Facebook recently released a step-by-step documentation for using a GrapAPI to manage Instagram messages. To obtain the access token to use it, it's necessary to create an application in the developer center, enable login via Facebook and include the permissions "instagram_basic", "instagram_manage_messages" and "pages_manage_metadata" but to activate these options it's necessary to submit various information for approval as statement of how the integration works and descriptions of the usage flow. I don't have access to this information because I can't develop an integration without it being approved.
It's not possible to use the provided test user as the pages raised by him cannot be linked to Instagram accounts.
Tutorial followed: https://developers.facebook.com/docs/messenger-platform/instagram/get-started
Someone with some experience with the Facebook API could give me a light on how to obtain the token with access required and proceed the tests?
I have done the tutorial as well, I faced the same problem. To enable instagram_basic, instagram_manage_messages and pages_manage_metadata without app review you need to create a test-app. For test apps all permissions are granted without review.
Instructions on how to create a test-app
Another usefull tipp: If you are wondering why you need to implement facebook login to access the instagram messaging api, the logic is the following: You need to implement login to then use your own implementation to logg in your own account and obtain the page access key that will let you do api calls to the instagram messaging api. This process is obviously overkill and instagram is working on a way of getting that access token through the developer dashboard.
For now to obtain that access token you need:
implement facebook login as a simple html website and console log the response. Be sure to add the required permissions to the data-scope attribute of the facebook login button:
<div
class="fb-login-button"
data-scope="public_profile,email,instagram_basic,instagram_manage_messages,pages_manage_metadata,pages_messaging"
></div>
deploy to a website that has https enabled (logging in from
localhost will only work if you use a tunelling service like ngrok).
Open your website that has facebook login implemented and logg in with your facebook account that is also linked to the target instagram account and also is admin of your test-app.
get the access token from the response to call the other API endpoints.
Related
I'm building an app which acts as a simplified layer of the Facebook Ads manager. It can create ads trough the Facebook marketing api.
There are also other services such as adespresso or manychat which offer such a service.
Now I'm wondering about the following: when a user in my app authenticates, I get a short-lives user-access-token. As far as I understand the documentation, there is no way of refreshing this token. The user would need to login again.
When I look at the above mentioned apps however, I stay authenticated. I don't have to re-authenticate each time I'm using the app. So does anyone have a suggestion of how to do it like them?
I've written a Python script to pull performance metrics data from the Facebook Graph API for a connected Instagram Business account. It's a script which runs locally and uses my account's credentials.
I've submitted an App Review selecting "No" and "App doesn't use the Facebook Login dialog." for the "Is a Facebook reviewer able to access or login to your app to verify you're using permissions or features according to Facebook Platform Policy?" and "Why isn't a Facebook reviewer able to access or install your app? Select the option(s) that best describe the functionality of your integration." questions.
However, it's been rejected with the following reason given:
"We found that your app's test credentials did not allow us to fully review the content of the app or there were no test credentials provided for us to review. If your test credentials do allow access, check that the account is setup properly to provide us with full access and to allow us to reproduce the use case steps."
I followed the steps from the Server-to-Server App Sample Submission. I've explained why each permission is required and uploaded a screencast of accessing the relevant endpoints.
Is there something I'm missing?
I tried 2 way, one in the Facebook Developer site find permission request with this name, I couldn't find it.
add as a 4th parameter to the Facebook Login Button, it did not help
<FacebookLogin
appId={fbAppId}
autoLoad={true}
fields="name,email,picture,pages_show_list"
onClick={this.componentClicked}
callback={this.responseFacebook}
/>
Do you have any other idea?
The Facebook API works like this,
Development Mode: For development mode you can try to access pages which were associated with the account in which app created. So, that pages associated with that user can be accessible. You can retrieve the pages using following link,
https://developers.facebook.com/docs/graph-api/reference/user/accounts/
Live mode: In case of live mode you need to create a video of snapshot using your development mode functionality and get "pages_show_list" permission approved. Then you can access the pages details associated with authenticated users.
For login button you can try like this,
fb:login-button size="large" scope="public_profile,email,pages_show_list,read_insights,manage_pages" onlogin="checkLoginState();"
which gives you token and use that token to get pages associated with user account.
If you are using the js SDK of Facebook then there is an option to ask permission through SDK functions.
FB.login(function(response) {
// handle the response
}, {scope: 'public_profile,email,..other persmissionlist'});
Note:-
Use this concept only when your app is in the testing phase and
wants to create a request for permission in App Review or there are
some permissions enabled but you want only a few.
Use this approach with Test users only.
Reference link:-
https://developers.facebook.com/docs/facebook-login/web#re-asking-declined-permissions
I'm developing a mobile API and I would like to allow mobile users to log in to my mobile application using their Facebook account.
I've been struggling to find some detailed information regarding this request. Could someone point me in the right direction? I'm using the following Laravel package for OAuth2:
https://github.com/lucadegasperi/oauth2-server-laravel
As I understand, the user clicks the "Login with Facebook" button and then proceeds to authentication. Facebook provides the access token as a result. But how does a user account appear on our server? And to my knowledge, it is our server that should provide an access token which is tied to the user account on our database. Could someone clear this up?
Have you looked at the Facebook mobile sdk guides?
iOS: https://developers.facebook.com/docs/ios
Andriod: https://developers.facebook.com/docs/android/
The package you mention looks like it performs oAuth authentication, and I don't think you need that. If I understand correctly, you should be able to use the Facebook sdk to perform the authentication and tell your app that the user is authenticated. You will have to create a user account for them (for example, add a record to the users table in your database) and store their Facebook ID.
Consider the following situation: internet provider has a selfcare site that is integrated with facebook, i.e. user can login toselfcare site using his facebook credentials.
However, when user has not paid for the internet access, he is limited to the provider's only sites (ex. selfcare.provider.com). In this case, facebook integration stops working due to access restrictions.
Question is: is there a way of restricting access to facebook in such a way, so that only login can be enabled?
You want to allow users to authenticate against your app without allowing them to access Facebook itself?
I don't think that will be possible short of applying some custom logic on your end to try to determine if a request to Facebook is for login purposes or to access Facebook itself - there's no API for this.