How to generate an Access token without manual steps on facebook API - facebook

I am trying to make a simple Instagram post bot where I can provide a url of an image and a caption and it will post. I currently have a working python script that, will generate long life token from a fixed exchange token (generated manually at the graph api tool webpage) and will will post an image given a url.
The problem is after a while (Less than a day) the token expires and I have to manually generate another.
I can successfully generate an app access token but I don't believe you can use an app access token for posting content. Is there a way to automatically generate a user token? pref without using something like chromedriver to mimic a browser for the token generation
Any help is appreciated.

First of all, I strongly recommend you to spend a few minutes reading the References on Access Tokens.
From there you can better understand the different types of Access Tokens.
Moving on.. Make sure you are using the correct endpoint to get that Long Lived Access Token (If your token is taking only a day to expire, means you aren't).
Use the Long Lived Access Token path with the token you generated via Graph API Explorer:
curl -i -X GET "https://graph.facebook.com/{graph-api-version}/oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={your-access-token}"
App's Access Token does not give you access to Content Publishing.
For that you need to use your User Token generated on the previous step.
Make sure the User have all the Permissions needed:
ads_management, business_management, instagram_basic, instagram_content_publish, pages_read_engagement.

Related

"The access token does not belong to application" Trying to generate long lived Access Token

I am having problems generating long lived Access Token to update Facebook page from my desktop application.
I created a Facebook App associated with my Facebook user and stored it's app id and secret.
I created a facebook page associated with my Facebook user account.
I can create a short lived (60 minutes) access token for my app.
My desktop application is able to post to my Facebook page using the short lived access token. However, this only lasts 60 seconds and is therefore impractical.
I have been trying to generate a long lived access token using the guidance here:
Request a Page Access Token in C# SDK
However I receive an error:
"The access token does not belong to application XXXXXXXXXXXXXXX"
When I try enter my short lived access token in the debug tool the box, it confirms that the access token is mine BUT it shows a different app id.
Where does this different app id come from? I only have one Facebook app defined.
I think I might be missing a fundamental point here.
Many thanks for any help you can give.
Go back to the Graph API Explorer where you generated the token.
Make sure that you selected your app from the drop-down at the top where it says "Application[?]"
If you don't it defaults to 'Graph API Explorer' and that will be of no use to you. Once you get the token made for the correct app, try again using this URL:
(replace NNNN with the correct data)
https://graph.facebook.com/oauth/access_token?client_id=NNNN&client_secret=NNNN&grant_type=fb_exchange_token&fb_exchange_token=NNNN
Steps are:
Generate app token with the following Graph API call:
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
Exchange received token for a long-lived token (60 days) with the following Graph API call:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
that will give you long-lived token associated with your app. If you want to post on the page AS THE PAGE, then you need to get Page access token - see here for more details: https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens
Authenticate the user and request the manage_pages permission
Get the list of pages the user manages from (1): https://graph.facebook.com/me/accounts?access_token=USER_ACCESS_TOKEN
Parse the list and get the token - and use it to post to the feed.
you will do (1) in graph API explorer - and you will get user token. Then insert that token into URL in (2) - and you will see all your pages and corresponding token. Take the one you need and use it in your C# code to upload images.

Getting access token with App secret. Is it safe?

Im building an app that tries to display the last 5 news of certain public page. To access this information I need to get an access token with this:
GET https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&client_secret=YOUR_APP_SECRET
&grant_type=client_credentials
My question is: isn't the app secret to be... well, secret?
If I make a GET query mit jQuery anyone can look into the script file and find out about it. Is this safe?
The token never changes (unless password change / block / ...).
You should retrieve the token once using your browser. From then on you can use the token without using your app secret.

