We have Page-Access-Token with all the permissions available (just for testing purposes), we also have a Business System User token and this is the steps we are trying to do
1: We connect our business to the facebook page as an agency using this api call
/me/agencies?access_token=${PAGE_ACCESS_TOKEN}&business=${BUSINESS_ID}&permitted_tasks=['ADVERTISE']
we will become partners with the page successfully.
2: we try to assign our business System user to the page that we just connected our business to using this api call
/me/assigned_users?business=${BUSINESS_ID}&user=${SYSTEM_USER_ID}&access_token=${PAGE_ACCESS_TOKEN}
but this request will fails and we get this response
error: {
message: 'Invalid parameter',
type: 'OAuthException',
code: 100,
error_subcode: 1752100,
is_transient: false,
error_user_title: 'User is not Business Scoped',
error_user_msg: 'The user ID provided is not business scoped. Please provide a business or a system user ID',
fbtrace_id: 'AMSzq06ES6nymFDFD31JWAk'
}
we know that it's possible for the System User to be assigned to the page because you can do that in the businees.facebook.com but we want to do it using graph api
Things we confirmed
The System User ID and Business ID are both correct
The Business is already connected to the page as we mentioned in the step 1, and we confirmed that by looking at Page Roles from the page settings we saw our page as an agency for the page
Things we saw that were interesting
if the page owner have role in the business the second api call would end up successfully and the system user will be assigned to the page
So, How can we assign our system user to the pages that connect to our business
Found a workaround, I created a Business Asset Group, added the system user to this group in the business.facebook.com then through Graph Api I could add the page to this group and the system user now have control over the page just like how I want it.
Related
Using the Facebook Graph API, i want to know if a page (with a #page_id) belongs to a Facebook Business (with #business_id)
The only solution i've found is to request API :
GET #business_id/client_pages
GET #business_id/owned_pages
I've to use pagination (which can lead to lots of requests before finding the page in the list)
Is there a direct solution like GET #business_id/client_pages?page_id=#page_id ?
At this time, a workaround is to create an Admin System User:
https://developers.facebook.com/docs/marketing-api/businessmanager/systemuser/
Then try to assign the user to the page (without the "role" parameter) :
POST #page_id/assigned_users?business=#business_id&user=#business_scoped_user_id
The page doesn't belong to the Business Manager if you got this error :
(#10) You do not have permission to perform this action. This action
requires that you can MANAGE_PERMISSIONS on a managing business
account. Or it requires that you can ADMINISTER on this object Note:
to use do this action on behalf of a business account the "business"
field must be set.
The page belongs to the Business Manager if you got this error :
"(#100) Requires exactly one and only one of the params: role,tasks",
Using the GA API with a particular segment, the authenticated token is from an admin who created the segment. The segment was shared with the permissions for "Collaborators and I can apply/edit Segment in this View"
I've verified the Property ID, View ID, and Segment ID from the interface with the API call. The GA API returns "User does not have sufficient permissions for this advanced segment."
The user created the segment and shared it, so I'm at a bit of a loss as to why I get this error response. Any help would be much appreciated. Thanks!
#Ash has the correct answer but here is a more detailed response:
The user that created the Segment must open complete the following in Google Analytics:
Open the segment panel and select 'Custom', then click 'Edit' for the segment you would like to share.
Then click 'Change' in the top right corner.
You can now select the option allowing collaborators to apply and edit the segment within the view.
Save your changes.
This will allow you to query the custom segment using a service API.
1) A segment in Google Analytics belongs to the user who created it and only that user has access to the segment.
2) A service account will not have access to any of the saved advanced segments. For API requests you could try using dynamic segments instead.
So, a User has saved segments and those segments can be applied to any request for views (profiles) that the User has access to.
Example:
Assuming User A creates/saves a segment and User B also has saved segments and your application is authorized to access User A and B's Analytics account (i.e. they give permission to your App to access their data). The App would be able to retrieve the IDs of the saved segments for both users but you can't apply User A's segment ID to a request for User B's data. For that to work, User A would need to have access to User B's view (profile) to begin with.
