What is the correct way to start using Instagram oEmbed feature? Documentation (https://developers.facebook.com/docs/instagram/oembed/) claims that I have to pass App Review to start using the feature. And application form says Please provide a URL where we can test Oembed Read. Which I don't have because I have no access to the feature.
What I have tried with no success:
I requested instagram_oembed resource with:
app token of application in live mode
app token of application in
development mode
passed URL to a post by official Instagram account
(e.g. https://www.instagram.com/p/CQG4gZxMzzO/)
passed URL to a post
of a user who is Admin of the app
In all cases I receive (#10) To use 'Oembed Read', your use of this endpoint must be reviewed and approved by Facebook. To submit this 'Oembed Read' feature for review please read our documentation on reviewable features: https://developers.facebook.com/docs/apps/review.
Example of the request I do https://graph.facebook.com/v11.0/instagram_oembed?url=https%3A%2F%2Fwww.instagram.com%2Fp%2FCQG4gZxMzzO%2F&access_token=appAccessToken
We're also suffering from this issue, but so far, we thought we already figured out how to do that.
Big picture
Facebook had not sorted this thing out correctly. Or at least, we don't know why they put such a restriction to this API.
The official document is not correct. (or at least not accurate for now, for some part)
Which part was not correct?
The access token part is not right. Or at least, it's the most confusion part.
How can we resolve this?
Use the Graph API Explorer
Adjust your token(App token, Client access token, user token) with the official URLs(see below) to see if you can get the result
most of us should be able to get the result with user access token, which means you have to access this API after login!
Integrate into your app for review
The review page is also confusing:
Please provide a URL where we can test Oembed Read. Include the URL of a page, post or video from our official Facebook or Instagram pages, or the pages themselves., it means you can only use links like https://www.facebook.com/instagram or https://www.facebook.com/facebook
With that in mind, so far, the only way to get approved is integrate your oembed usage into your normal UI with facebook user access token ready
Question to the big picture
So, we have to ask user to login with our facebook app, then we can provide this oembed read API returned embed HTML? I'm afraid that's what we have now.
big companies might be able to apply for App Token, I guess in that scenario, facebook login is not necessary
for small companies, indie developers, hmmm, I don't know any better solutions so far.
I have run into this too. I do not have an answer at this time, I just want to report on the frustrations of their 'app review' process. Which makes it feel like you are unlikely to get it to work any time soon.
We have a custom embed code for our weblog authors to use (a shortcode kind of thing) which does the oEmbed call. We just take the HTML from the resulting JSON, and insert it into the weblog article page, and that is it. It stopped working, presenting this same error - in live mode, and in development mode.
The kicker is, I then tried submitting it for app review. Filled out everything I could to the best of my knowledge. Provided them a test account and post on our weblog to show the shortcode editing and expected placement. We got rejected. Why? Your embedding resulted in an error, we can't see it in action to approve you.
Yes. The error I am getting is that I need my 'app' to be reviewed and approved.
This is an infuriating process. This is the only Facebook / Instagram API feature we use at this point. No user data. No attempt to make an Instagram clone app or anything like that. Just an embed.
And they are making this simple use case as impossible to use as they can. And the documentation also feels like an infinite loop. They say users of the old Instagram embed call have until September 7 2021 to get approved. But the call does not work at all because we are not approved. So we cannot get approved.
Same loop here. I've managed to report it to Facebook team and get answer "Just submit your Instagram post URL"! I can't believe it, its can't be so simple. I've confirmed it few times with Facebook team person and.... get rejected!
Also, second form in App Review process will LOWERCASE all of your links and I've spent few days just to explain it to reviewers and support person. Still rejected after submitting proper url. This is insane.
My another attempt was about to build a test page where I can auth via Facebook account, parse connected Instagram accounts and GET embed endpoint with user access key in hope that reviewer HAS access to oembed feature - REJECTED. I can't even find what permission I need to add to auth URL to obtain oembed thing.
Will update my answer with new information later.
UPDATE: After reporting about the issue with lowercase URL in submission form they just APPROVED my app without APP REVIEW. Well... Facebook style...
I had exactly the same problem recently. Updated the packages with compose, changed the API version from 10 to 11... without any change.
The error was also occurring in development mode, it didn't make sense that Facebook was asking to approve in dev mode.
For me, the problem came from the management of scopes in my application, depending on the version of the Facebook API used.
My advice: check the scopes defined with API version in your code first.
