I'm working on an app which implements the traditional email / password method along with Facebook login. I am working on a search autocomplete feature so when a user types in, for example, "hou" it will return cities matching that term like "Houston, Texas".
Since not all users will be logged in with Facebook I'll be using the App Access Token to call Facebooks API. This is the endpoint I am getting my data from:
https://graph.facebook.com/v2.7/search?type=adgeolocation&location_types=["city"]&country_code=US&q=hou&access_token=
My question is how does the Rate Limit work on a per user basis if I am using my App Access Token? Since the App Access Token identifies the app how does Facebook manage the 200 calls / hour per user rate?
I am concerned with getting rate limited as it would break my app search feature.
Related
I am having an issue with Facebooks Graph API Rate limiting and saying that the
Application request limit reached
which then prevents other users from making request, even though I have generated User Access Tokens. I know they are user access tokens because when I put them into the Access Token Debugger the Type comes back as User and according to the documentation about user access tokens.
Graph API requests made with a user access token are counted against
that user’s call count.
so it should have nothing to do with any application usage but it still seems to. Nothing should be being done on the "applications" behalf I always want the user as to not block other users in-case one user is more active than others.
The user signs in on a website and a server sends the authentication token to clients who then periodically pulls content (every 15 mins). When the rate limit is reached all users appear to get the rate limit error.
Am I misunderstanding what the docs are saying about the User Tokens? Can you not have rates based on individual users and not an entire application?
I'm storing long-lived access tokens for users of my application that have associated their Facebook accounts to it. Since the demise of the offline_access tokens, these long-lived tokens have an expiry date of "about 60 days." However, they can refresh themselves when the user interacts with Facebook. According to the documentation:
These tokens will be refreshed once per day when the person using your app makes a request to Facebook's servers. If no requests are made, the token will expire after about 60 days and the person will have to go through the login flow again to get a new token.
What I'd like to know is what constitutes making a request to Facebook's servers. Does the user have to log in to the Facebook website, mobile app, or use a Like button somewhere? Or does my application making a request on behalf of the user count as well?
Also, when the tokens are refreshed, are they refreshed for another 60 days? Or are they refreshed for a smaller duration?
I wasn't able to find these specific answers in the documentation or in other questions asked here, so thanks in advance to anyone who might have more details.
Every time you use Facebook SDK so it makes any Graph API call, tokens will be refreshed. You can see this in their source code, in AccessTokenManager there is function extendAccessTokenIfNeeded(), and that function is called inside GraphRequest in function executeConnectionAndWait().
You can also manually refresh tokens by calling:
AccessToken.refreshCurrentAccessTokenAsync();
I found one exception to this. Only sso tokens can be refreshed, which means if user logged in to your app via facebook app. If user logged in via browser, token will remain the same.
The previous line to the one you pasted is important:
Native mobile applications using Facebook's SDKs will get long-lived access tokens, good for about 60 days
The section you pulled out refers only to iOS and Android apps using the Facebook SDK - the SDK makes an API call to extend the token, which will only work from the SDK and for tokens produced by the native mobile SDKs-
Other apps (e.g websites, apps on facebook.com) need to use the login flows documented elsewhere in the documentation and require the user to be logged into Facebook in their browser
I am building a Facebook application whose purpose is to gather statistics about Facebook users by querying their profile pages every so often. There is a sign up process where a user consents to the application and is redirected to Facebook to authorize the app. After the app has received the user's permission, it stores the access token with the user's Facebook ID number.
Every so often I want to be able to run a script that loops through all the access tokens in my database and queries the corresponding user's profile page. I am using Facebook's PHP SDK for development and therefore receive long-lived access tokens.
However, I am running into the issue of the 60 day expiration of the access token. I don't know how I can renew these access tokens, since the user does not initiate API calls; my own script does and therefore it has no information about the user being logged in or not when trying to run an API call. Is there any way to renew these access tokens behind the scenes without any information about the user whom I'm trying to query?
So there's an app, let's say it's an app that is capable of delivering relevant news based on the user's choice done the first time he runs the app. Is there a way to post the news to the user's wall without having the user to be online and ideally as the app?
So on his/hers timeline it would look like this (edited image, not a real post from some app, it's just so you get what I mean):
When I use $facebook->api('/me', 'post'), it just creates a post as the user, which is not what I want and does not allow me to post when the user is not logged in.
You can use the server side authentication to get a long lived access token (60 days) which you can then use until the token times out. Then you'll need to have the user reengage with your app to get a new token.
You can get the same thing by using the client side authentication and then extending the token on the server side.
Another options which should work for you is to get an app access token (which does not expire) and ask the user for the publish_stream permission, then:
App access tokens can also be used to publish content to Facebook on
behalf of a user who has granted a publishing permission to your
application.
I am developing a backoffice server application wich is supposed to email our customers with ads campaign statitistics, where camapaigns are bundled from various providers, one of them being Facebook.
Now the problem is how to download specific ads campaigns from Facebook. Basically what I need is a table for specific campaign with values for impressions and clicks for each day from requested range.
One problem is that the application is background server process, running periodically without user interactions, so I suspect there could be a problem with authentication.
From what I have read so far, I believe I am supposed to
register my application on facebook
apply for Ads API access (?)
use either legacy REST API to get statistics, or perhaps adsstatistics from graph api (but I believe that the format there is not divided for particular days).
How am I supposed to authenticate in this case?
Any suggestion as to what is the right solution here?
(Note: In the past, I was doing similiar for Google, where I have successfully used http://code.google.com/intl/cs/apis/adwords/docs/guides/reporting.html - this is just for reference about what I need to achieve).
See this page for authentication once you have Ads API access:
http://developers.facebook.com/docs/authentication/
In the end you'll need an access_token which is specific to your application and the Facebook account you are accessing.
Here's our process:
Log into Facebook account that contains the ads data
Paste this into that browser's address bar:
https://www.facebook.com/dialog/oauth?client_id={your_application_id}&scope=ads_management,offline_access,read_insights&redirect_uri={your
website}
You should be taken to a page that allows you to
authorize your application for that Facebook account (green
Allow button)
Copy the authorization code that appears after code= in the redirected url
Paste this into that browser's address bar (you may not have a client_secret with your application, if you don't try this without the client_secret):
https://graph.facebook.com/oauth/access_token?client_id={your_application_id}&redirect_uri={your website}&client_secret={your application secret}&code={code you got
from step 4}
You should be taken to a page containing the access_token
I do not think you need to store the Authorization code since the access_token shouldn't expire (if you requested offline_access) unless the log in info is changed for the Facebook Account.
Stats Retrieval
For stats retrieval, I would not use legacy REST API since Facebook will depreciate it. Graph API does allow stats retrieval by day, use:
GET https://graph.facebook.com/stats/{starttime}/{endtime}/stats?ids={campaign_id}&access_token=...
starttime and endtime can be in YYYY-MM-DD HH:MM:SS format or as a unix (epoch?) time