What are user fields publicly accessible through Facebook Graph Api (using an user access token or an app access token)? I mean not the logged in user.
So a call like this
GET /v2.7/{user-id} HTTP/1.1
Host: graph.facebook.com
where user-id is not me
Witout authorization, no data at all can be read from a user. You MUST authorize the user, and you can just use /me with the User Access Token.
If a user IS authorized, it depends on the permissions. Some data needs additional permissions, without additional ones you only get stuff like id, name, first_name, last_name, age_range, picture, ...
A list of available fields can be found in the API reference: https://developers.facebook.com/docs/graph-api/reference/user
Related
Facebook documentation states that public_profile is enabled by default and, among the details allowed to retrieve from there, there is age_range.
I'm trying to retrieve such field using the Facebook app token. I can retrieve name, first_name, last_name, picture, etc... with the app access token. But when I specify the age_range in the fields query param of the request, age_range is not returned:
curl -i 'https://graph.facebook.com/<user_facebook_id>?access_token=<app-access-token>&fields=picture,age_range'
then I get
{"picture":{"data":{"height":50,"is_silhouette":false,"url":"https:\/\/lookaside.facebook.com\/platform\/profilepic\/?asid=<user-facebook-id>&height=50&width=50","width":50}},"id":"<user-facebook-id>"}
Is age_range exposed only when the graph is accessed via the /me path and user Facebook access token?
I've asked Facebook support and they confirmed that field is not accessible via the app token.
We have Rest Api created by Laravel 4 Php framework. We are using combination of scope and grant to prevent users accessing some resources. But we are having problem preventing one user accessing another user data.
For Example- in our application a user can log in using email and password and we use password grant type to create access_token.
user can see their access token by using browser debugging tolls. Now, that user can use postman or curl request with that access_token to get other users data. What is the best way to prevent user showing other user data ?
When user login into the system, create access_token with roles and permissions return that access token to the user. When user calls the API with the access_token, then check that users is having the permissions to access the requested data.
If that user not having permissions then return with some error message.
You can create filters for this, In which you can check access_token permissions.
Userful like for Laravel routing- http://laravel.com/docs/4.2/routing
I'm looking to run some data analysis on the users of my Facebook application. I don't have their user access tokens stored on the server so I am planning on using my app access token to pull information from the graph API.
By default, calling /{user-id} returns
id
name
first_name
last_name
link
username
location
quotes
favorite_teams
gender
email
locale
languages
The documentation says that the following things are available with an app access token:
Basic Profile Info of a User (ID, Name, Username, Gender)
A User’s Friends and their IDs
Permissions granted by the User to your App
It seems that by default you get more than the basic information. Are there other things you can get with an app access token than the above?
I have noticed that some other fields can be manually added by appending them to ?fields=x in the URL.
Available fields that I've noticed so far are
cover
third_party_id
installed
permissions
picture
My personal FB account is in the Admin Role of "Manager" on our company's FB page.
I have an Access Token w/ the correct permissions that I can use to successfully post a Note to the Company page using the REST API.
However, when I use the same Access Token to Post a note to https://graph.facebook.com/PROFILE_ID/notes (where PROFILE_ID is replaced with the ID of our Company page, it posts the note to my personal FB page.
How do I use the Graph API to post notes to the company page.
Thanks!
POST requests generally seem to post to the profile of the user that is authenticated, not necessarily the user with the profile ID supplied - it's odd.
Hence, you need to authenticate as the page, rather than as yourself. The details regarding this are here:
https://developers.facebook.com/docs/authentication/pages/
Essentially, you authenticate as yourself, retrieve a list of pages that you manage with associated access tokens, which you can then use to post the note.
For the benefit of other users, the process is thus:
Firstly, acquire the create_post permission, as described in the API Reference
A POST request must be issued to https://graph.facebook.com/PAGE_ID/notes?message="MESSAGE_BODY_TEXT"&subject="NOTE_SUBJECT"
I want to fetch feed/post/statuses data for a particular user.
But found that it is necessary to have an access token.
My concern is , do we need to have a separate access token for every user to fetch their information or merely with a single access token it is possible?
The access token is used to verify that the user making the call is verified and has the correct permissions to perform that action. Every user has his/her own access token for each application. As the comments say above, access tokens expire after a while, so you have to re-request them when the user logs back into your application.
There is also "long-term" access tokens that can be retrieved by requesting the offline_access permission. In this case the access token is valid for (i think) 30 days or until the user changes his/her facebook password.
All the information you need about access tokens can be found at https://developers.facebook.com/docs/authentication/
An Facebook Graph API access token allows you to do what a Facebook application running as a particular user, with a particular set of permissions (https://developers.facebook.com/docs/reference/api/permissions/), is permitted to do. Some data on other Facebook objects (such as users) may be available with the access token of another user, especially if they are a "friend" of the user in the access token.
For example, suppose the access token specifies User A and permission "friends_birthday". You should be able to query the birthday of user B if (1) user B is a friend of user A, and (2) user B permits his/her friends to see his/her birthday.
I don't know your full scenario, but if you are really just fetching data, you may find it easier to use https://facebookpsmodule.codeplex.com rather than writing your own Facebook application.