I'm building an internal app for a client of mine (an ad agency) who wants to do ad performance reporting for about 30 of their clients. Part of this project is to pull down performance metrics from Facebook Ads for these 30 clients.
I've created a Facebook App and got a development token. With this token, I've been able to get the technical part of the project working -- I can pull down the metrics just fine using Facebook's Marketing API.
My question is about authorization and authentication. I'm thoroughly confused by Facebook's mechanisms for this.
What do I need to do to get access to Marketing API metrics for these 30 clients?
Do I need to publish a Facebook App? If so, do I need to go through the approval process? This seems kind of crazy because Facebook wants a login so they can test things out, but the product is strictly internal so there's really nothing they can log in and see.
I guess another question is: Is there another way I can get access to these 30 clients? With Google Adwords, it was easy. I just used oauth and am granted access as needed. Is there a simple way like that with the Facebook Marketing API?
You need to submit your app for review, if you want to be able to ask all users for the permission.
If your app is used by a limited number of people only, that you can add to a role in the app - then they can be asked for all permissions, even without review. This is mainly for testing purposes, but Facebook has it documented as a kind of “loophole” for apps that are only used by a limited user base. https://developers.facebook.com/docs/apps/faq#faq_180362122361921
Related
Now, My Facebook Login API has been restrict with the following message from Facebook:
Your app is violating the following Platform Terms or Developer
Policies: Developer Policy 1.2: Build an app that is stable and easily
navigable.Some common violations of this policy include:
Broken Facebook integration (e.g. broken share, like or comment functionality)
Broken user experience in the app (e.g. app has broken links or user interface failures)
I still have no clue what I have done wrong on my Facebook API though.
How can I make a change on Facebook API to solve this kind of problem that causes Facebook to restrict by Facebook Login API.
That may be due to the following reason:
Facebook periodically reviews the websites and applications which are
on it. Your application is in its review process currently. We are
required to test the Facebook login functionality in order to conclude
the review in totality. However, we are unable to do so.
Unfortunately, we have not been able to locate a Facebook integration
(Login, Share, and Like) on your submitted platform. To help us
conclude the review process, could you kindly share the details
regarding the location of a Facebook integration and how to navigate
to it on your website URL.
This review is essential to Facebook as we want to offer the best
experience to users as well as developers like yourself. Please help
us in bringing your application into compliance by working with us.
Alternatively, you could aid us by sending us credentials of a test
user who is already registered and connected to an FB account within
the app. You can get all the information related to creating a test
user here - https://developers.facebook.com/docs/apps/test-users.
Most people get this response in further detail. You can check the Facebook button on the given URL in the Facebook app.
If Facebook button URL is different and the URL mentioned in the Facebook app is different then you should reply to them and explain it.
I am not able to get webhook calls when another user post a comment (with mentions) on another/my media.
Just for testing purposes I set up a ngrok server for my webhook endpoint, which always answers with a 200 and handles the verfication. Before the heavy coding I just wanted to see if the webhook workflow for Instagram is generally working.
I created a Facebook app, an Instagram business account, a Facebook page and linked the page with the Instagram business account. With the information at Webhooks for Instagram I created a page access token with the Graph API Explorer. When I debug the token with the Access Token Debugger, everything looks fine. All needed permissions like manage_pages, pages_show_list, instagram_basic, instagram_manage_comments, instagram_manage_insights, public_profile are there. With the page access token I am able to fetch all informations regarding my linked Instagram business account via the Graph API Explorer.
Also the Instagram product was automatically added to my Facebook app. Test requests, which where send via the app dashboard (Webhooks product), will be received by my ngrok server. But any type of mentions or comments from another or my Instagram account (business or not) on my or other medias will not be received. What am I doing wrong? Do I have to send those comments/mentions from a specific account, since the app is in development mode and there roles in the app?
After speaking with the Facebook support, my confusion has been resolved.
The problem is that the Webhook for the Instagram product does not work without a verified app review. I had been wondering how to record a screencast with my running solution, without running webhooks... Above all, I had wondered why the webhooks in dev mode worked for the product messenger but not for instagram (or others). Apparently, the app review is not about the technical implementation but rather about checking that the implementation complies with the facebook guidelines. Therefor I want to quote the Facebook support:
Messenger does allow page owners and app admins to receive webhooks for their implementations in devmode and is by design. However, this is not the same for instagram or pages. This is just how the product teams have decided to implement it. For app review, you can show a mock process of the flow, using either the test webhook or your own process. The app review is less about technical implementation steps, but just a way to make sure that your app is going to use the permission in a way that follows our guidelines, so mocking the procedure should be fine. The reviewers understand that you do not receive webhooks in dev mode and should take this into consideration.
Consequently, I will now have to submit an app review and for that I have to imitate the webhook.
I am working on building Facebook integration from an internal company application to allow for creating Ads on Facebook using their Marketing API. In order to accomplish this, it appears creating an "App" is a necessity to be able to get access to their API. This App will ONLY be used for API communication and should never be needed by an end user on Facebook.
My problem is the App is currently in development mode and I need to submit it for review in order to qualify for a higher level of API access to not be as rate limited on the number of requests. Since this App is only used for API access is there a way to keep it hidden from the general public on Facebook? It should never be needed to be accessed directly from any random Facebook account, only from the SDK we are using interally.
not sure if this is strictly programming question (apologies in advance).
We have windows service which is responsible for downloading data from different API's on regular basis, it's just internal tool we are using on our server.
For purposes of oauth2 authentication we use our another tool, which can
handle multiple Oauth logins through different API's, then we just ask this tool for access token and use it in our calls. This works perfectly with e.g. AdWords, BingAds, etc.
Now we have a task to download data from Facebook API. But the problem here is that according to FB we need to apply application for approval in order to get permission to "ads_read" source, which can allow us to download ad insights.
But the problem is that our tool is not an application it does not have any icon, screenshots or Privacy Policy URL. Is there any possibility to get these data without application to FB? Maybe is there another way to login and get the data from user without using oauth2, thus no need for using the oauth2 and scope permissions?
Thanks in advance
As long as you're only using your app with admins/testers/developers of the same app, you don't need to go under Login Review. Only if you also want to authenticate "other" users as well.
Does anyone know of a way to use social logins without having to create an account with a social media website? For Example, I want to use Facebook's Login on my website, but I do not want to create a Facebook account nor an app just to use their login.
Far as I know it pretty much requires (facebook) an App to be created (on developer site for facebook) in order to utilized services with a website.
Unfortunately, in order to maintain a safe development environment, and to prevent the creation of spam apps, it is required that Facebook manage its developer users. This is to allow them to block apps that act maliciously, and to allow permissions to be managed on their server for the app access token. For a more detailed answer, I'll refer you to one on StackOverflow by Lix.