I'm making a messenger bot which is currently in development mode. When I write a message to my Facebook page from my account (which is in Administrator role), I can't get a reply from my app.
I'm sending the following JSON encoded data to Messenger:
$data = ["recipient"=>["id"=>$recipientId], "messaging_type"=> "RESPONSE", "message"=>["text"=>$message]];
$json = \json_encode($data);
To this endpoint:
$prefix = 'https://graph.facebook.com/v2.6/me/messages?access_token=';
$url = $prefix.env("FACEBOOK_PAGE_ACCESS_TOKEN");
And get back the following message from Facebook:
{"error":{"message":"An active access token must be used to query information about the current user.","type":"OAuthException","code":2500,"fbtrace_id":"..."}}
This is completely the same way as in the Messenger API documentation, that's about sending messages.
I'm not trying to query any information, just send a message back to the user.
Is the endpoint incorrect in the docs? Did developers.facebook.com generate invalid page access token? Do I need some additional setting? Help me clear this up this confusion, please.
Facebook has recently invalidated access tokens of more than 50m users. You've been probably affected. https://techcrunch.com/2018/09/28/facebook-says-50-million-accounts-affected-by-account-takeover-bug/
Related
When trying to create app requests through facbeook http graph api I'm getting the error "(#2) Failed to create any app request".
As described in the documentation (https://developers.facebook.com/docs/graph-api/reference/user/apprequests/) I'm using the URL https://graph.facebook.com/{userid}/apprequests setting in post the access token, a title and a message. I've tried different combinations of parameters just to check if I needed anything else, but just if I remove access token and/or title I get different errors.
In addition to that, if I use my own userid, instead of other userid (obviously a friend) that I want to send the request to, there's no error at all, but no request is created.
I don't think it may be related with permissions because both users (source and destination of the request) are admin, developer or tester of the app.
Thank you
Just in case anyone needs it, the problem is that user apprequests can only be created if using any facebook ui methods. That's why in this thread Apprequest of Android Facebook sdk 3.0 comment 1 advices to use webdialog instead of sending the request in code.
More on this topic, I've been researching and I found out that I started with my app really long ago (using API lower than 2.3) so I didn't need to set the category as "game" to be able to send apprequests. I updated its category and after multiple tests I've found the following scenarios:
Javascript API works correctly to send requests in my app
Graph API fails to send requests if using user auth token getting the same error as before
Graph API is able to send requests if using app auth token (from app_id + app_secret)
As far as I've read, there's no limitation in using either kind of auth tokens for apprequest calls.
In addition, my app will be running in web, desktop and mobile. The scenario in which I'm using graph API directly is desktop for obvious reasons (there's other APIs tor the other platforms). As recommended in the FB api documentation, the app secret should not be included in binary code deployed to users, so I would need to use the user auth token.
Any help would be apreciated
Thanks
I've seen several questions regarding this topic in stackoverflow, but I could not find a bottom-line answer to this question.
I have a Facebook app.
I have a website to which users register using their FB account.
I would like to be able to get public posts from users' feeds using Facebook's API when the feeds update, even when the users are not logged into FB or into my website.
I was able to successfully subscribe to FB real-time updates.
I was able to see a user's public posts in http://www.facebook.com/<uid>/feed.
I tried to access https://graph.facebook.com/<uid>/feed - I got "An access token is required to request this resource.".
So I created an app access_token (using https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=APP_ID&client_secret=APP_SECRET).
I then tried to supply the app access_token I received when accessing the user's feed: https://graph.facebook.com/<uid>/feed?access_token=APP_ACCESS_TOKEN.
This time, I didn't get an OAUTH error, but just an empty JSON array: "{ "data": [ ] }"
The user in question gave the following permissions to my app: "email,read_stream,export_stream" (using the scope parameter in the FB.login API call).
At the moment it seems to me that the only way to get a user's feed via API is to wait for the user to log back into my website, get a user access_token, and only then make the calls.
I would appreciate it if anyway could confirm the above conclusion, or even better: let me know what I'm doing wrong...
Thanks!
Whenever my app shares things with facebook through the opengraph objects/actions, the outgoing link that appears on facebook has a code= parameter with a very long hash. What is this? What does it do? Is there any way to get rid of it?
If your app has Authenticated Referrals turned on, the code query parameter should be the Auth Token used during the OAuth authentication process.
Your server should be able to basically send this AuthToken back to Facebook and get the Access Token associated with it...
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=YOUR_REDIRECT_URI
&client_secret=YOUR_APP_SECRET
&code=THE_AUTH_TOKEN
You can read more about Facebook Server-Side Authentication. here
We are getting troubles using Facebook Connect Graph API within a SharePoint Portal, We are facning problems while getting Access_token from cookie.
before, it was gotten from cookie and It did not come encripted like 'AAAD4Ta4Jx2MBANUYTxUZCAj6vgwON1SmgUZCpyYZAFDPj9eN679kaTuG7' but one week ago the code we get comes with that extrange format and it is not possible to get info of the user.
now, we have changed the way that we get access_token bye sending the encripted code to https://graph.facebook.com/oauth/access_token?... but we always get a bad request.
Could you please indicate us. what have changed in this API recently, why did it use to work before and not now.
Facebook is now sending encrypted access tokens as part of their switch to SSL and Oauth2.0. This is mentioned on their Facebook Roadmap. They work just like normal tokens. Use that token to call /me to get the users info, as you can't parse the user id from the token anymore.
I feel like every second question i ask here is relating to Facebook Connect - that says a lot about their API. Anyway, that's politics, i digress..
I'm trying to pull back user details from the Graph API for use in my application (which is an FBML external website - JavaScript SDK for authentication).
I have requested the following permissions from the user: (using the regular dialog)
publish_stream
email
This works, and allows me to post to the user's wall, and grab their email from the Graph API.
But when i do a HTTP GET Request to the following URL:
https://graph.facebook.com/uid?access_token=oat (where uid = the user id of the user i'm attempting to grab details for, and oat = the OAuth token i have).
All that comes back in the JSON is the User ID (which i already have, since im putting it in the URL), and the email.
Why can i not get things like first name, last name, locale, etc?
Am i using the wrong URL? Is my OAuth token wrong?
I'm getting the OAuth token from here:
https://graph.facebook.com/oauth/access_token?type=client_cred&client_id=myappid&client_secret=myappsecret
UPDATE:
It looks like the issue is my OAuth token.
Because when i go to the docs: http://developers.facebook.com/docs/api
And use the sample OAuth Token for the user im trying to retrieve, it gets all the details.
Anyone know what is wrong with my OAuth token call?
So, i was using the wrong URL for the OAuth Exchange. It needed to be this:
https://graph.facebook.com/oauth/exchange_sessions?type=client_cred&client_id=myappid&client_secrete=myappsecret&sessions=userseshid
The URL that i WAS using was as per the doco, the above one that works is nowhere to be found.
I'm at the point with FBC that i no longer care about the how, if it works, be thankful that it does even that and move on.
EDIT:
Also, i was wondering why the Graph API calls would "stop" working for no reason.
The answer is i needed to compare the Session Key used to obtain the OAuth token, with the Session Key currently in the cookies. If they are different, i needed to get a new OAuth token.
The session key used for any OAuth token is part of the actual OAuth token:
aaa|bbbb|cccc
Where bbbb is the session key. So i just compare that before doing any Graph API calls.