I was facing same issue and the error was:
HttpError 403 when requesting https://analyticsreporting.googleapis.com/v4/reports:batchGet?alt=json returned
"User does not have sufficient permissions for this advanced segment."
Creating shared Segment resolved above issue.
Credits and more info: Google groups
I have been experimenting with the REST API using my logged in user account's token to then make PUT requests on my user record to update some custom attributes.
In order to get to this work I had to grant my user account the manage-users role in Keycloak, prior to this I was getting forbidden responses back.
I can now make the PUT request successfully, and after logging out and logging back in I can see the updated attributes I set in my PUT request.
But I have now allowed my user to be able to manage all users in my realm, which I dont want to allow.
Instead I only want to be able to update my own account details.
I know the user can view their own profile and make changes on the Keycloak provided screens. But for certain custom attributes I want to be able to do this from the client side application they are logged in to, so using the REST API but not granting them a role that could allow them to update other users details.
Is this possible?
According to the User section Keycloak's Admin REST API, this is not possible.
One solution would be for your client app to send the update request to a backend. The backend will verify that the update request is legit (aka the JWT is verified and the update does apply to the user requesting the change).
Another solution would be to theme the User Account Service's screens to add input fields for your custom attributes, as the documentation says that:
This screen can be extended to allow the user to manage additional attributes. See the Server Developer Guide for more details.
The second option seems the more secure. I hope that helps.
This seems to be possible with the Account Management API.
Unfortunately, I didn't find any official documentation about that. However, there's an example in Keycloak that demonstrates how to do it.
What is the best way to authenticate with an external API from a conversation with a bot on the facebook messenger platform?
For a broad example, I would like a user of my bot to create items on their own profiles of an external website. Is there a way to get login information from the user, or connect my bot to the external website, without the user explicitly sending a message to the bot with their username and password?
What I found in the documentation under User Profile API:
You can personalize the conversation using the person's name or profile pic from the User Profile API. In order to get this information, make a GET request to https://graph.facebook.com/v2.6/?fields=first_name,last_name,profile_pic&access_token=. Read more details in the Send API reference.
This isn't quite what I'm looking for but it helps. Here's more info from the docs:
User Profile API
Request
curl -X GET "https://graph.facebook.com/v2.6/<USER_ID>?fields=first_name,last_name,profile_pic&access_token=<PAGE_ACCESS_TOKEN>"
Response
{
"first_name": "Peter",
"last_name": "Chang",
"profile_pic": "https://fbcdn-profile-a.akamaihd.net/hprofile...70ec9c19b18"
}
It depends how they come in.
If they come from your website, you can use the Send to Messengee button from within their account. Use the pass through param to link your account to the user thread.
Here's an excerpt from the documentation:
The plugin takes in a pass-through parameter defined by you. This parameter is sent back to you via a callback. You can use this to link the authentication event to a person and/or transaction. For example, a person may enter an online flow for a specific transaction and click the Send-to-Messenger button. You can pass in data to know which user and transaction was tied to the authentication event. You should encode and encrypt this parameter.
If they come directly to your bot, you would have to present them with a login of some sort (your login) from within the conversation. This would happen in a link to an mobile web URLs.
Reading Google Analytics API docs is like diving into Mariana Trench... so hoping to get some help here.
I have a website that users will visit one page per visit (most of the time). I've placed google analytics script on each page (can view reports in my GA account) and now want to write a "reporting page" on which to display information about "per page usage":
page1: 100 visitors, countries, OSes, ...
page2: 125 visitors, countries, OSes, ...
I want to get this info from API.
Could some one please point me to the right pages of the docs, from the very beginning?
For I can't understand even why I should use 2-step OAuth authorization there (or shouldn't I?) - since I'm writing this report for my own site on which I have already placed google scripts thus authorizing everything.
Thank you.
What i am thinking is that I could have a Webapplication with your pages listed. Web application itself is authenticating and querying the result on when user try to find statistics of particular page.
You should follow
1. Register Service account and get authentication key file
2. Register email account viewed in along clientid email a screen in google analytic users as admin level user
3. Use ga-dev-tools.appspot.com/explorer for query building
4.Implemenation needs
a) First Authenticate with the key
b) Get profile id and pass it to the fetching method
c) Fetch data of the query