We are currently adding Facebook integration to our product. I have set up our product as an app in the developer portal and have added myself as an administrator of that app. I am logging in to Facebook using the OAuth functionality for devices i.e. I'm posting to the "https://graph.facebook.com/v2.6/device/login" endpoint.
We specifically want to be able to upload videos using our app. I am therefore requesting the "publish_actions" permissions. Everything seems to work i.e. Facebook provides a device authentication code and I am able to poll until the user has accepted the request to add our app and once that is done, I receive back an access token.
The problem I am having is when I attempt to initiate a video upload by posting to the "https://graph-video.facebook.com/v2…/1533641336884006/videos" endpoint, I receive the error 200: "Subject does not have permission to post videos on this target". I can't find any information about what could be causing this in the developer documentation.
I understand that once the app integration is completed, I need to obtain permission to use "publish_actions" to allow it to work with Facebook accounts that are not administrators of the app, however I am trying to upload a video to my Facebook account, which is the administrator of the app.
It is my understanding that as long as you are the app administrator, Facebook does not need to approve "publish_actions" and I should be able to upload a video to my page. Indeed I need to be able to do this in order to complete the integration.
Can you advise on what might be going wrong?
Many thanks,
Damien
Related
I've written a Python script to pull performance metrics data from the Facebook Graph API for a connected Instagram Business account. It's a script which runs locally and uses my account's credentials.
I've submitted an App Review selecting "No" and "App doesn't use the Facebook Login dialog." for the "Is a Facebook reviewer able to access or login to your app to verify you're using permissions or features according to Facebook Platform Policy?" and "Why isn't a Facebook reviewer able to access or install your app? Select the option(s) that best describe the functionality of your integration." questions.
However, it's been rejected with the following reason given:
"We found that your app's test credentials did not allow us to fully review the content of the app or there were no test credentials provided for us to review. If your test credentials do allow access, check that the account is setup properly to provide us with full access and to allow us to reproduce the use case steps."
I followed the steps from the Server-to-Server App Sample Submission. I've explained why each permission is required and uploaded a screencast of accessing the relevant endpoints.
Is there something I'm missing?
We have a simple app that summarizes the total number of mentions your instagram account gets using the IG-User/tags endpoint on the graph api (https://developers.facebook.com/docs/instagram-api/reference/user/tags/)
The pre-requisite of the app is the user has their fb account linked to their IG - Business or IG - Creator account.
Unfortunately every time we've submitted it for review so far it has come back with the same comment from FB:
"Although we were able to login to your app using the Facebook Login authentication, we were unable to test the steps to connect an Instagram business account. As a result, you'll need to implement an integration flow for an end user to connect their Instagram business account(s)"
Now as I understand it there is no way I can get the user to link their IG account to FB or to a FB page using the API. The "link account" action is purely handled using the Instagram app. Or am I missing something here.
Well after 3 weeks of back and forth with multiple seemingly segmented facebook support teams I have been able to get this permission from them.
Turns out that there's an unexplained flow here:
This is verbatim from the information I received from their chat support (but is not found anywhere in the documentation)
"You have needed to provide Test Users on your App Dashboard, grant the test user the Instagram_manage_comments permission and then provide us with the login details. We would then link that to an internal Instagram Business Account."(sic)
The part where they link an internal business account to the test user happens on their end and outside the scope of the app. I confirmed this and even then I failed the review multiple times because apparently the steps to approve IG business permissions have not been standardized yet and sometimes the approver simply doesn't know what needs to be done. It's a strange state of affairs and the answer it seems is to just keep pushing.
I'm having the same problem and looking forward to see some comments to your post since the first day. But I started to think it will never come.
I believe they want a new user to start with minimum permissions (which is the email permission) and add other permission only as they are needed. This requires a mechanism in your app that guide a new user logged in with only email permission to give other permissions (e.g. taping a button that opens up user’s IG business account needs instagram_basic and manage_pages permissions. Or taping “post comment” button needs manage_comments permission.) So your app should open up a window that the user can give permissions when any of these events fires. (or when user decides to take permission(s) back)
This is what I understand from “steps to connect an Instagram business account”.
But I am not sure if my understanding is correct. I would definitely like to hear if you found any solutions.
I'm also having the same problem as you as I'm developing similar service to IGBlade (https://igblade.com) & Social Blade (https://socialblade.com).
I'm beginning the wonder if I should change my app review request so that I would inform Facebook that the permissions my app is requesting work serverside and therefore there's no need to implement an integration flow for an end user to connect their Instagram business account(s) to my app.
Any thoughts?
