I have a website which should list all the events from my facebook group. So I created a facebook dev account and created an app.
When I tried to get the data with the graph API explorer it worked, but the access token expired after a few hours. So I had to get a never-expiring access token.
I created a sytem user at the facebook business manager. With the system user I got a never-expiring access token but I couldn't get the event data anymore. Everytime I tried it I got this response.
"Unsupported get request. Object with ID 'xxxxxxxxxxxxx' does not exist, cannot be loaded due to missing permissions, or does not support this operation. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api"
I have the following permissions as system user:
read_insights, read_audience_network_insights, manage_pages, pages_manage_cta, pages_show_list, publish_pages, business_management
Why did it fail? Are the permissions correct?
Thanks for your help.
Related
I have an app-scoped user id (ASUID) for a Facebook user and I wish to obtain a link to that user's profile page.
A post on Facebook's Developer blog dated May 1, 2018 states that this link is accessible as of Graph API v3.0 through the link field on a user object. Access to this field requires the user_link permission be approved for the app and granted by the app user.
I have attempted to access this field with a user access token associated with my test app and I have verified the access token has the user_link permission granted via the Access Token Debugger. However, the link is not included in the response.
Request:
https://graph.facebook.com/v3.0/[ASUID]?fields=link&access_token=[ACCESS_TOKEN_W_USER_LINK_PERMISSION]
Response:
{ "id": "[ASUID]" }
Is there any indication as to why this is not working?
As documented, the user_link permission requires an App Review pass before it's available to live apps.
At time of writing this answer there is no way to get user profile page using Facebook API.
I am working with Graph API with live_videos edge. As am able to get the response for the live_videos method with the developer account credentials. The app got approved with "publish_actions" permissions and it's live. Even though when am trying to login with other credentials of Facebook account to login and get the response for graph API with Live_videos edge.
I am giving Publish_Actions,email, public_profile permissions. Do I need any more permission to get the successful response and generate the stream RTMP URL for live? It's getting error as:
{"error":{"message":"(#100) No permission to perform current operation.","type":"OAuthException","code":100,"fbtrace_id":"D2bY3K8zhFt"}}
What am I missing?
Based on the doc on Facebook page access token following steps are need to be taken to obtain a long-lived Page Access Token.
Extend the User's Access Token which has the manage_pages permissions
Get the page access token thru the /userId/accounts end point using the extended user access token.
This process is working fine and I am able to obtain and use the page access token properly.
The issue arises when the user grants a new permission to the App - such as 'publish_actions' to allow the App to post on the Page's timeline, the page access token obtained using the above mentioned mechanism does not work properly.
Until about a 6 to 8 weeks ago the new publish_action permission would allow the previously saved page access token to post on the page's timeline without any issue. This feature seems to have broken where I am getting the following error :
{"error":{"message":"(#200) The user hasn't authorized the application to perform this action","type":"OAuthException","code":200
When the access token is debuged using the Facebook debugger tool - it shows that the saved page access token is indeed embellished with the new permission as follows :
App ID XXXXXXXXXXXX : App Name
Profile ID 999999999999 : Page Name
User ID 9999999999999999 : User Name
User last installed this app via API v2.x
Issued 1454463877 (40 minutes ago)
Expires Never
Valid True
Origin Web
Scopes email, manage_pages, publish_actions, public_profile
So although this page token has publish_actions permission it is not able to post on the page's timeline. This has stopped working recently and looking for any other folks who have faced a similar issue and have managed to resolve it.
Btw, I have already tried refreshing the page access token using the newly generated user access_token at the time when the user gives the publish_actions permission. Going the thru the above 2 steps using the new user access token, seem to return the same page access token and it continues to fail to post on timeline...
Any help is much appreciated.
The issue was related to using incorrect permission. Facebook has introduced a new 'Publish_pages' permission which should be used to make posts on business pages. We were using publish_action which was invalid (since v2.3 or somewhere around that - we are using v2.5 of the graph API so it caused a problem).
Facebook responded pretty quickly to our bug report and provided this guidance which helped resolve this issue (I should have posted this answer earlier).
I have an app and a user who has added that app and authorized it with permissions: read_stream and user_status. I've got a node js app running that's trying to make an API call (using only the app credentials) to pull the user's posts but I get the following error:
"A user access token is required to request this resource."
How can this be done without having to have the user login every time I want to pull their feed?
It can't; you need a user access token to access that user's data - the error message is fairly clear about this I think.
Check the Authentication documentation - you should be storing the users' access tokens and using those to make API calls on behalf of those users
There is documentation for test users in the Facebook Developer online documentation but how do you delete actual users where the application doesn't show in their app list anymore? This is with the knowledge of the access_token and facebook_user_id.
Used to delete Test Users:
https://graph.facebook.com/893450345999?method=delete&access_token=A2ADI1YMySweBABBGrWPNwKMlubZA5ZCrQbxwhtlEd9FIQUrOVjsGD3mnIWEbUhzDz7dkuBekMFdHvjvJ9CZAU7EMSSaZBsgN60FkMCi3AAZDZD
Running the test user link produces the following error:
"error": {
"message": "(#100) Can only call this method on valid test users for your app",
"type": "OAuthException",
"code": 100
}
You seek for application de-authorization:
You can de-authorize an application or revoke a specific extended permissions on behalf of a user by issuing an HTTP DELETE request to PROFILE_ID/permissions with a user access_token for that app.
permission - The permission you wish to revoke. If you don't specify a permission then this will de-authorize the application completely.
To achieve this issue request to:
https://graph.facebook.com/me/permissions?method=delete&access_token=...
Once application de-authorized it will not appear in the list of user's applications.
Update December 2021
Follow the reference for Requesting & Revoking Permissions:
To remove single permission issue a DELETE request to /{user-id}/permissions/{permission-name} passing user access token or an app access token
To de-authorize an app completely issue similar request to the /{user-id}/permissions endpoint
Real users 'delete' themselves from your app when they remove your app from their account, you don't have to do anything.
If you would like to know when users de-authorize your app like this, you can specify a Deauthorize Callback URL in your app's settings. As described in the docs at https://developers.facebook.com/docs/authentication/:
Upon app removal we will send an HTTP POST request containing a single parameter, signed_request, which, once decoded, will yield a JSON object containing the user_id of the user who just deauthorized your app. You will not receive an user access token in this request and all existing user access tokens that were previously issued on behalf of that user will become invalid.
UPDATE: To remove your own app from the user's authorized applications, issue an HTTP DELETE to https://graph.facebook.com/[userid]/permissions?access_token=... as per https://developers.facebook.com/docs/reference/api/user/.
Typically Graph API calls also support doing an HTTP POST with an extra parameter, method=DELETE, in case DELETE calls are not possible/supported.
To do it:
You must have the user access token.
Visit https://developers.facebook.com/tools/debug/accesstoken/ and debug the user access token.
Copy App-Scoped User ID
Via API call HTTP DELETE to https://graph.facebook.com/[App-Scoped User ID]/permissions?method=delete&access_token=[YOUR-APP-ACCESS-TOKEN]