Facebook Review for API only App - facebook

I am working on building Facebook integration from an internal company application to allow for creating Ads on Facebook using their Marketing API. In order to accomplish this, it appears creating an "App" is a necessity to be able to get access to their API. This App will ONLY be used for API communication and should never be needed by an end user on Facebook.
My problem is the App is currently in development mode and I need to submit it for review in order to qualify for a higher level of API access to not be as rate limited on the number of requests. Since this App is only used for API access is there a way to keep it hidden from the general public on Facebook? It should never be needed to be accessed directly from any random Facebook account, only from the SDK we are using interally.

Related

Why is the Instagram Graph API webhook not working

I am not able to get webhook calls when another user post a comment (with mentions) on another/my media.
Just for testing purposes I set up a ngrok server for my webhook endpoint, which always answers with a 200 and handles the verfication. Before the heavy coding I just wanted to see if the webhook workflow for Instagram is generally working.
I created a Facebook app, an Instagram business account, a Facebook page and linked the page with the Instagram business account. With the information at Webhooks for Instagram I created a page access token with the Graph API Explorer. When I debug the token with the Access Token Debugger, everything looks fine. All needed permissions like manage_pages, pages_show_list, instagram_basic, instagram_manage_comments, instagram_manage_insights, public_profile are there. With the page access token I am able to fetch all informations regarding my linked Instagram business account via the Graph API Explorer.
Also the Instagram product was automatically added to my Facebook app. Test requests, which where send via the app dashboard (Webhooks product), will be received by my ngrok server. But any type of mentions or comments from another or my Instagram account (business or not) on my or other medias will not be received. What am I doing wrong? Do I have to send those comments/mentions from a specific account, since the app is in development mode and there roles in the app?
After speaking with the Facebook support, my confusion has been resolved.
The problem is that the Webhook for the Instagram product does not work without a verified app review. I had been wondering how to record a screencast with my running solution, without running webhooks... Above all, I had wondered why the webhooks in dev mode worked for the product messenger but not for instagram (or others). Apparently, the app review is not about the technical implementation but rather about checking that the implementation complies with the facebook guidelines. Therefor I want to quote the Facebook support:
Messenger does allow page owners and app admins to receive webhooks for their implementations in devmode and is by design. However, this is not the same for instagram or pages. This is just how the product teams have decided to implement it. For app review, you can show a mock process of the flow, using either the test webhook or your own process. The app review is less about technical implementation steps, but just a way to make sure that your app is going to use the permission in a way that follows our guidelines, so mocking the procedure should be fine. The reviewers understand that you do not receive webhooks in dev mode and should take this into consideration.
Consequently, I will now have to submit an app review and for that I have to imitate the webhook.

Do I have to create an app using the original Instagram API before i can use the instagram graph API?

I'm trying to create an app with the new Graph API for instagram business accounts.
I am following the documentation here
It says after adding Facebook login, I need to submit the app for review to be able to use the api, and I need to create a screencast on how the app will be used.
Am I looking at the wrong documentation? How am I suppose to create the app without being able to pull any data from the API?
Is there no sandbox mode until the app is developed that I can use?
Do I have to create an app using the Instagram API first to be able to request permissions to use it?
While I haven’t had any experience in Instagram apps, I do have a bit of Graph API experience with Facebook
While in development (a switch at the top of the App Dashboard), any developers and administrators can test the app using any and all permissions. To make the app public however you need to submit for review.
The new instagram graph API is an extension of the existing Facebook API.
So you can make requests on the new API by have a facebook login on your app, then requesting access for the users pages and the users instagram data.
Once you are able to access their pages data you can submit a get request and fetch ?fields=instagram_business_account
once you get the instagram accounts ID, you can make requests on it following this documentation
In development you can only access your own pages, once you build using your own data then you can submit your app for permissions, and finally you can submit your app for review.

Facebook Marketing API Authorization

I'm building an internal app for a client of mine (an ad agency) who wants to do ad performance reporting for about 30 of their clients. Part of this project is to pull down performance metrics from Facebook Ads for these 30 clients.
I've created a Facebook App and got a development token. With this token, I've been able to get the technical part of the project working -- I can pull down the metrics just fine using Facebook's Marketing API.
My question is about authorization and authentication. I'm thoroughly confused by Facebook's mechanisms for this.
What do I need to do to get access to Marketing API metrics for these 30 clients?
Do I need to publish a Facebook App? If so, do I need to go through the approval process? This seems kind of crazy because Facebook wants a login so they can test things out, but the product is strictly internal so there's really nothing they can log in and see.
I guess another question is: Is there another way I can get access to these 30 clients? With Google Adwords, it was easy. I just used oauth and am granted access as needed. Is there a simple way like that with the Facebook Marketing API?
You need to submit your app for review, if you want to be able to ask all users for the permission.
If your app is used by a limited number of people only, that you can add to a role in the app - then they can be asked for all permissions, even without review. This is mainly for testing purposes, but Facebook has it documented as a kind of “loophole” for apps that are only used by a limited user base. https://developers.facebook.com/docs/apps/faq#faq_180362122361921

How do I create multiple Facebook bots with a single platform?

I have a Facebook bot and I have connected it with a Facebook page. However to have it publicly available I have to wait the approval from Facebook.
Not a problem if you have to make one single bot, huge problem if you have to do it on scale level (eg: 100+ bots).
Platform as Chatfuel or Content Api allow you to just select the page you own and connect the bot automatically.
In minutes the bot is publicly available, skipping the review phase (apparently) in Facebook.
I didn’t find any info about that on the Facebook developer guide, there is a sort of internal API not available for everyone? If so how can you request access to that?
Facebook Messenger bots are published for a page (which is the bot identity) using one or more applications (which defines the webhook where messages are sent).
So the application must be reviewed and approved by Facebook. After that, any page can be 'attached' to this application, using the standard Facebook authorization flow in order to get an access token for this page by the approved application.
So Chatfuel and others alreay have their application approved, and now any page can be connected to it.

Website and a facebook mobile app - do they need to be separate?

The existing website uses Facebook OAuth for login. The plan is that soon that certain events on the site will be posted to the user's timeline. The "userA watched xxx" kind of thing.
We're also at the stage of starting an iPhone app to connect to the website's data API. If the user has authenticated to the website with the mobile app using the facebook login:
would the mobile app need access to the Facebook oauth keys? I'm guess not, as the user would do something, and the website would have the credentials stored to post to facebook, but I'm not sure.
would there in fact be 2 apps, one that is facebook based and one that is not?
Apologies if this is really basic information I'm asking, but I've not developed Facebook apps previously and the information I look at isn't always clear.
In my apps, I code two authentication flows, one for facebook users, and one for users without facebook (this is the typical, create your account, and subsequently login with your username and password). So one app, two login flows.
Regarding the app accessing the Facebook oauth keys, if you are coding with the Facebook iOS SDK, you won't even need to worry about the oauth key itself, as it's totally encapsulated by the SDK. You'll simply invoke methods to trigger authentication, and then once the user is authenticated, you can call other methods to invoke certain aspects of SDK/API.
The Facebook iOS SDK supports all the functionality you'll need to make the posts directly from the app itself. You won't need to make an API call to your server, to then make a second call to the Facebook API. Just handle all that from the app directly. So if your app does depend on a successful API call to your server, prior to posting to Facebook, make that API call, wait for the response (that either includes additional data, or a success:true flag), and then make the post to the Facebook via the Facebook iOS SDK.
The Facebook iOS SDK docs are AWESOME these days, and the code samples are even better. Check them out at:
http://developers.facebook.com/ios/