I am working with the Facebook Graph API using an account that manages a few other accounts. I can perform most operation just fine, such as adgroups, stats, etc. However, when I try to call adcampaigns or adcreatives I get the error message:
(#294) Managing advertisements requires the extended permission ads_management, and a participating API key
This also happens in the graph explorer. I generate a token and I check the ads_management permission and run the same operations, but I get the same problem. I can call adgroups, adaccounts, stats, etc., but I cannot call adcampaigns or adcreatives. Does anyone have any ideas as to what I'm missing?
Jorge this just means that you need to apply to have your Facebook app given the capability to call into the Facebook Ads API. Once your app is approved, you'll be able to call into the Ads API. You can start the process here:
https://developers.facebook.com/marketingapis/
Related
My team and I have been trying to connect to the Graph-API (Facebook) for a few days to get access to Audience Network data through our API.
Steps we follow:
Implementation of Facebook Login flow
Generation of Access Token from the Facebook Login Button in our application.
Modification of the Access Token to a Long-Term Token.
We debugged both tokens through the official tool and it is possible to observe that it is a valid token with the proper access: https://developers.facebook.com/tools/debug/accesstoken/
In the settings, the JavaScript SDK is already properly activated
The request we are using as an example is:
https://graph.facebook.com/<API_VERSION>/<BUSINESS_ID|PROPERTY_ID|APP_ID>/adnetworkanalytics/?metrics=['fb_ad_network_imp']&access_token=<ACCESS_TOKEN>
We use the following documentation as reference and tools:
https://developers.facebook.com/docs/audience-network/optimization/report-api/guide-v2?locale=en_US
https://developers.facebook.com/docs/audience-network/optimization/apis/FB-login-Reporting-API
https://developers.facebook.com/docs/facebook-login/guides/access-tokens/get-long-lived
Even after all these steps, when trying to make a request to the Graph-API, through the explorer https://developers.facebook.com/tools/explorer/, we still receive the following message:
"The way to access reporting API v2.0 has changed. You now need to implement Facebook Login for your app to access this API. See instructions here: https://developers.facebook.com/docs/facebook-login/"
Is anyone trying to implement this flow or know how to fix this behavior?
I want to use the wso2 SCIM2.0 API for CRUD operations on my users.
When I call the API to get ALL the users, it works, but when I try to call the API to get a specific User by its ID, it returns a 403 forbidden error.
The API I'm calling is this one:
https://localhost:9443/t/carbon.super/scim2/Users/29ae81f4-37eb-4e5c-a3c9-33cba98f4f47
and I'm passing the access token generated with the scope: internal_user_mgt_list
and the users logged in that is trying to call the API has all the User Managment permissions.
I solved the problem. The documentation specifies the wrong scope. The required scope is not internal_user_mgt_list but internal_user_mgt_view
I am trying to automate the creation of users and roles in wso2 by way of the included api's. I can list the wsdl with no problem. I can call the api authenticate with no problem. But if I call any other api endpoint such as isExistingUser I get a UserStoreException returned and a "Error occurred while accessing java Security Manager Privilege Block" in the logs. How exactly do I make an api call to check the existence of a user, add/remove a user, add/remove a role to a user?
an example of an api call that works is
https://ip address:9443/services/RemoteUserStoreManagerService/authenticate?userName=admin&credential=admin
and example of an api call that does not work is
https://ip address:9443/services/RemoteUserStoreManagerService/isExistingUser?admin
The request seems to be wrong. Try with parameter name as mentioned below:
https://ip address:9443/services/RemoteUserStoreManagerService/isExistingUser?userName=admin
I am trying to use the Google Contacts API and the Python / GDATA client handlers to access Contacts via OAuth 2.0 for users in the domain. I'm ultimately wanting to create a web service to add contacts for users, but the first step is getting this test working.
I can access my own Contacts just fine if I use the default URI. However, when I pass in the email address to construct the URI for another user, I can't seem to access the other user's Contacts. Here is the code that I'm using:
client.GetContacts(uri=client.GetFeedUri(contact_list=userEmail))
A 403 error is returned when I execute this.
gdata.client.RequestError: Server responded with: 403
Your client does not have permission to get URL /m8/feeds/contacts/<userEmail>/full from this server.
Mostly just trying to understand if what I'm attempting here is even possible. In the Email Settings API, for example, you can get authenticated to the domain and pass in a user's email to list their labels, add filters, etc. So, I would anticipate that the Contacts API would work the same, though handled slightly differently, i.e. modifying the URI, instead of just passing in an argument to the client handler. Please let me know if I am wrong in that presumption.
For authorization, I'm getting the details using flow_from_clientsecrets, then getting the token to authorize the ContactsClient for the domain. Again, I can access my own contacts fine, so authorization seems OK, but I can't access other users' contacts.
client = token.authorize(ContactsClient(domain=domain))
Seems like I'm missing something with respect to accessing other users. Is anybody able to assist me over this hump? Here are some things that I've checked / confirmed:
Contacts API is enabled for the project
Scopes have been authorized for the Client ID in the control panel > Manage 3rd party access
I am a Super Admin in the domain.
Thanks for your time!
I figured out the answer here from another post with exceptional detail:
Domain-Wide Access to Google GDATA APIs
You need to use "Service Account" authentication. For some reason, I was thinking that would only work with the newer discovery-based APIs. But, service account access also works for GDATA APIs. I can access all the Contacts for users in the domain now.
My app got white-listed for using the Ads API.
I was wondering in regarding to the authentication flow.
Say, that I need to retrieve and execute actions via the API on daily tasks ( with no user interaction) , I find the authentication process quite cumbersome.
Is there a way to work with my app access token instead of a user access token?
I want to be able to approve my app only once for each user and then to be able to work with no user interaction.
Can I achieve this?
App access token is not relevant for this case.
I had to work with the user access token.
I followed this doc: https://developers.facebook.com/docs/reference/ads-api/
Eventually , one should use some client side code in order to get a user permissions and then make another request for getting the user token.
So you'll have to call
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=ads_management,offline_access&response_type=code
Get the authentication code and make another call:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=AUTHORIZATION_CODE
Then you'll get an access token which is valid only for two months, in opposed to what Facebook docs says in here:
https://developers.facebook.com/roadmap/offline-access-removal/
"Ads APIs are special cased to allow collection of statistics offline. PMD partners should use server-side OAuth flow in order to receive a non-expiring token rather than a token that has longer expiration time."
Too bad that the access token is not really valid forever...
According to "Exception 4" in this document , if you have Ads API access you should be able to get a non-expiring token if you use the correct workflow. Following the guidelines outlined here, if you use the server side OAuth flow, to make the following request you should get a non-expiring token:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
thx for the feedback regarding the Access token process being cumbersome. Because this is a one to many solution - a single App ID can manage multiple ad accounts, on behalf of multiple people - we need to make calls on behalf of people.
You should be able to get a persistent access token for Ads API. If you are not getting it, please provide exact steps you are following so we can see if there is a bug or you might be missing a step.
Thx.