I have a mobile application, we implemented a Facebook Login as one of the different ways to register and log users in, now Facebook asks for "Data Deletion Request Callback" which will delete Facebook data if the user removed the app from his Facebook account.
the question is what data should I delete (Facebook ID, Image, Email)?
or should I remove his account on my app (that will cause a problem with my data)?
not sure how Facebook reviews, Approve or disapprove goes, can anyone share his experience about this?
Related
We have a simple app that summarizes the total number of mentions your instagram account gets using the IG-User/tags endpoint on the graph api (https://developers.facebook.com/docs/instagram-api/reference/user/tags/)
The pre-requisite of the app is the user has their fb account linked to their IG - Business or IG - Creator account.
Unfortunately every time we've submitted it for review so far it has come back with the same comment from FB:
"Although we were able to login to your app using the Facebook Login authentication, we were unable to test the steps to connect an Instagram business account. As a result, you'll need to implement an integration flow for an end user to connect their Instagram business account(s)"
Now as I understand it there is no way I can get the user to link their IG account to FB or to a FB page using the API. The "link account" action is purely handled using the Instagram app. Or am I missing something here.
Well after 3 weeks of back and forth with multiple seemingly segmented facebook support teams I have been able to get this permission from them.
Turns out that there's an unexplained flow here:
This is verbatim from the information I received from their chat support (but is not found anywhere in the documentation)
"You have needed to provide Test Users on your App Dashboard, grant the test user the Instagram_manage_comments permission and then provide us with the login details. We would then link that to an internal Instagram Business Account."(sic)
The part where they link an internal business account to the test user happens on their end and outside the scope of the app. I confirmed this and even then I failed the review multiple times because apparently the steps to approve IG business permissions have not been standardized yet and sometimes the approver simply doesn't know what needs to be done. It's a strange state of affairs and the answer it seems is to just keep pushing.
I'm having the same problem and looking forward to see some comments to your post since the first day. But I started to think it will never come.
I believe they want a new user to start with minimum permissions (which is the email permission) and add other permission only as they are needed. This requires a mechanism in your app that guide a new user logged in with only email permission to give other permissions (e.g. taping a button that opens up user’s IG business account needs instagram_basic and manage_pages permissions. Or taping “post comment” button needs manage_comments permission.) So your app should open up a window that the user can give permissions when any of these events fires. (or when user decides to take permission(s) back)
This is what I understand from “steps to connect an Instagram business account”.
But I am not sure if my understanding is correct. I would definitely like to hear if you found any solutions.
I'm also having the same problem as you as I'm developing similar service to IGBlade (https://igblade.com) & Social Blade (https://socialblade.com).
I'm beginning the wonder if I should change my app review request so that I would inform Facebook that the permissions my app is requesting work serverside and therefore there's no need to implement an integration flow for an end user to connect their Instagram business account(s) to my app.
Any thoughts?
Here is what I have done to get the approval
Create a Facebook test user with correct permissions
Log in with this user
Create a Facebook Page
Edit settings on Facebook Page and add Instagram Business account (personal one)
Submit Facebook review with both credentials (Facebook test user + personal Instagram user).
Wait for review and do not forget to change your personal Instagram user password after the review.
I want to integrate a Facebook page to ServiceNow.
I created a page with my personal account and an app on developers.facebook.com to extend my access token for 60 days. I made the REST connection successfully and was able to pull the posts and comments on that page into the database of the ServiceNow table.
Subsequently, my profile was blocked for a couple of days and I was informed the app that I made was violating certain Facebook policies. But after submitting the ID, it got reactivated. Then I made some test users so that I could comment on any post of that page to check if that comes into the ITSM database.
However, when I login through a test user, I cannot see the Facebook page associated with my personal Facebook profile.
I need to know how can I see posts of my page through a test user and comment on them. Do I need to provide any specific role to the test user for the same?
I want to create a Facebook app to be used in live events (ie: concerts, conferences, etc).