I had the same issue and the solution is very simple. The only thing you need to do is copy paste an instagram url in the input field saying: Please provide a URL where we can test Oembed Read.
I did the this link: https://www.instagram.com/p/G/
Which is actually the first instagram post :) Got approved. Hope this helps everybody!
I am using Facebook Graph API version 8. I want to get all the comments from a selected post along with the user who commented. I am asking for following permissions while connecting the Facebook Business page with my platform:
'public_profile', 'email', 'pages_read_user_content', 'pages_read_engagement'
My issue is that from all the comments received few of them have detail of the user who commented and few doesn't. I am using long live user access token to fetch the comments from the selected post.
Can anyone please help me identify the thing what I am doing wrong? Wrong access token or missing permission? I have tried a lot of things but could not figure out the issue.
I'm dealing with bots in my app and a costumer ask me to auto detect the bot`s messages in a conversation.
When an app create a post I can see who wrote the post with: me/posts?fields=admin_creator
But when someone wrote a message in a conversation how can I see who wrote this message in the conversation API me/conversations?fields=messages
Edit:
I need to know who answer the message through my page. It was me, a bot, an app or other person who have the permission to answer by my page.
Solution #1
By reading the docs, I found this information that could help you:
It's not possible to request a message by its individual message ID. Instead you should get the message as part of the thread it's a part of.
Note that the message object has from and to objects, so
Taken from the Graph API Message docs.
Solution #2
If that doesn't help You, I'm sure these two posts from the chatbotsmagazine will:
In the post about a Swell app, the poster asks the question:
How could you identify the user? We have existing users in our
database who signed up with Facebook. There are two different user-ids
though, according to Facebook’s Docs:
(..) Ids are page-scoped. These ids differ from those returned from Facebook Login apps which are app-scoped. You must use ids retrieved from a Messenger integration for this page in order to function properly.
Then, they provided the answer to that question in this post:
FB Messenger Bot 🤖 — How to Identify a User via Page- & App-Scoped User-ID’s
I hope this helps.
I want to post to facebook company-page via a developer-app. Therefore I created an app and also an access-token with the following permissions:
manage_pages, pages_show_list, publish_pages, public_profile
Posts are successfully created on the company-page via the app.
The problem I have is the following:
Customer is posting on the companies page.
Answer from the company is posted via the api (app).
The customer sees that there is an comment to his initial post but he cannot see the content of the reply.
I'm pretty sure my access-token is missing some permission but I could not find anything related in the facebook api documentation. Or am I wrong and there is another problem?
Make sure the App is public in the App settings: App Review > "Your app is in development and unavailable to the public."
Postings of Development-Apps usually don´t show up for regular users.
With the new deprecated offline_access method, how can one have a token that survives logouts?
Basically, I made a plugin that allows WordPress users to publish their posts to Facebook. So when a user makes a post, it auto-publishes.
In testing with the new lack-of-offline_access, it appears that if the user logs out of Facebook, this breaks the connection on the site by invalidating the saved access token.
How can I detect that and refresh the token? Does the user need to go back and do it manually? Or can I properly automate this?
Seems to me like Facebook hasn't fully thought this one through here.
...it appears that if the user logs out of Facebook...How can I detect that and refresh the token?
From: https://developers.facebook.com/docs/offline-access-deprecation/
Handling expired tokens, user password changes, uninstalled apps, and user logout
Regardless if your app requested the offline_access permission, apps
should gracefully handle an expired access tokens in situations where
a user changes their password, deauthorizes an app, or logs out. More
information on these cases including a simple code solution that leads
to a uniform user experience can be found in this blog post.
This is what you will get if the user logs out of Facebook. From a blog post from May 2011: https://developers.facebook.com/blog/post/500/
{
"error": {
"type":"OAuthException","message":"Error validating
access token: The session is invalid because the
user logged out."
}
}
EDIT
Otto says in comments:
You keep saying "your app" but you need to understand that I don't
have an App. The user is creating their own app for their own site.
It's their app, and having it suddenly unable to do what they want it
to do is kinda crap. This is why this feature isn't fully thought out.
Basically, you're saying that nobody with a website can ever log out
of Facebook or their website will stop being able to publish to
Facebook. Not a good design.
Dmcs replies:
If it's not your app, what do you can how they manage their app.
Stackoverflow is not a place for "what-if" questions.
I'm voting to close this question based on this what-if, and that the answer cannot be answered with facts and that the question would lead to debate. Stackoverflow is not a place for debate.