Before the data breach at Facebook I had an app that was approved for the user_managed_groups permission. When they changed things my app became useless due to the restrictions on getting the user data from the comments.
I'm seeing now that Facebook has updated the API to allow apps to get that data provided each user of the group provides consent via graph login. I can easily add this to my workflow and provide the group admin a link for their users to consent.
The issue I am facing now is that the group admin must install the app into the group (see this help article for how this is accomplished), but apps cannot be installed unless they are approved by Facebook. This workflow seems like a catch 22: I can't test unless the app is installed but the app can't be installed unless it's approved.
How do I test my app if it can't be installed to the groups?
Test it with a group your app admin is an admin of, and a comment also made by that app admin user, that seems to work for me, according to a quick test in Graph API Explorer. (Comments made by other people with a role in the app probably work, too.)
The app must be in dev mode though, in live mode you will just get the error message saying the app must be installed in the group. If your app is currently in live mode and you can’t set it to dev mode, because you have other features that are in production already, then create a test app version of your app, https://developers.facebook.com/docs/apps/test-apps
Related
I’m trying to automate creation of ad accounts for my own business, and then upload custom audiences into these ad accounts. I wish to do this using a system user.
I have written some scripts to automate this process, but I am unsure how to receive the appropriate permissions from Facebook as I can not create a screencast, as my scripts has no UI. It’s just a collection of scripts.
Some research has a said that if apps only talk to a small number of accounts, you can just leave apps in dev mode to avoid going through app review, but I don’t think that’s possible in this case for the following reasons.
When my app is in dev mode, and I try to POST to https://graph.facebook.com/v7.0/<my-business-id>/adaccount to create a new ad account in my business, I get the error: "(#270) Development access is not allowed to access business API post:Business/adaccount.” OK. So my app has to be live for me to use this end point. If I set my app to Live, and then try to hit this end point, I get this error "(#294) Managing advertisements requires an access token with the extended permission for ads_management”
Then, looking at the permissions screen in my app, it appears I need to submit an app review with a screencast to be able to use the ads_management permission.
Additionally, if I want to use a system user, I can only approve permissions that have been approved by the app review process.
Given that my app has no UI (and nothing to screencast) how should I proceed? Or am I missing a way to do this without going through the app review process?
Facebook as provided instructions on how to submit those kinds of apps here, https://developers.facebook.com/docs/apps/review/server-to-server-apps:
If your app has no user interface because it exchanges data directly with our APIs, refer to this guide when configuring your app's Basic Settings, and when completing App Review.
I have a facebook app and its now in live_mode .
i have the mange_pages permission and need the publish_pages permission to be able to post to the pages https://developers.facebook.com/docs/facebook-login/permissions/#reference-publish_pages.
for this purpose i need to show the reviewer of my app how the user expirence will look like .
my app is ready to simulate the expirence but i cant add the permission "publish_pages" to any of my apps test users https://developers.facebook.com/docs/apps/test-users.
i tried to do it from the developers platfrom and thow the graph-api.
https://developers.facebook.com/docs/graph-api/reference/v3.2/app/accounts/test-users
You can not access all permissions any more using app roles, when they are not reviewed yet, but your app is already in live mode. It still works for many, but for some of the more important ones, Facebook closed that “loophole”.
You will need to put your app back in dev mode, or if that is not possible because it is already in production use, create a test app version of it, https://developers.facebook.com/docs/apps/test-apps
My code is working properly in dev mode, but I can not get approval to use publish_pages or manage_pages. I keep failing every review.
The problem is that the software is to be ran as a cron job and there's really no user interface. This is for an auction website and we want to post a summary of auctions for the next day in our feed.
For some reason they keep saying:
Your screencast doesn't show how the use of this permission directly improves the user experience in your app. Unfortunately we also weren't able to determine this from testing your app manually
Right now, if I have the app in dev mode the post submits successfully, but only my user account can see them, so I've been having to leave dev mode on, let the app post, and then turn the app live.
This is less than ideal. Is there any 3rd party application that has already been approved I can use to post to our facebook page?
It seems like the magic is making sure to mention "this is a server to server application with no user interface" is all that's required to get your app approved. After doing that, it went through without an issue.
So we've developed a Facebook App (and similar apps on Twitter and Instagram) that allow users to post and read content using an external system. We'll sell this integration directly to our clients, so it's a private application.
Basically the user will see a very simple page with a button "Log in to Facebook" and a disclaimer regarding the authorization (we'll use some query params fixed in the url, depending on the client). The client authorize us and we capture the access tokens.
To submit the app review, though, we have to explicitly give a test user to the reviewers, but that's not really possible because the real "action" happens within the integrated systems, NOT within the app itself. And those systems are not public (they shouldn't be).
So just to be clear: our app is basically a very simple "Facebook login" that we use to get tokens, generated by specific clients authorization. It's not going to be published anywhere.
Until we have around 5 to 10 clients we can add the specific users in our app as Testers/Admins/etc, but what if we scale up? Say we have 20 clients. How are we supposed to get our app to be "live"?
To follow the app review steps we would have to create some users in our local systems (we have some dev environments), open them to the internet so the reviewers can log in and see how it actually works? Is that it?
(btw I'm asking this because our app review was rejected twice and I want to make sure I'm submitting everything they ask this time).
Thanks :)
I think the Login Review FAQ answers most of your questions. The key point:
Our review team will actually test how your app uses each permission on every platform you have listed in the settings section of your app.... You'll need to explain exactly how to test each permission or feature in your app so that we can make sure it works and follows our policies. We can't approve your app if we can't fully test how it integrates with Facebook.
In other words, it's not enough to just allow them to log in to your app, you have to expose all Facebook-related features to the reviewer.
To follow the app review steps we would have to create some users in our local systems (we have some dev environments), open them to the internet so the reviewers can log in and see how it actually works? Is that it?
Yes, though I'm not sure what you mean by "open them to the internet". You should be able to create a test user on your local system and link that account to a test Facebook user. Then you can have the Facebook reviewer use that test account for their review. (From the FAQ: "In the Items in Review section, you'll see a Test User (optional) section that allows you to type the name of the user you wish to be used in your review.")
I am using the Facebook API to enable users to register using Facebook. I store their user ID to check whether a user has already registered using Facebook. I have a development environment, a staging environment and a production environment. The development environment and staging environment use a testversion of the actual Facebook App.
Now here's the problem. Even though Facebook says that test apps share the same app-scoped user ids, I get different ID's for the same person, thus disabling users that registered on one environment, to login on another.
How can I solve this problem?
Thanks!
I can verify this behaviour in the case if you production app was created before the introduction of the Graph API v2.0, but created a test app thereafter.
https://developers.facebook.com/docs/apps/test-apps/ states that
Test Apps share the same app-scoped User ID namespace as your
production app making it simpler to debug issues with app-scoped IDs,
or in cases where you use a copy of your production database for
development.
I guess it's something else if the production app doesn't use Graph API >=v2.0. Maybe it would make sense to open a bug with Facebook to verify this behaviour.