With the Facebook Audience Network API i have the placement id, but not the placement name
https://graph.facebook.com/v2.7/XXX/app_insights/app_event/?period=daily&event_name=fb_ad_network_imp&aggregateBy=COUNT&breakdowns[0]=placement&access_token=XXX
{
"time": "2016-09-21T07:00:00+0000",
"value": "36785",
"breakdowns": {
"placement": "176682892738688"
}
},
API Doc Ref:
https://developers.facebook.com/docs/atlas-api/reference/api/placements/v2.11#readplacements
API Request:
https://graph.facebook.com/{API_VERSION}/{PLACEMENT_ID}
but the token here is not your user token, from the doc:
A user access token with Atlas API capability is required.
but the Atlas pages sounds be removed.
I find a method to get the token from the response of 'https://business.facebook.com/pub/property/?business_id={bussiness_id}&property_id={property_id}'
the response abstract str:
"require":[["WebApiApplication","init",["ReactRenderer","PubXRootContainer.react","__inst_d496507d_0_0","__elem_a588f507_0_0"],["{TARGET TOKEN}","{ids}",{"__m":"ReactRenderer"},"constructAndRenderCompone
Related
I've FacebookApp [ type: business ] which fetches all posts, post-comments, and post-likes from the owned Facebook pages.
Verified permissions are ['pages_show_list', 'pages_read_user_content']
When I'm fetching the post and their comments/likes then the user-object is missing in the response body.
Sample JSON
API : https://graph.facebook.com/v2.12/<PAGE-ID>/? \
fields=posts{message, comments{message, from{id, name, link}},reactions{from{id, name, link}}} \
&access_token={{pagetoken}}
response body sample :
...
"message": "For cancer awareness month we are sharing stories of survivors! \n\nManorama is sharing story ... Cancer Campaign (India)",
"comments": {
"data": [
{
"message": "Thank u so much to the entire team.",
"id": "420757949533461_421416076134315",
// USER OBJECT IS MISSING : [id, name]
},
{
"message": "Thank u for sharing ma's story with all!",
"id": "420757949533461_421407146135208",
// USER OBJECT IS MISSING : [id, name]
}
],
...
I'm not sure what is wrong with the above API call because the API call is working fine with TestPage and TestUser. Do I need to ask for some additional permissions from Facebook?
Facebook Graph api does not return user's name anymore by calling this endpoint.
There is one solution you can try: use hooks.
Set a page webhook to retrieve all the comments written on your page. Find the documentation here: https://developers.facebook.com/docs/pages/realtime
The comments' data you'll receive from facebook will contain a name
https://developers.facebook.com/docs/facebook-login/using-login-with-games/
they claim the json object is
{
"oauth_token": "{user-access-token}",
"algorithm": "HMAC-SHA256",
"expires": 1291840400,
"issued_at": 1291836800,
"user_id": "218471"
}
but i got this
{
"algorithm": "HMAC-SHA256",
"code": "xxxxxx",
"issued_at": 1291836800,
"user_id": "218471"
}
Remark:
my app is in sand box mode
Permission: email; user_about_me; user_birthday; user_interests; user_location; user_games_activity
Does anybody know how to fix it?
Whenever someone has already logged into your game with Facebook
Login, the signed request will contain an oauth_token property that
gives you a token to use to make API calls.
you should be handling the login using JavaScript SDK not by the POST date that is sent on launching the canvas app.
IF you are disparate to get some info before he logs in you should exchanging code for an access token
To get an access token, make an HTTP GET request to the following OAuth endpoint:
GET https://graph.facebook.com/oauth/access_token?
client_id={app-id}
&redirect_uri={redirect-uri}
&client_secret={app-secret}
&code={code-parameter}
you use ajax with that to prevent page from refreshing .
There's only thing that server has to do; just check any access token's validity.
Clients send to the server user id and access token obtained by FB.getLoginStatus. As I expected, there would be any URL that checks access token's validity, like http://xxx.facebook.com/access_token?=xxxxxxxxxxxxxxxxxxxxxxxxxxxx.
That returns whether it's available one or not or is there any API (server side) for that?
The officially supported method for this is:
GET graph.facebook.com/debug_token?
input_token={token-to-inspect}
&access_token={app-token-or-admin-token}
See the check token docs for more information.
