Marketing API - System user permissions missing, using dev tier - facebook

We implemented the Marketing API into our company's order management system to automate the creation of ad campaigns. A system user was created with the proper permissions, and the integration has been working. We're only using the API for our own ad account and pages, which we of course own. The "Facebook App" is set to live mode and has been for a couple weeks now.
But starting sometime today, we have been getting errors saying that the ads_read and ads_management permissions are required. And sure enough, they are indeed missing from the access token for the system user when I use the access token debugger.
What would have caused the system user to be missing these permissions all of a sudden? We are still on the dev tier and have only recently reached the 1,500 calls required to request standard access. That's the only thing I can think of so far, but is that the reason we suddenly don't have the proper permissions, or could it be something else? I haven't read anywhere in the documentation that we would lose these permissions upon reaching 1,500 calls, and I was planning on requesting the standard access next.
Also, I have read in various spots: "You do not need to submit your app if it will only be used by you or by a reduced number of people." That is actually our case, as we are only using a system user for the API calls, and there are only a few users tied to the Facebook ad account. So, do we need to submit our app for review?
Thanks in advance.

Related

Post to my own page using the Facebook API without business verification

I've been using the Facebook API to post automatic updates on one of the pages I own using the pages_manage_posts permission. At that time (around 2018), I also wanted to use the user_friends API, but I gave up on it since it required business verification.
Today I received an email that says the following:
Your app currently has access to one or more privileges that require business verification, but this app is not currently associated with a verified business.
If you do not associate your app with a verified business or complete business verification, the app will lose access to the following privileges in 90 days: pages_manage_posts
Do I understand it correctly that without a registered business, I can no longer use the API to programmatically post on my own page? I really hope that I'm wrong, and if I am, please tell me how to do that.
If that's relevant, I'm using PHP by following this guide.

Facebook Graph API error #272

I'm building an application that needs to read Facebook ads information and I'm running into an issue, which to me seems strange.
When I access the campaigns for my adaccounts using https://graph.facebook.com/v2.10/me?fields=adaccounts{campaigns} it works and I can see the campaigns and their properties.
When I change the request to access the campaign to https://graph.facebook.com/v2.10/[campaign_id] it results in an error which says:
(#272) This Ads API call requires the user to be admin of the application. User is not admin or developer of this application.
I can see the properties of the campaigns using "me" as the first Node in the request.
Any idea why can't I access the campaign using a request where the campaign is the first Node? What could be the reason behind this problem?
I've read many posts on this and I found that this is most likely a permissions issue or token issue.
First of all, could you please try to login as the user, and then go to Facebook Ads Manager or Power Editor to check if the user still has permissions on the account?
If you can still see and edit the ad account, then you would need to report this issue at https://developers.facebook.com/bugs/ instead.
This could also be one of the explanation.
This may be due to your ad account is inactive or in a bad standing. Additionally if your access level of your ad account is in development level these types of errors may occur. please go through what's mentioned on the doc here If you upgrade your account to basic or standard access levels this will be solved.
On development access level only end to end workflows are suggested. The following text is extracted from facebook documentation.
The development access level is designed for development purposes and
is ideal for people who are just starting to build out their tool. In
this level, you would not yet have customers using your tool. This
level is open to all developers, and is intended to build out
end-to-end workflows on the API before you get full permissions.

Facebook Marketing API Authorization

I'm building an internal app for a client of mine (an ad agency) who wants to do ad performance reporting for about 30 of their clients. Part of this project is to pull down performance metrics from Facebook Ads for these 30 clients.
I've created a Facebook App and got a development token. With this token, I've been able to get the technical part of the project working -- I can pull down the metrics just fine using Facebook's Marketing API.
My question is about authorization and authentication. I'm thoroughly confused by Facebook's mechanisms for this.
What do I need to do to get access to Marketing API metrics for these 30 clients?
Do I need to publish a Facebook App? If so, do I need to go through the approval process? This seems kind of crazy because Facebook wants a login so they can test things out, but the product is strictly internal so there's really nothing they can log in and see.
I guess another question is: Is there another way I can get access to these 30 clients? With Google Adwords, it was easy. I just used oauth and am granted access as needed. Is there a simple way like that with the Facebook Marketing API?
You need to submit your app for review, if you want to be able to ask all users for the permission.
If your app is used by a limited number of people only, that you can add to a role in the app - then they can be asked for all permissions, even without review. This is mainly for testing purposes, but Facebook has it documented as a kind of “loophole” for apps that are only used by a limited user base. https://developers.facebook.com/docs/apps/faq#faq_180362122361921

Facebook app fetching ads reports from business account

I can't figure this out, I hope someone here can point me in the right direction. I've searched for an answer but was unable to find it.
I want to create a Facebook app which would manage ads (download ads reports and statistics). I've got user account, registered as developer, created and whitelisted the app. I've got only Development Access and that means means I can query only ad accounts owned by the admins of the app, set up in the account list associated with your application.
Problem is that the account with ads is a business account so I can't add this account as part of developers team and get the statistics. I get permissions errors when trying to access the business account (I have access token and everything, it just won't let me see the ads data due to insufficient permissions).
Is there a way to do this without applying for Basic access (not sure if I'll get it since the app is not done)? Can't I really somehow connect my developer's account with that business account?
About access limits: https://developers.facebook.com/docs/reference/ads-api/access/v2.2#limits
Seems like this is working correctly - you can build and test the app against accounts administered by your app's admins/developers at first
Once it's working you can submit it for approval to the Basic access level, where you can manage more accounts, including those belonging to users who aren't admins/developers of the app
There's more information about the access levels and how to move between them in the Access levels dovumentation

How to avoid bad user experience when adding new permissions to Facebook app?

Whenever a permission error occurs on facebook, developers are forced to 1. identify that this is actually happening, 2. ask the user to re-login.
This is a terrible user experience, and I'm surprised that Facebook even allows it to exist.
Is there any way to easily add a permission to a session? If not, are there any ways to make this easier?
So let's put it this way:
I authorized your app with only basic access (no permissions, perms or scope).
You automatically added the email permission without my permission
I started receiving emails (spamming?) from you which is the worst scenario OR
You have simply gained access to my email!
Facebook respects user privacy (actually it's a primary goal) and while they are trying to provide developers with the best technologies, methods and APIs to maintain the best experience there are things they can't avoid.
Each action your application want to make to the user OR on his behalf must be approved by the user and it should be clearly stated when the user approves it.
I've chosen the email permission for a purpose here, because the user may choose NOT to share his personal email with you directly (in which case Facebook will give you a proxied email). This is how far Facebook is thinking and trying to keep the user trust on them (before you!)
Just a small note, handling (any) API provider errors and adopting it's behavior is part of your job. And trust me, Facebook users have been installing millions of apps for years now and they are used to this behavior.
So try making your application as engaging as possible, make use of the Graph API, Social Plugins and Channels. And you'll perform just fine.