I have read Business verification required as part of my app review but i have some more questions about the process.
My app uses the two default permissions (email, default) and Page Public Content Access, and I was wondering why i am getting the app business verification part, since I dont feel i need to verify a business for this. For ex. in the link above the person asking wanted user_friends, and in the https://developers.facebook.com/docs/facebook-login/changelog it states that that permission requires both app and buisness verification. My question:
Why am i getting a business verification requirement? Is it because
of the Page Public Content Access? I cant find a full table that
explain which permissions require both an app review and a business
review. Or am i getting it because in the settings for the app under Business Use i
selected that my app supports other business. My app maps events
from the facebook pages of restaurants and clubs , so it sounded to
be that it supports the other businesses rather than supports my own
business.
Related
I've been using the Facebook API to post automatic updates on one of the pages I own using the pages_manage_posts permission. At that time (around 2018), I also wanted to use the user_friends API, but I gave up on it since it required business verification.
Today I received an email that says the following:
Your app currently has access to one or more privileges that require business verification, but this app is not currently associated with a verified business.
If you do not associate your app with a verified business or complete business verification, the app will lose access to the following privileges in 90 days: pages_manage_posts
Do I understand it correctly that without a registered business, I can no longer use the API to programmatically post on my own page? I really hope that I'm wrong, and if I am, please tell me how to do that.
If that's relevant, I'm using PHP by following this guide.
How can I get an access token and an app token?
I have registered my app through this site https://developers.facebook.com/ I chose "business"
What do I want?
I want to get an access to posts of groups/users and comments. At first itll be enough if I will have an access only to open pages. Im not a company and when I tried to get it through the graph api (https://developers.facebook.com/tools/explorer/) I got the following error 'This endpoint requires the 'pages_read_user_content' permission or the 'Page Public Content Access' feature'. I chose these items(Facebook App->my app; User or Page->App token).
I tried to get these permissions in the admin interface of my app in FB in this section "Permissions and Features". Having send these requests it was written "You will need to complete this step in addition to App Review before you can access live data.
Business verification: You'll need to connect your app to a Facebook Business Manager account and upload an official document showing your business or organization's name and physical address.".
As I mentioned before Im not a company. May someone recommend me what to do next? Should I create a new app and choose something else instead of "Business"? Or should I send a request to the FBs support and explain to them my situation, if "yes", how can I find this support contacts? Actually I didnt find support contacts on their site, only the community form and their support associated with payment questions.
I tried to ask in their official community, but they didnt answer for 17 days
https://developers.facebook.com/community/threads/224348066049560/?post_id=224348069382893
We have a simple app that summarizes the total number of mentions your instagram account gets using the IG-User/tags endpoint on the graph api (https://developers.facebook.com/docs/instagram-api/reference/user/tags/)
The pre-requisite of the app is the user has their fb account linked to their IG - Business or IG - Creator account.
Unfortunately every time we've submitted it for review so far it has come back with the same comment from FB:
"Although we were able to login to your app using the Facebook Login authentication, we were unable to test the steps to connect an Instagram business account. As a result, you'll need to implement an integration flow for an end user to connect their Instagram business account(s)"
Now as I understand it there is no way I can get the user to link their IG account to FB or to a FB page using the API. The "link account" action is purely handled using the Instagram app. Or am I missing something here.
Well after 3 weeks of back and forth with multiple seemingly segmented facebook support teams I have been able to get this permission from them.
Turns out that there's an unexplained flow here:
This is verbatim from the information I received from their chat support (but is not found anywhere in the documentation)
"You have needed to provide Test Users on your App Dashboard, grant the test user the Instagram_manage_comments permission and then provide us with the login details. We would then link that to an internal Instagram Business Account."(sic)
The part where they link an internal business account to the test user happens on their end and outside the scope of the app. I confirmed this and even then I failed the review multiple times because apparently the steps to approve IG business permissions have not been standardized yet and sometimes the approver simply doesn't know what needs to be done. It's a strange state of affairs and the answer it seems is to just keep pushing.
I'm having the same problem and looking forward to see some comments to your post since the first day. But I started to think it will never come.
I believe they want a new user to start with minimum permissions (which is the email permission) and add other permission only as they are needed. This requires a mechanism in your app that guide a new user logged in with only email permission to give other permissions (e.g. taping a button that opens up user’s IG business account needs instagram_basic and manage_pages permissions. Or taping “post comment” button needs manage_comments permission.) So your app should open up a window that the user can give permissions when any of these events fires. (or when user decides to take permission(s) back)
This is what I understand from “steps to connect an Instagram business account”.
But I am not sure if my understanding is correct. I would definitely like to hear if you found any solutions.
I'm also having the same problem as you as I'm developing similar service to IGBlade (https://igblade.com) & Social Blade (https://socialblade.com).
