, I get:
{
"id": "123456789"
}
Is it still possible to pull public account data through Facebook? I know that to do so in live mode, I will need to get Facebook to approve a Page Public Content Access feature, but I am unable to get to that point, because I cannot access public posts in development mode.
If this is about User Profiles:
It is not possible to get ANY data of a user without his explicit permission. You don´t even get an ID of the user without him authorizing your App first. For accessing his posts, you would even need an additional permission (user_posts). For accessing his email, you would need the email permission.
If this is about Pages:
You need to apply for Page Public Content Access in order to get access to posts of Pages.
In our web application a user grants us access to their Facebook account, which gives us their long term access token. The user then makes a choice if the integration should be for their user timeline or for a specific Facebook page that they administrate. If they pick a page then we swap out their user access token with their page access token and go on our merry way. That has been successfully live for a while.
Now I want to add some code so if you are authenticated against a page we can query for the engagements field (/me?fields=engagement) (essentially the details about like counts for the page). However, this query obviously fails if you navigate to this resource with a user access token, because there is no "engagement" field on User.
Is there some way I can query the "/me" api resource and know if it's a user or a page without parsing the error message?
I'm trying to retrieve a photo of a user different from the logged one, here what I did:
I have 2 different users that granted "user_photos" permission to my app
I'm able to retrieve the photos uploaded by USER_1 through the API
https://graph.facebook.com/v2.5/me/photos/uploaded?access_token=USER_1_TOKEN
Let's suppose I'm interested in the photo with id PHOTO_ID_123 (privacy public) and I want USER_2 to be able to view that photo. I should call the following API:
https://graph.facebook.com/v2.5/PHOTO_ID_123?access_token=USER_2_TOKEN
(note the different token user in the latter call)
The issue is that now I'm getting the following error from FB:
{
"error": {
"message": "Unsupported get request. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api",
"type": "GraphMethodException",
"code": 100,
"fbtrace_id": "GmYciGz/Mpd"
}
}
These two users are mutual friends on facebook, but since the photo is public I expect to be accessible even in case the two users are not mutual friends.
Of course the following API call
https://graph.facebook.com/v2.5/PHOTO_ID_123?access_token=USER_1_TOKEN
is working as expected (it does return photo related data). If USER_2 try to access PHOTO_ID_123 from browser (inside facebook website), he can see the photo.
What am I missing? Is this even possible? To me it seems possible from fb doc: https://developers.facebook.com/docs/graph-api/reference/photo/
Permissions
Any valid access token can read photos on a public Page. A page access
token can read all photos posted to or posted by that Page. A user
access token can read any photo your application created on behalf of
that user. A user's photos can be read if the owner has granted the
user_photos or user_posts permission. A user access token may read a
photo that user is tagged in if they have granted the user_photos or
user_posts permission. However, in some cases the photo's owner's
privacy settings may not allow your application to access it.
Thanks
If i authorize an App with user_photos, i would not want any other App User to be able to see my photos - at least not without my permission per photo. So it does make sense not to be able to access photos of one user with the Token of another.
You could let the User select some photos and store it on your server if you want that to happen. Just because something is public on facebook.com does not mean you can grab it with the API, that would make a lot of permissions pointless.
I need to access Facebook API to retrieve ads stats. All my requests will be handled on server side. I already know how to access those data by obtaining User Access Token with ads_read permission, where user has admin role in the ad account.
My application will use cron jobs to retrieve ads stats, so I would like to use App Access Token instead, because user won't need to authenticate with the dialog, right? I assigned application to the business, but it doesn't seem to work. After trying to get ads stats with App Access Token, I'm getting following error:
{
"error": {
"message": "The entity backed by id 1234567890123 cannot be seen
by the viewer with (ViewerID 0, AccountID 0):
DENY_RULE:InlinePrivacyPolicy:AlwaysDenyRule:4
(EntID: 1234567890123)",
"type": "OAuthException",
"code": 1
}
}
The application is assigned to the business, but I'm not sure if it's enough. I don't see any option to assign it to the ads account.
Am I doing it right or maybe there's another way to skip dialog part?
No, you need to use a user access token from a user who manages the ad account.
App access tokens are only useful for a narrow range of use cases, primarily for updating app settings or proving a call came from the app specifically, rather than an arbitrary user of the app
Having problems gaining access to a users photo's from my Facebook app.
I request the apps token at runtime using: (replacing the values in [] brackets with actual values.
https://graph.facebook.com/oauth/access_token?client_id=[clientid]&client_secret=[clientsecret]&grant_type=client_credentials
I then try to access a users photo using that access token, ie:
https://graph.facebook.com/fql?q=SELECT pid, src_big, src_small FROM photo WHERE pid IN('4313357036026642248','4313357036026642249','4313357036026642250','4313357036026642251','4313357036026642252','4313357036026642253','4313357036026642254')
The user has authenticated themselves with my app and accepted the USER_PHOTO permissions.
However I get 0 results back. I do get results back when I use that users access token rather than the app token.
I have proven this issue on the graph explorer:
https://developers.facebook.com/tools/explorer?method=GET&path=1004281695
Anyone got any ideas why an app that has been granted access to a user photos cannot get those photos using the app access token ?
Thanks in advance, Rhys
Because with very few exceptions, you can only access a user's data using a valid access token for that user (or one of their friends, depending on the privacy of the object in question).
In this case, use the user's access token, the app access token is for acting on behalf of the app and shouldn't really be used for user-specific calls, as it won't be able to see non-public information except with very limited circumstances