Is there a way to select a single account using the graph api ?
I have tried everything I know of:
graph.facebook.com/<user_id>/accounts/<page_id>?access_token=<access_token>
graph.facebook.com/<user_id>/accounts?access_token=<access_token>&id=<page_id>
Any other thoughts?
Are you trying to retrieve the access token for a specific page, using the access token of a user who has granted you manage_pages permission?
If so: https://graph.facebook.com/<PAGE_ID>?fields=access_token&access_token=<USER_ACCESS_TOKEN>
Related
In our project users can generally login to the system and access vaious web-pages. There is also a rest-api - users can access certain information through rest api as well (token authentication). Now there is one user that only should have api-access - login only through an api call returning the token. Access to web-pages in not desired and should be prevented for this user.
How can we set this up? Is it possible right out of the box or is it necessary to adapt permission classes?
You can use api keys for the rest api to make it only accessible for the user with the api key
My app got white-listed for using the Ads API.
I was wondering in regarding to the authentication flow.
Say, that I need to retrieve and execute actions via the API on daily tasks ( with no user interaction) , I find the authentication process quite cumbersome.
Is there a way to work with my app access token instead of a user access token?
I want to be able to approve my app only once for each user and then to be able to work with no user interaction.
Can I achieve this?
App access token is not relevant for this case.
I had to work with the user access token.
I followed this doc: https://developers.facebook.com/docs/reference/ads-api/
Eventually , one should use some client side code in order to get a user permissions and then make another request for getting the user token.
So you'll have to call
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=ads_management,offline_access&response_type=code
Get the authentication code and make another call:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=AUTHORIZATION_CODE
Then you'll get an access token which is valid only for two months, in opposed to what Facebook docs says in here:
https://developers.facebook.com/roadmap/offline-access-removal/
"Ads APIs are special cased to allow collection of statistics offline. PMD partners should use server-side OAuth flow in order to receive a non-expiring token rather than a token that has longer expiration time."
Too bad that the access token is not really valid forever...
According to "Exception 4" in this document , if you have Ads API access you should be able to get a non-expiring token if you use the correct workflow. Following the guidelines outlined here, if you use the server side OAuth flow, to make the following request you should get a non-expiring token:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
thx for the feedback regarding the Access token process being cumbersome. Because this is a one to many solution - a single App ID can manage multiple ad accounts, on behalf of multiple people - we need to make calls on behalf of people.
You should be able to get a persistent access token for Ads API. If you are not getting it, please provide exact steps you are following so we can see if there is a bug or you might be missing a step.
Thx.
Having problems gaining access to a users photo's from my Facebook app.
I request the apps token at runtime using: (replacing the values in [] brackets with actual values.
https://graph.facebook.com/oauth/access_token?client_id=[clientid]&client_secret=[clientsecret]&grant_type=client_credentials
I then try to access a users photo using that access token, ie:
https://graph.facebook.com/fql?q=SELECT pid, src_big, src_small FROM photo WHERE pid IN('4313357036026642248','4313357036026642249','4313357036026642250','4313357036026642251','4313357036026642252','4313357036026642253','4313357036026642254')
The user has authenticated themselves with my app and accepted the USER_PHOTO permissions.
However I get 0 results back. I do get results back when I use that users access token rather than the app token.
I have proven this issue on the graph explorer:
https://developers.facebook.com/tools/explorer?method=GET&path=1004281695
Anyone got any ideas why an app that has been granted access to a user photos cannot get those photos using the app access token ?
Thanks in advance, Rhys
Because with very few exceptions, you can only access a user's data using a valid access token for that user (or one of their friends, depending on the privacy of the object in question).
In this case, use the user's access token, the app access token is for acting on behalf of the app and shouldn't really be used for user-specific calls, as it won't be able to see non-public information except with very limited circumstances
On this page:
http://developers.facebook.com/docs/opengraph/using-app-tokens/
It describes how to get the app access token, yet the token it returns is different than the one in the open Graph "Get Code" example. The latter is the only one that works. How can I get the second access token using the API? When I try to use the first example, I basically get something back that looks like "application ID|secret key" which is different than the real access token.
as documentation states, you will get
access_token=YOUR_APP_ACCESS_TOKEN
string back from the API call. Even though it LOOKS like "application ID|secret key HASH" - it is a valid access token you can use to publish to user's wall. You can verify it's a proper access token using Debug toll from FB: https://developers.facebook.com/tools/debug - just paste the token there.
The reason it might not work for you is because you are trying to publish something to the user's wall who did not authorize your app. Look here: https://developers.facebook.com/docs/reference/javascript/ - for example of how to use your app ID to make user authorize the app. You need to request publish_stream permission for your app from user in order to be able to publish as the app to the user's wall.
And going back to the documentation:
Note that the app access token is for publishing purposes permitted by
the publish_actions and publish_stream permissions. You will be unable
to retrieve information about the status update post with the given ID
using the app access token. Instead, you should use a user access
token for such purposes.
hope that helps.
How can I modify this to get permissions for offline_access and others
"https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id="+appId+"&client_secret=" + appSecret;
I don't think you can. The url you are using looks like the one used to get an access token for adminstrative actions on behalf of an app. I.e. Graph api calls requiring an app access token such as access to app Insights.
Offline access, as far as I know, applies only to performing actions on behalf of a user e.g. posting to their wall.
Maybe you are looking for something more like this?
https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=offline_access,email,read_stream,etc
Assuming you have already know about the authentication guide, but just in case:
http://developers.facebook.com/docs/authentication/