I'm trying to call
/v2.9/{comment-id}/private_replies
(https://developers.facebook.com/docs/graph-api/reference/v2.9/object/private_replies) but always get the following error:
(#200) Requires read_page_mailboxes permission to manage the object
I'm using a test version of the app. The user submitting the comment is an administrator of the app. From my understanding, if the user is an administrator, the permissions wouldn't need to go through the review process just for testing/developing? read_page_mailboxes is not yet a confirmed permission for the app.
Any ideas what the problem could be?
Answering my own question: The problem in the end was that the access token didn't include the read_page_mailboxes permission. I had to manually create a page access token that includes it.
I initially created the token here: https://developers.facebook.com/apps/{APP-ID}/messenger/ but that doesn't seem to add the necessary permission.
See here on how to create a permanent page access token: https://stackoverflow.com/a/43570120/769726
The permission doesn't need to be approved by Facebook while you're still in development.
Related
I am creating long lived access tokens for my users when they first sign up for my app, this has been working fine for the past 6-8 months. Recently, the manage_pages permission was revoked from my app (when Graph API v8.0 was released) due to lack of use. It is true that we did not use this permission, but the reason we asked for it is because it was required for some of the calls we were doing to gather Instagram insights for our users when we first started. I don't know if this has anything to do with the issue but just including it anyways.
Now it seems that newly created access tokens are automatically invalid, this was never the case before. I run these access tokens through the access token debugger and get the following error:
Error validating access token: The user has not authorized application [MY_APP_ID].
It seems this problem slowly began to onset, and now every single new user on our app is experiencing this issue, even after granting us the following permissions:
public_profile
email
instagram_basic
instagram_manage_insights
pages_show_list
The permissions recently revoked from my app were:
pages_manage_ads
pages_read_user_content
pages_manage_metadata
Users go through the complete OAUTH flow, and when they are redirected to my site I create a long-lived access token but it seems the token does not recognize that the user had authorized my app, hence the reason it is invalid.
Here is my OAUTH Url for new users:
https://www.facebook.com/v5.0/dialog/oauth?client_id={{ settings.FACEBOOK_CLIENT_ID }}&redirect_uri={{ settings.FACEBOOK_REDIRECT_URL }}&state={{MY_STATE}}&return_scopes=true&auth_type=rerequest&scope=public_profile,email,instagram_basic,instagram_manage_insights,pages_show_list
You have to remove the manage_pages scope from your Facebook button code and replace it with the pages_show_list scope :)
I have an app that programmatically make post on a configured Facebook Page.
My app obviously have both the manage_pages and publish_pages permissions approved and I'm using pages access token
Everything work well since now, but recently when I POST on page feed
https://graph.facebook.com/v3.1/234002440799692/feed
I get this error:
{"error": {
"message":"(#200) Requires either publish_to_groups permission and app being installed in the group, or manage_pages and publish_pages as an admin with sufficient administrative permission",
"type":"OAuthException",
"code":200,
"fbtrace_id":"HEVcI\/Tq3fW"
}}
I know that Facebook has deprecated publish_actions scope, so that it's not possible anymore to post programmatically on the personal feed, but I can't find out why the post on a page return this kind of error.
Some further infos:
posting with a developer account actually work
the user by which the page access token is obtained, created the page on Facebook (so I think it's an admin for the page)
i recently migrated from graph_api v2.12 to v.3.1
Any suggestion will be appreciated
Thanks
I figured it out what the problem with some pages is.
It seem that now, if the user grant the manage_pages and publish_pages permission, that will be valid only for already existing pages!
New pages haven't the permission granted by default.
The only way I can fix the problem was to remove my app from the user profile (Facebook Settings > Business Integrations > Select the app > Remove) and then prompt the user again with the Facebook OAuth permission dialog.
I don't know if there is a way to force the app removal programmatically, but I can't find out.
You can use the following URL:
https://graph.facebook.com/v7.0/234002440799692/feed?&access_token={access_token}
Based on the doc on Facebook page access token following steps are need to be taken to obtain a long-lived Page Access Token.
Extend the User's Access Token which has the manage_pages permissions
Get the page access token thru the /userId/accounts end point using the extended user access token.
This process is working fine and I am able to obtain and use the page access token properly.
The issue arises when the user grants a new permission to the App - such as 'publish_actions' to allow the App to post on the Page's timeline, the page access token obtained using the above mentioned mechanism does not work properly.