Where to request extended access token in Facebook App using PHP SDK

I need to get access to my user's information when they are offline and I understand that I need to use an extended access token which lasts 60 days. I have been looking at this SO post How to extend access token validity since offline_access deprecation and this says that I need to include the stated method in my base_facebook.php file and make a call to the method.
However, looking through my code there is no explicit request or use of access tokens anywhere so I'm unsure how to request an extended access token. This post Do I need to use access token in Facebook API? explains that using the PHP SDK the access token is automatically appended to the api requests, which would explain why I have never encountered access tokens so far.
So my question is how do I get the user to give an extended access token when they sign in using the PHP SDK method getExtendedAccessToken()?
EDIT: A key point here is that you can't seem to get an extended access token for your own app! I tried this with one of my test users and it worked fine! Another point to note is that the access token tool will only show by default the access tokens for the person who actually developed the app. To see the specifics of the access token for other users you need to go to the debugger part and input the access token there. Hope this helps.
If you haven't seen any references to access tokens, they are most likely being stored in session variables. You could try adding echo "<pre>";print_r($_SESSION);exit(0); to your code to see what is stored in the session. You would add it somewhere after you have already been logged in.
If you are calling getExtendedAccessToken() from the PHP SDK, then the access token returned will automatically be long lived. To retrieve it after they are directed back to your site, you can use the getAccessToken() method. You would then store the returned value, and use it when you want to make calls later with setAccessToken($stored_token) .
Hope that helps.

developers.facebook.com issued access token VS OAuth generated

Interesting problem I'm having right now.
Signing in an App gives a access token looking something like this:
AAACwFsGcSr4BAOGUTwfuZAWuUcwZC0rJ7noZCKMqhBI7ivDCsIGqduGIZCus5PRaS6KuREqxLmhfvZAZAkz5WCpFfANtUpYHgZD
This access token can't access users PUBLIC information, while one issued by Facebook on developers.facebook.com - CAN.
You can easily test this by logging to your facebook and going to this link: http://developers.facebook.com/docs/reference/api/
You'll see that Facebook automatically generates access token on DEMO urls like this one:
https://graph.facebook.com/me/music
?access_token=2227470867|2.AQCvlA_ZaJ2MfRR0.3600.1318266000.0-100001572415177|2FeweU6ZvOQS9OCF5ZBV58_PtPg
If you would change /ME/ to any user which has his MUSIC posted as public, you WILL be able to access that data with Graph API.
Now try to get an access token to your APP and call the same Graph API method with generated access token, the returned data is empty JSON object.
Whats’ the difference between these access tokens? How to obtain access token, that I could get public information using Graph API?
I was thinking that logging in your APP is the highest possible access token and the only higher token is token with specified permissions...
Any guidelines would be great :)
http://developers.facebook.com/docs/reference/api/permissions/
I believe the difference is that you can specify additional permissions in a scope parameter,
so if you wanted to read a user's feed you would have to specify read_stream. I was trying to accomplish this with an access token from a server-side authentication flow in ruby, but the access token only allowed to me to navigate accross a certain portion of graph.facebook.com/user_id/feed? requests. If you get any insights or comes across a solution shoot it my way too, if you can.

Facebook ACCESS_TOKEN used with links.getStats

links.getStats was working fine as simple REST call just few weeks ago, and right now it's failing... The reason is simple, it needs an ACCESS_TOKEN.
Of course, my application, which I use to stream some content to my wall, has an non expiring (offline usage) access token. But if I try to use this token with links.getStats I get this error: "Impersonated access tokens can only be used with the Graph API".
So my question would be: How could I get a valid ACCESS_TOKEN, that I could successfully call links.getStats?
Thanks!
We're tracking this issue internally. Here's the bug id: http://bugs.developers.facebook.net/show_bug.cgi?id=19470
The workaround solution is to use any user access token with the call. You're trying to use an app or page access token, which won't work. Go to https://developers.facebook.com/tools/explorer/ , get an access token for yourself, and tack that onto the call with &access_token=YOUR_ACCESS_TOKEN and it will work.