An example response is:
{
"data": {
"app_id": 138483919580948,
"application": "Social Cafe",
"expires_at": 1352419328,
"is_valid": true,
"issued_at": 1347235328,
"metadata": {
"sso": "iphone-safari"
},
"scopes": [
"email",
"publish_actions"
],
"user_id": 1207059
}
}
You can simply request https://graph.facebook.com/me?access_token=xxxxxxxxxxxxxxxxx if you get an error, the token is invalid. If you get a JSON object with an id property then it is valid.
Unfortunately this will only tell you if your token is valid, not if it came from your app.
Just wanted to let you know that up until today I was first obtaining an app access token (via GET request to Facebook), and then using the received token as the app-token-or-admin-token in:
GET graph.facebook.com/debug_token?
input_token={token-to-inspect}
&access_token={app-token-or-admin-token}
However, I just realized a better way of doing this (with the added benefit of requiring one less GET request):
GET graph.facebook.com/debug_token?
input_token={token-to-inspect}
&access_token={app_id}|{app_secret}
As described in Facebook's documentation for Access Tokens here.
Simply request (HTTP GET):
https://graph.facebook.com/USER_ID/access_token=xxxxxxxxxxxxxxxxx
That's it.
The app token can be found from this url.
https://developers.facebook.com/tools/accesstoken
I found this official tool from facebook developer page, this page will you following information related to access token - App ID, Type, App-Scoped,User last installed this app via, Issued, Expires, Data Access Expires, Valid, Origin, Scopes.
Just need access token.
https://developers.facebook.com/tools/debug/accesstoken/
Exchange Access Token for Mobile Number and Country Code (Server Side OR Client Side)
You can get the mobile number with your access_token with this API https://graph.accountkit.com/v1.1/me/?access_token=xxxxxxxxxxxx. Maybe, once you have the mobile number and the id, you can work with it to verify the user with your server & database.
xxxxxxxxxx above is the Access Token
Example Response :
{
"id": "61940819992708",
"phone": {
"number": "+91XX82923912",
"country_prefix": "91",
"national_number": "XX82923912"
}
}
Exchange Auth Code for Access Token (Server Side)
If you have an Auth Code instead, you can first get the Access Token with this API - https://graph.accountkit.com/v1.1/access_token?grant_type=authorization_code&code=xxxxxxxxxx&access_token=AA|yyyyyyyyyy|zzzzzzzzzz
xxxxxxxxxx, yyyyyyyyyy and zzzzzzzzzz above are the Auth Code, App ID and App Secret respectively.
Example Response
{
"id": "619XX819992708",
"access_token": "EMAWdcsi711meGS2qQpNk4XBTwUBIDtqYAKoZBbBZAEZCZAXyWVbqvKUyKgDZBniZBFwKVyoVGHXnquCcikBqc9ROF2qAxLRrqBYAvXknwND3dhHU0iLZCRwBNHNlyQZD",
"token_refresh_interval_sec": XX92000
}
Note - This is preferred on the server-side since the API requires the APP Secret which is not meant to be shared for security reasons.
Good Luck.
Is it possible to retrieve Facebook page statuses using an app access token?
According to the documentation I could use "any valid access_token or user access_token" but when I try to use the application access token I'm getting the following message: "A user access token is required to request this resource.". Am I generating the app access token in a wrong way? Is there anyway to access the statuses of a public Facebook fan page without a user?
It seems that a user access_token is required to query this connection.
Tried without any access_token in the Graph API Explorer on redbull page and the result was:
{
"error": {
"message": "An access token is required to request this resource.",
"type": "OAuthException"
}
}
But after providing an app access_token:
{
"error": {
"message": "A user access token is required to request this resource.",
"type": "OAuthException"
}
}
This is a bit misleading!
Don't know if your still facing this issue. But here's a workaround :
By asking the graph API, you have this issue, but by using the FQL langage, it works perfectly with an App ID!
Here's an example for the 'PSG' page :
https://api.facebook.com/method/fql.query?query=SELECT post_id, type, attachment, message FROM stream WHERE source_id IN(SELECT page_id from page where username='PSG')&access_token=YOUR_APP_ACCESS_TOKEN
;)
I'm developing iPhone application, that is based on communication with server, and I want to use Facebook authentication mechanisms.
Basically, I think it should work like this:
In my iPhone app, user logs in to Facebook, using his email and password.
User allows access to his data for related Facebook application.
My iPhone app receives access token, after successful log in.
In further communication with my server, my iPhone application should use the received Facebook access token (for example: in queries).
When my server receives some query from iPhone app, with access token, it should ask Facebook that this token is valid (and for who), and if yes, server should assume that user is authenticated with Facebook.