Until about a 6 to 8 weeks ago the new publish_action permission would allow the previously saved page access token to post on the page's timeline without any issue. This feature seems to have broken where I am getting the following error :
{"error":{"message":"(#200) The user hasn't authorized the application to perform this action","type":"OAuthException","code":200
When the access token is debuged using the Facebook debugger tool - it shows that the saved page access token is indeed embellished with the new permission as follows :
App ID XXXXXXXXXXXX : App Name
Profile ID 999999999999 : Page Name
User ID 9999999999999999 : User Name
User last installed this app via API v2.x
Issued 1454463877 (40 minutes ago)
Expires Never
Valid True
Origin Web
Scopes email, manage_pages, publish_actions, public_profile
So although this page token has publish_actions permission it is not able to post on the page's timeline. This has stopped working recently and looking for any other folks who have faced a similar issue and have managed to resolve it.
Btw, I have already tried refreshing the page access token using the newly generated user access_token at the time when the user gives the publish_actions permission. Going the thru the above 2 steps using the new user access token, seem to return the same page access token and it continues to fail to post on timeline...
Any help is much appreciated.
The issue was related to using incorrect permission. Facebook has introduced a new 'Publish_pages' permission which should be used to make posts on business pages. We were using publish_action which was invalid (since v2.3 or somewhere around that - we are using v2.5 of the graph API so it caused a problem).
Facebook responded pretty quickly to our bug report and provided this guidance which helped resolve this issue (I should have posted this answer earlier).
I am building my first facebook app and am facing a issue.
Task : Build a entirely server side application to be used by the admin of a facebook page to post videos/photos on the page. This should not involve having the admin to log in everytime to generate the user acess and page access token.
What I found : Based on the requirement, I found that app tokens can be used for this purpose. This line specifically hints at the usefulness.
App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application
I think that using this will be safe since mine is an entirely server side app.
Problem The docs say that:
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
will give the app token that can be used in place of user access token.
However, I have not been able to do so. Specifically the error encountered is
Error 200 .The user must have accepted the TOS. Since I have already tried publishing content with page access token, I know this is a permission issue.
The following line
a person who has granted an open graph publishing permission to your application.
does not clarify everything. I came across a related question, but the answers seem to be a bit vague.
It would be really great if someone could give me insights about how this can be achieved.
In order to post to a page, you need at least authorize with the manage_pages permission. If you want to post "as user", you need to add publish_actions and use a "User Access Token". If you want to post "as page", you need to add publish_pages and use a "Page Access Token".
Information about how to generate those Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
The error message with the TOS has been discussed a lot of times already, please go to those threads (or find a lot more with the search function):
(OAuthException) (#200) User must have accepted TOS on C# - Facebook
How come I get a "must have accepted TOS" error for test users with app installed?
facebook long term token "(#200) User must have accepted TOS"
Occassional (OAuthException - #200) (#200) User must have accepted TOS
You cannot post to a Page via an App Access Token. This is clearly stated in the docs at
https://developers.facebook.com/docs/graph-api/reference/v2.3/page/feed#publish
A user access token with publish_actions permission can be used to publish new posts on behalf of that person. Posts will appear in the voice of the user.
A page access token with publish_pages permission can be used to publish new posts on behalf of that page. Posts will appear in the voice of the page.
I'd recommend to use a eternal Page Acess Token, so there's no obligation to renew the User Access Token. Have a look at my answer here:
Post to a facebook page without "manage_pages" permission using php
See
https://developers.facebook.com/docs/facebook-login/access-tokens#pagetokens
Since I created a new (Facebook) App last week, I get an OAuthException whenever I want to comment on a post.
"(OAuthException) (#200) You do not have sufficient to permissions to perform this action".
With the old App, my application works fine.
Now I found out that Facebook has changed the login policy recently. I also found the following remark on https://developers.facebook.com/docs/facebook-login/permissions/v2.0:
"If your app asks for more than than public_profile, email and user_friends it will require review by Facebook before your app can be used by people other than the app's developers".
So if I post with the same account with which I created the App, it should work, right? Only it doesn't...
Remark: if I use the new App with another Facebook-account, I have even less permissions (e.g. cannot access the account's pages). So I have more permissions if I use the same account, but still I cannot post!
I use Graph API via .NET Facebook-Client; my App is a native app (desktop app).
Could someone please tell me how to post with a new App? This is the main use-case of our application! Thank you very much!
Here is a screenshot of what I see instead of the login-screen when I use extended permission "publish_action" instead of "publish_stream"
You must be able to post with your own account since you are the admin of the application. - since only the admins/developers/testers will be able to test the app with the publishing functionality before it gets approved by facebook.
If you still are not able to, you must have not granted the permissions to the app. Things to check-
You are using publish_actions and not publish_stream
Check in your application settings whether or not you can see the publishing permission is granted for that app.
If not granted, go through the login process again and grant the publishing permission (may be by removing the app from settings and then authorizing again OR logout the app and then login again with publish_actions)
Problem solved - it was a stupid typo: I wrote publish_action instead of publish_actions (should be plural)! Thanks again to CBroe who pointed it out in this thread!