Here is what I have done to get the approval
Create a Facebook test user with correct permissions
Log in with this user
Create a Facebook Page
Edit settings on Facebook Page and add Instagram Business account (personal one)
Submit Facebook review with both credentials (Facebook test user + personal Instagram user).
Wait for review and do not forget to change your personal Instagram user password after the review.
I am not able to get webhook calls when another user post a comment (with mentions) on another/my media.
Just for testing purposes I set up a ngrok server for my webhook endpoint, which always answers with a 200 and handles the verfication. Before the heavy coding I just wanted to see if the webhook workflow for Instagram is generally working.
I created a Facebook app, an Instagram business account, a Facebook page and linked the page with the Instagram business account. With the information at Webhooks for Instagram I created a page access token with the Graph API Explorer. When I debug the token with the Access Token Debugger, everything looks fine. All needed permissions like manage_pages, pages_show_list, instagram_basic, instagram_manage_comments, instagram_manage_insights, public_profile are there. With the page access token I am able to fetch all informations regarding my linked Instagram business account via the Graph API Explorer.
Also the Instagram product was automatically added to my Facebook app. Test requests, which where send via the app dashboard (Webhooks product), will be received by my ngrok server. But any type of mentions or comments from another or my Instagram account (business or not) on my or other medias will not be received. What am I doing wrong? Do I have to send those comments/mentions from a specific account, since the app is in development mode and there roles in the app?
After speaking with the Facebook support, my confusion has been resolved.
The problem is that the Webhook for the Instagram product does not work without a verified app review. I had been wondering how to record a screencast with my running solution, without running webhooks... Above all, I had wondered why the webhooks in dev mode worked for the product messenger but not for instagram (or others). Apparently, the app review is not about the technical implementation but rather about checking that the implementation complies with the facebook guidelines. Therefor I want to quote the Facebook support:
Messenger does allow page owners and app admins to receive webhooks for their implementations in devmode and is by design. However, this is not the same for instagram or pages. This is just how the product teams have decided to implement it. For app review, you can show a mock process of the flow, using either the test webhook or your own process. The app review is less about technical implementation steps, but just a way to make sure that your app is going to use the permission in a way that follows our guidelines, so mocking the procedure should be fine. The reviewers understand that you do not receive webhooks in dev mode and should take this into consideration.
Consequently, I will now have to submit an app review and for that I have to imitate the webhook.
I'm working on a notification web-app that has a Post-to-Facebook feature. Until the (Graph) API v2.0, it worked great. A user would authenticate with their Facebook account, put their token into our app, and we'd use that to make posts to their wall/page for them when a new notification was sent.
We have applied for the permissions we need to use on Facebook's new API (publish_pages, publish_actions, manage_pages). We received a notice that our application was rejected, so we re-worded the same application for permissions to try to clarify what we use the permissions for, resubmitted it, but have been rejected again.
An app that does almost exactly the same thing we hope to do was granted these permissions (we know, because we both work with- and compete with- that app). Until we found out that that app can still publish posts to Facebook, we believed that all requests to repost/automatically post on users' behalfs were being denied because of a Facebook policy change.
We can't figure out who to contact or where to appeal the denial of these permissions. This probably isn't the right forum (since this isn't specifically a technical question about the API), but I can't see where to take this issue next.
Did you have a look at the Login Review FAQs:
https://developers.facebook.com/docs/facebook-login/review/faqs
or otherwise refer to
https://www.facebook.com/groups/fbdevelopers
I wish to access the user's unread Facebook messages in my app. I'm using the Accounts framework. Calling accountStore.requestAccessToAccountsWithType:options: requires the permissions be given as part of the options.
I want to access /{user-id}/inbox stated in their Graph API. This states that the read_mailbox permission is required. Reading the permissions page, it states:
This permission is granted to apps building a Facebook-branded client
on platforms where Facebook is not already available. For example,
Android and iOS apps will not be approved for this permission. In
addition, Web, Desktop, in-car and TV apps will not be granted this
permission.
In other words: This is available to basically nobody.
After such a blow, I feel like I'm pulling at straws here, but I'm wondering if this applies to the Accounts framework login. Their API references the standard Facebook login (with a button and then a permissions screen) and doesn't mention login through the Accounts framework.
So I tried it, and got an iOS UIAlertView asking if I wanted to allow my app to access the given permissions, including the Inbox permission. I tapped "OK", and was granted access. But then calling accountsWithAccountType: returns 0 accounts (I have a Facebook account logged in on device).
I'm wondering if anyone's done any further investigation, or knows any more about this?
You should first try testing your app in the explorer https://developers.facebook.com/tools/explorer/ and see what comes up.
Additionally, since you have read the permission page, you will understand that it wouldn't make sense developing the app with this feature unless you are the only using it.