I'm beginning the wonder if I should change my app review request so that I would inform Facebook that the permissions my app is requesting work serverside and therefore there's no need to implement an integration flow for an end user to connect their Instagram business account(s) to my app.
Any thoughts?
Here is what I have done to get the approval
Create a Facebook test user with correct permissions
Log in with this user
Create a Facebook Page
Edit settings on Facebook Page and add Instagram Business account (personal one)
Submit Facebook review with both credentials (Facebook test user + personal Instagram user).
Wait for review and do not forget to change your personal Instagram user password after the review.
Facebook provides an OAuth authentication system for third-party apps but they appear to not provide any fine-grained user management capabilities.
This seems like a security problem. I need to be able to:
Disable delete unused accounts
Disable or delete abusive users
White list users for early access to a new app.
But AFAICT FB provides no tool to do this.
I can probably hook of of the OAuth ID and put an entry in my database for the first two requirements, but I can't figure out how to white list Facebook users.
Google is unhelpful because all the results are about let users manage applications their user account is attached to, and nothing about allowing apps to manage what user accounts they are attached to...
Usually is a bad idea to delete or disable unused accounts, because maybe user was inactive for a long time, this doesn't mean the user deleted or disabled his account.
On the other hand, you can't avoid malicious users join your app via facebook authentication. What you can do is to detect suspicious activities with your own implementation (after Facebook accept them to join your app), and suspend, block or disable those accounts on the server (blacklisting them), after the user has joined client-side and sent the required access-token (optionally request the ID) trying to be accepted by the server.
Whitelisting users may depend on the requirements of your application, you can check profiles data and reject those that doesn't provide the requirements that your app needs (remember to ask the user for the fields that your app requires, like public profile, pictures, etc; these must be accepted by the user before signing in).
Here's how you white list users for an app on Facebook:
Keep the app in Development mode
Add users from your friend network in the Testers role
When you are comfortable, open your application to the world.
AFAICT you cannot white list when your app is published, but that's the point of publishing. Also the whitelist is not a request-grant method, it's invite only.
The other requirement to delete or disable users you must handle yourself in your database. You would tie the user's status to the FB's unique ID.
I am working on a requirement where I need to collate information from a persons social media profile into the application mainly LinkedIn, Facebook, Google and Twitter.
The app has the email ID provided by the user. Assumption is of course that the person uses the same email ID across all the services.
My initial gut feel is that I need to ask the my user to login into my app using their Facebook / Google / Twitter ID and once he is authenticated, the corresponding API can then give their information. However, I am not sure if this approach would be feasible for multiple providers i.e. I need info both from Facebook AND Google+ for example
Alternatively, is it possible to use the API's of any of these Social Media applications to map the email ID I have to a user in those applications and then to get the user's public information?
Also, is anyone aware of any 3rd party products / API's which can help provide this kind of identification? I have heard of Rapleap (www.rapleaf.com) but the profile data provided by them does not seem to have social media related information that I am interested in.
Note : I have never worked on anything related to social media in the past and hence if there is some faux pas in what I am trying to do, please feel free to point out the same.
I'll start by assuming that when you say "email ID" you actually mean "email address" which in turn is the user id for those social media networks
is it possible to use the API's of any of these Social Media applications to map the email ID I have to a user in those applications and then to get the user's public information?
Yes and No. In order to request profile information from of these social media networks (let's called them just "providers") your app will need to request it on behalf of the actual user. That is, the user will need to authenticate itself with these providers through your app. For this to happen, the user will need to provide a minimum amount of information (email and password) and your app will need to authenticate as well...usually through OAuth or a native API by specifying an already issued "App ID" (or Client ID) and an App Secret. This is information you should receive by these providers once you have successfully registered your app with them.
is anyone aware of any 3rd party products / API's which can help provide this kind of identification?
I'm not too sure and this is out of the scope of Stackoverflow...but, do you really need to add another abstraction layer in your project? Another dependency? Consider interacting directly with these providers, you have more benefits
So, basically, your app will have to get the user to supply his/her credentials in order to request this information. In the case of OAuth, your app will never see these credentials because the authentication process happens outside your app, all your app will receive is an access token to request the information that is available within the scope of the access token. By that I mean, you have to request specific permissions. There's a lot of information available on the developer's site of these providers and I'm sure you'll get around it without any problems, but feel free to ask if something is not clear enough.
There's a way to get user information from sites like facebook,google,linkedin,yahoo etc by using their OAuth service. For this you need to develop your application to include OAUth Service from any of these sites and allow the user to log into any of these services and choose what all data they would be interested to share for using your application.
Again, you will have to configure your facebook/etc application to include options for the users to select while logging in.
It really depends on the social media account. Some sites allow you to search by email, but this assumes that the email address you have is the same address the person used for the account. Others do not. What I would do is identify the sites which allow you to search by email, and go to those sites and search. That is the most straightforward way.