So the guests would enroll to the event connecting with Facebook Login and asking the publish_actions permission.
The guest will have an Access Card (RFID chip) that identifies himself and links in our database to his Facebook Access token.
Then, during the event, I would like that some actions made by the guests in the event to trigger some actions on Facebook, this actions will be triggered by different applications that communicate with our servers, our servers will comunicate with Facebook API to trigger actions on Facebook.
So when the guest does check in at the event, his Access Card is scanned by the event staff, and then should automatically post a message on his timeline indicating that he is at that event, sharing a link with more details about that event.
We also want to have a physical Photo Booth where the guest has his Access Card scanned, and then takes a picture that should be automatically posted on his timeline too.
So this is not the typical Facebook app flow, as the content is posted automatically by actions made by the user, but managed by our software instead of actions directly triggered by the user himself.
I'm not sure if this kind of application is allowed on Facebook and if it's allowed, how would the review process be done, as this can't be tested using a website or phone app.
Did someone make something similar or knows the best approach in getting this approved on Facebook?
Thank you!
The user MUST login with Facebook and authorize your App. People have tried those things with a specific device where people could login, but Facebook detects multiple logins on one device and may block your App. So the only way is to let people use their own device/smartphone to authorize your App. For example, you could offer them a QR tag with a link to the login flow.
The problem with authorizing before the event and storing a Token is that an Extended User Token is valid for 60 days. So if a user enrolls and the event is 61 days later, the Access Token will not work anymore - unless the User refreshes the Token by visiting your App. So before letting him do this before the event, you can just as well let him authorize the App at the event date.
A specific App for the event is surely the safest way, of course.
My product users are using the Facebbok apps for authorisation and generating Keys and tokens.
When I remove the app, my users are still able to connect and fetch the posts from facebook. How is that..? The old tokens should nto work as I assumed , but they are still working.. Does it takes time to reflect.?
Please help me..:)
If you have made a post to facebook through one of your apps, you can also delete that post from the same app. You need to get the post ID (it will be returned when you sucessfully do a post in the first place). Then issue a "DELETE" request. http://developers.facebook.com/docs/reference/api/post/
If you have deleted the app, or the user posted the items themselves (through a share dialog), or you can't find the Post ID, or the user has revoked the "publish_stream" permission, then the post is there to stay.
When one of your users removes an app from the privacy settings interface, the app's access tokens are invalidated. This should be immediate.
However, nothing stops you from going back into the app and authorising it again, and content produced by that app will still be visible on your Timeline. The other answer here shows how you can delete feed stories made by the app, if you want to do that for some reason.
Also, check your users aren't either removing stories by the app from their feed, or hiding the app from Timeline, neither of which removes their ability to use the app or would invalidate the tokens.
You can also programmatically remove the app from a user's account with a HTTP DELETE request to /USER_ID/permissions using the user's access token or an app access token
We have users that logged in to our website through Facebook Connect. Now we'd like to contact those users about changes as we indicated in the signup process, but we don't have their email addresses. Only their Facebook ids.
How can we contact them? I understand Facebook removed 3rd parties' ability to send notifications through Facebook's API. We can send them a message through the API either.
So I guess we're left with posting to their wall from a user account of ours. I assume there's a low limit to how often we're allowed to do that and is that even permitted? Or we can make an application request from this designated facebook user account which would show up in their notifications.
Finally, we could manually go to the user's profile page and then click the "send a message" button from our facebook user account... A lot of manual work and I assume this is frowned upon as well. Is there an easy way to find out the profile page URL from a Facebook id?
What's the best approach here where we don't break any rules?
If you are getting stream_publish extended permission in your profile then you can simply post on there wall see this http://developers.facebook.com/docs/reference/rest/stream.publish/
Alternatively this can be a better solution if the user do not granted any extended permission
http://developers.facebook.com/docs/reference/rest/livemessage.send/
you should get "offline_access" from the facebook user requests to post at anytime.