I've tried do develop automatic code that would fetch data from ads campaigns under account. My plan is to have server that would query every day to get data from impressions/clicks/costs of ads and save it for later use.
I use https://developers.facebook.com/tools/explorer to get access_token for getting data (insights) from those campaign pages but when I log out to try offline_access it tells access_token is old, cause of password change or access_token getting outdated.
Isn't the whole point of offline_access to grant acccess when user is not logged in?
And besides that.. what's with most of my calls ending having reply as follows:
"(#294) Managing advertisements requires the extended permission ads_management, and a participating API key"
I've given access_token that has ads_management, but I have no idea what this Participating Api key even means. Do I need to add this to url call or something? Where do I get this Api Key?
Edit: I want to be able to get data from add campaign pages, so I'm not talking about Apps in page
You will want to read up on the deprecation of the offline_access here: https://developers.facebook.com/docs/offline-access-deprecation/
But most importantly follow the guide here on how to handle invalid access tokens:
https://developers.facebook.com/blog/post/500/
You app is to monitor the error messages coming back from the API and handle it gracefully.
I have the same issue and I found this bug can be reason of our problem. It's already accepted and assigned, but still not solved. I hope it's really bug and not a secure hole, that was closed :)
Related
All mutual friends request made from my app server (node) (also tried the Facebook API explorer) suddenly started returning an empty array for the data field. I confirmed and validated my access token and appsecret_proof on the API explorer. Do you know what has changed or what the request below is missing?
Note: both users use the app and have granted user_friends permission.
I am using v2.12
request
{
url: 'https://graph.facebook.com/v2.12/{user-facebookid}?fields=context.fields(all_mutual_friends.limit(5000))',
qs: {access_token: 'XXXXX'
,
appsecret_proof: crypto.createHmac('sha256', clientSecret).update(accessToken).digest('hex')
}
Yep. Facebook has taken down the Graph API for page access tokens. The only way to retrieve data (or was a week or so ago), was a temporary user token that lasts about 2 hours. It's totally broken my band's schedule page. I've been through every avenue and even spoke with a facebook ad team employee on the phone that was aware of it. She seemed to empathize but had no solution for me. I would count on it being down for a while.
I have finally figured out a work around for this. On your fb application, you have to disable the secret key requirement. This can be found under the advance settings of your fb application console. It's called "
Require App Secret".
Once you generate a fb PAGE access token, you get a fb page token, and then extend it.
here is the token debugger:
https://developers.facebook.com/tools/explorer/
You can extend the access token programmatically as explained here:
https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
AND
https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens
There is also an extend tool in the access token debugger.
I am using PHP for accessing Facebook friends location. I want to access location of all friends. I read that it requires "access tokens" to get client's public information from here
https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
and here
https://www.sammyk.me/access-token-handling-best-practices-in-facebook-php-sdk-v4
Is that token will be provided by Facebook at that instant of time or my app needs to wait till friend's approval.
I saw this post on stack overflow: How to get user access token?
But i still i can't figure out what if friend is offline. How that token will be passed to my application?
Or is it like that "Tokens are generated by Facebook at time when my application made the request but i can only access the user information later using the same token if he has given permission (when he gets logged in)".?
I am unable to find any explanation regarding this.
Thanks.
You can´t get the location of friends at all. Friend permissions have been removed for privacy reasons, you can only get data of users who authorized your App too. Check out the changelog for more information: https://developers.facebook.com/docs/apps/changelog
That being said, there are different Access Tokens. You can get an App Token without authorization, but you need to implement an authorization process for User or Page Tokens.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
My app got white-listed for using the Ads API.
I was wondering in regarding to the authentication flow.
Say, that I need to retrieve and execute actions via the API on daily tasks ( with no user interaction) , I find the authentication process quite cumbersome.
Is there a way to work with my app access token instead of a user access token?
I want to be able to approve my app only once for each user and then to be able to work with no user interaction.
Can I achieve this?
App access token is not relevant for this case.
I had to work with the user access token.