My question is: how the server should ask Facebook if given access token is valid? I think I should somehow check if the token is valid for my Facebook app.
I've tried many Facebook queries to graph API, that I've found, but nothing worked as I expected. Can you provide me some example?
Here's a two step process you can use to validate that a user access token belongs to your App:
1) Generate an App Access token
(https://developers.facebook.com/docs/howtos/login/login-as-app/)
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&client_secret=YOUR_APP_SECRET
&grant_type=client_credentials
2) Debug the User Access token
(https://developers.facebook.com/docs/howtos/login/debugging-access-tokens/)
https://graph.facebook.com/debug_token?
input_token=INPUT_TOKEN
&access_token=ACCESS_TOKEN
Where INPUT_TOKEN is the user access token you want to verify, and ACCESS_TOKEN is your app's token that you got from step 1.
The debug endpoint basically dumps all information about a token, so it'll respond with something like this:
{
data: {
app_id: YOUR_APP_ID,
is_valid: true,
metadata: {
sso: "iphone-safari"
},
application: YOUR_APP_NAMESPACE,
user_id: USER_ID,
issued_at: 1366236791,
expires_at: 1371420791,
scopes: [ ]
}
}
If that token isn't from "your app" then it will return an error response.
Update: this answer seems insecure since it doesn't validate the token
first as belonging to your app, see the comments, original answer as
follows:
I assume that you already have the access token in hand. In such a case the simplest way to validate an access token is to issue the following request
https://graph.facebook.com/me?fields=id&access_token=#accesstoken
Here replace #accesstoken with the access token you have. I will breakdown the url and will explain each.
We are issuing a graph api request here which will return the Facebook User Id of the owner of the access token as a JSON string. The keyword 'me' represents the currently logged in user or the owner of the access token. For this request access token is a mandatory parameter.
If the provided access token is not valid or expired Facebook will just return an error message of some sort.
For a valid access token the result will somehow look like this
{
"id": "ID_VALUE"
}
Another solution would be to use https://graph.facebook.com/app/?access_token=[user_access_token] as described by Get application id from user access token (or verify the source application for a token).
This appears to be an undocumented feature, but returns JSON containing the id of the app the token was generated for. If the token wasn't for your app, it returns a 400.
In the latest version of facebook (2.2) you can do it this way:
https://developers.facebook.com/docs/graph-api/reference/v2.2/debug_token
Sample output:
{
"data": {
"app_id": "THE APP ID",
"application": "APP NAME",
"expires_at": 1427245200,
"is_valid": true,
"scopes": [
"public_profile",
"basic_info",
"read_stream",
"email",
"publish_actions",
"read_friendlists",
"user_birthday",
"user_hometown",
"user_location",
"user_likes",
"user_photos",
"user_videos",
"user_friends",
"user_posts"
],
"user_id": "THE USER ID"
}
}
private function facebookRequestMe($access_token)
{
include_once "facebook.php";
$facebook = new Facebook(array(
"appId" => "your_application_id",
"secret" => "your_application_secret"
));
$facebook->setAccessToken($access_token);
return $facebook->api("/me", "GET");
}
You can download the Facebook SDK for PHP from GitHub.
If a user has passed you a Facebook UID that they claim is theirs and you want to check if it's legit, this is a Python function that will verify it against their access token (an implementation of Robin Jome's answer):
def verify_facebook_id(id, access_token):
import requests
import simplejson
params = {'fields': 'id', 'access_token': access_token}
text = requests.get("https://graph.facebook.com/me", params=params).text
json = simplejson.loads(text)
response_id = json["id"]
return response_id == id
This is the only secure method to verify user token using just one request:
https://graph.facebook.com/debug_token?input_token={token-to-inspect}&access_token={app_id}|{app_secret}
Note that a sign "|" in the above URL isn't used as OR but as separator and must be there after fill the other fields.
The response will be JSON looking like that:
{
data: {
app_id: {app_id},
application: {app_name},
expires_at: {some_number},
is_valid: {true|false}
scopes: {array_of_permissions},
user_id: {user_id}
}
}
Reference: https://developers.facebook.com/docs/facebook-login/access-tokens/#apptokens
(above method is mentioned at the bottom of this section)
Along with an access token Facebook also sends an "expires_in" parameter, which is an offset value. Use that to compute for when the access token will expire as an NSDate. Then when you need to do a request compare the current date with the expiration date.
Also try to inspect the status codes and response strings Facebook sends back.