Background
I'm building an Ads-Management application tailored towards both marketing / advertising agencies and individual advertisers (users)
To test marketing-api, I have setup a SandBox ad account
The very first thing that I'm testing is creating and uploading of custom audience (CSV file upload) and sharing it across ad accounts owned by different BusinessManagers.
From what I've gathered thus far, creating custom audience has 2 steps
Create an empty Custom Audience
Add (upload) users to a custom audience
For creating an empty Custom audience I follow using the cURL request from docs
curl -X POST \
-F 'name="My new Custom Audience"' \
-F 'subtype="CUSTOM"' \
-F 'description="People who purchased on my website"' \
-F 'customer_file_source="USER_PROVIDED_ONLY"' \
-F 'access_token=<ACCESS_TOKEN>' \
https://graph.facebook.com/v7.0/act_<AD_ACCOUNT_ID>/customaudiences
This gives me
{
"error": {
"message": "Permissions error",
"type": "OAuthException",
"code": 200,
"error_subcode": 1870050,
"is_transient": false,
"error_user_title": "Business Account Needed to Create/Edit This Audience",
"error_user_msg": "To create or edit a Custom Audience made from a customer list, your admin needs to add this ad account to a business.",
"fbtrace_id": "AsMXXXXXXXXXXXXXX-fXXXX"
}
}
What have I done already
Added my App (Test-App-1) to my BusinessManager (Test-Business-1)
Followed this discussion and added a Admin System User (Test-Admin-System-User-1) generated from my BusinessManager to my App
Generated access token (with all ads / business related permissions) for my Test-Admin-System-User-1 to use in API calls
Click on Connect to Business on my SandBox Ad Account and used Test-Admin-System-User to link it with my Test-Business-1 as told here
Where am I stuck
(in addition to the above mentioned error in API response)
Despite having done above mentioned things, the BusinessManager continues to say that my request for adding my sandbox ad-account (as identified by it's account_id) is still pending
And when I try to forcibly redo it, it tells me that
Your business has already sent this request. To follow up on the request, contact the business you're requesting access from.
I must add that I didn't face the issue of having to accept Terms of Service
Facebook - custom audience ToS for sandbox account
How to create a custom audience using facebook api and sandbox ad account?
In other words
I'm not 100% sure if I've accepted terms of service
But since the error I get is different, my best guess is that I must've done it at some point of time (can't recall though)
My questions are
Immediate question: How can I accept the request for adding my Sandbox ad account to my BusinessManager?
Main question(s)
where am i going wrong (understanding gap)?
How to test uploading and sharing custom audience using Sandbox Ad Account
I found a workaround! You can create Custom audiences through the Marketing API using a real, not Sandbox, Ad account. Here's how to do it:
Create or log in to the Business Manager with an Ad account.
NOTE: The newly created Businesses cannot create Custom audiences from the
list of users (Customer list) with names, emails, etc., as they must
run some Ads before this feature is unlocked (Facebook doesn't provide
information about the exact requirements for this). You can open the
Business Manager -> Audiences, then click "Create custom audience" and
check that the "Customer list" option is unlocked for this account.
Log in or create a Facebook app on the Meta for Developers portal. Ensure that your Facebook account with access to the Business (from point 1) has an Admin role on this Facebook app.
Normally, a Facebook app must pass an app review to be able to
create Custom audiences through the Marketing API. But the Facebook
app's Admins can use this API without app review. That's why it is
necessary to have an Admin role in the Facebook app.
Integrate the Login API, log in to your Facebook account, retrieve an access token, and exchange it for the long-term access token (according to Facebook's auth docs). With this long-term access token, you can create Custom audiences for a Business from point 1 using Marketing API.
Related
I'm in the process of migrating our software, which makes requests on behalf of merchants to PayPal using the PayPal SOAP API, to the PayPal REST API infrastructure.
I'm using the Client ID / Secret of my PayPal developer account to get a Bearer token from the Sandbox, using https://api.sandbox.paypal.com/v1/oauth2/token.
Then I'm doing a call to https://api.sandbox.paypal.com/v2/checkout/orders, using our the bearer token just got, to make requests on behalf of a merchant. I'm using the PayPal-Auth-Assertion header with the following (encoded) JWT-Token:
Header:
{
"typ": "JWT",
"alg": "HS256"
}
Body: {
"email": "[merchant e-mail]",
"iss": "[my client id]"
}
The "merchant e-mail" is one of the sandbox accounts I opened in https://developer.paypal.com/developer/accounts/
In return I get a (400) Bad Request {"error":"invalid_request","error_description":"No permissions to set target_client_id"}.
It seems like there must be an additional step for the sandbox account to grant permissions to the developer account. For the SOAP API, I could add the user name of a 3rd party in the following screen . Then I could use the same username as header value for X-PAYPAL-SECURITY-USERID. However, I cannot seem to link the sandbox account in the same way, because there is no "third party username" for the main account (the one I'm getting the Client ID from).
What exactly has to be configured to allow these types of 3rd party calls for REST API?
I'm using the PayPal-Auth-Assertion header with the following (encoded) JWT-Token:
You need to be a PayPal partner to be using that type of functionality. Contact PayPal if you want to be a partner.