I followed this doc: https://developers.facebook.com/docs/reference/ads-api/
Eventually , one should use some client side code in order to get a user permissions and then make another request for getting the user token.
So you'll have to call
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=ads_management,offline_access&response_type=code
Get the authentication code and make another call:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=AUTHORIZATION_CODE
Then you'll get an access token which is valid only for two months, in opposed to what Facebook docs says in here:
https://developers.facebook.com/roadmap/offline-access-removal/
"Ads APIs are special cased to allow collection of statistics offline. PMD partners should use server-side OAuth flow in order to receive a non-expiring token rather than a token that has longer expiration time."
Too bad that the access token is not really valid forever...
According to "Exception 4" in this document , if you have Ads API access you should be able to get a non-expiring token if you use the correct workflow. Following the guidelines outlined here, if you use the server side OAuth flow, to make the following request you should get a non-expiring token:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
thx for the feedback regarding the Access token process being cumbersome. Because this is a one to many solution - a single App ID can manage multiple ad accounts, on behalf of multiple people - we need to make calls on behalf of people.
You should be able to get a persistent access token for Ads API. If you are not getting it, please provide exact steps you are following so we can see if there is a bug or you might be missing a step.
Thx.
Reading the API docs (https://developers.facebook.com/docs/reference/api/page/) I assumed that in order to read a public pages status updates, I would require "any valid access_token or user access_token" (quoting the docs here).
However, if I try to get the status updates for the public page, using my app access token, I receive the following response: "A user access token is required to request this resource"
GET 20531316728/statuses?access_token=myappaccesstoken
So, my question is if the docs are just plain wrong, I'm doing something wrong or whatever?
There is a clarification that needs to occur by Facebook [1]. The docs are either outdated or Facebook has changed their mind on handling these updates which is interesting seeing that
GET /PAGE_ID/feed?access_token=myappaccesstoken
Works (and holds all the statuses). I was told by someone in IRC #facebook that maybe the statuses call is more expensive (Not too bought on this idea).
My current stance is that either
any valid access_token or user access_token was supposed to imply those excluding app tokens
Facebook realizes that one can bypass the OAuth Flow by using an app token on pages when Facebook desired some form of authentication.
In the end, these are all assumptions.
I haven't been able to get a clear answer out of any Facebook employee as to whether this is indeed a bug or an intentional removal of this feature.
[1] - http://developers.facebook.com/bugs/480742545315442
I'm using server side authentication for Facebook detailed on this page.
https://developers.facebook.com/docs/howtos/login/server-side-login/#step5
I'm asking for extended permissions like user_birthday and if the user accepts, I get the code
YOUR_REDIRECT_URI?
state=YOUR_STATE_VALUE
&code=CODE_GENERATED_BY_FACEBOOK
But if let's say the user declined to provide birthday, I still want to proceed when I get this url
YOUR_REDIRECT_URI?
error_reason=user_denied
&error=access_denied
&error_description=The+user+denied+your+request.
&state=YOUR_STATE_VALUE
Does anyone know how to get the code under that scenario or do I have to ask the user to signin again but this time not asking for additional permissions?
Cheers,
Steve
Does anyone know how to get the code under that scenario or do I have to ask the user to signin again but this time not asking for additional permissions?
There are two scenarios here:
You are asking the user to connect to your app for the first time. At this point, they can not decline giving you user_birthday permission solely (since it’s a basic and not an extended permission) – they either connect to your app, or they don’t.
The user has connected to your app before, and now you are asking for user_birthday permission. If the user declines that, that will lead to the error_reason=user_denied – and then you will not get a code parameter.
In the 2nd scenario, when using the server-side flow, asking the user again (maybe with a reduced set of permissions) is the only way to go – unless you have already gotten an access token before. That will not get invalidated – but it will obviously only contain permissions already given before.
(If the user connected to your app before, you can just call the Auth dialog with no scope parameter at all – in that case Facebook will redirect straight back to your app with a code parameter. Or you could get the token beforehand client-side, for example by calling FB.getLoginStatus.)