If you want to use their generally-accessible APIs, you have two options.
Have every merchant create their own REST API App via https://www.paypal.com/signin?intent=developer&returnUri=https%3A%2F%2Fdeveloper.paypal.com%2Fdeveloper%2Fapplications , and copy paste their live client ID and secret into your configuration. This is the best solution, and it is the solution you should pursue.
Use the payee object: https://developer.paypal.com/docs/checkout/integration-features/custom-payee/ , which gives you less control (cannot capture authorizations or issue refunds, for example)
I am working to build an application which would be able to create custom audiences for many of our clients for facebook ads. I came to know that the most suitable access token for this purpose is system user token (correct me if I am wrong). To get regular user access tokens, we can make a user go through the traditional oAuth flow, I am looking for something similar to get system user access token. How can I get it for any of my clients? Thanks
You must create your system users in the Business Manager of your company:
https://business.facebook.com/settings/system-users?business_id=<YOUR_BUSINESS_ID>
Once you create a system user, you can generate a token for him associated with a given app.
Meanwhile, on your business settings (as stated in the docs) you can request access to an ad_account.
Request Access to an Ad Account: If you request access to an ad
account in Business Manager, the admin of that Business Manager can
grant you permission to work on it.
Once your client gives your Business permission to work with one or more of their ad_accounts, those ad_accounts will appear in your Business Manager. (menu on the left).
At that point, when checking the profile of your system users, you can click on assign assets to give the system user access to pages and ad_accounts.
The token you generated for the pair [system_user,app_id] does not need to be reissued to reflect the addition of assets to which the system_user has access.
We're currently working on a project that requires the users' accounts to be linked to one of our client's services via the oAuth2 authorization flow.
However, there is the possibility that tokens expire before the expires_in duration that's returned with the token from the oAuth2 token endpoint, or that the user simply revokes the token/authorization. In that case a new token needs to be fetched via the refresh-token-flow, or the Account needs to be re-linked altogether.
Is there some way for us to indicate to Google (in the HTTP response returned by the fulfilment backend, or via some other way) that the access_token is no longer valid and needs to be refreshed, or that the Account needs to be relinked?
For instance, with Alexa, it is possible to return an "Account Linking Card" in the HTTP response along with the actual speech that's read back to the user.
This "card" then starts the account linking process on Amazon's side(even if the Account was already linked before). Is there an equivalent to this in the Actions SDK?
If there is no way for us to indicate to Google that the Account Linking is no longer valid and needs to be redone or refreshed, is there at least some way to programmatically "unlink" an Account (which would then automatically trigger the Account Linking process on the next invocation)?
If I add authentication in Azure Mobile Service with Google as the provider, I go and create an app, get the app_id and secret and plug it in. Great, now users can authenticate with google and get a user token. Now they are considered an "authenticated user" wrt the table permissions.
However, I don't want to authorize everyone with a google account access to my API. Is it possible to limit this to a list of known users? Must I check every request for specific user ids?
Perhaps social login is not the best choice here and I should use something else like Azure AD?
We added custom authentication provider to wams and synchronize the social account with "our" user-account that is stored in the database. For protected web api methods a user account needs to be activated first. You have to check manually whether an account is activated/ high privileged or not and return the result or unauthorized status code.
I decided to use Azure Active Directory to solve this problem. This way, I can create users in Azure AD but not have to manage users myself in the back end. With this choice I am still able to chose the only authenticated users permission level without having to check on every rest endpoint that the authentication users is one of the ones I want to grant access to.
I'm developing web-service, where one users (companies) can receive payments directly from another (company's customers). Currently company need to enter its PayPal username, password and signature to receive payments via express checkout api. Is it normal, that users (companies in my case) will enter their PayPal credentials on remote site or it's secure information? I can't find any information about it. But i found, that some services work in the same way:
http://www.getharvest.com/help/invoices-and-estimates/online-payment-and-gateways/paypal-website-payments-pro
http://support.getresponse.com/faq/how-find-api-login-data-paypal
help.wildapricot.com/display/DOC/PayPal+Payments+Pro
Also i found another way for receiving direct payments - generate button (on the PayPal site or manually), where you need only PayPal email of seller. What the differences between these methods, its advantages and disadvantages?
Yes, they are considered private. Since it grants you access to all API operations, it can also be used to empty your PayPal account.
What I would recommend instead of collecting API credentials, is to use 'third-party permissions'.
This means initially requesting permission from the account holder via a pop-up dialog. Once granted, you'll receive an access token. This access token can then be included in the HTTP header of your API calls to make calls on behalf of the customer.
Your users can either manually grant permissions to you (they'll need to log into their PayPal account and navigate to the right section within their Profile), or, if you want to make it easier, you can implement the 'Permissions API'.
I would suggest taking a look at https://developer.paypal.com/webapps/developer/docs/classic/products/permissions/ for more information.
To get started, sign up for an 'application' with PayPal via https://apps.paypal.com/.
Ensure you request access to the Permissions Service and receive an Application ID.
This will be the AppID for the Live environment. For Sandbox, you can use APP-80W284485P519543T.