Twitter REST API - how to check if an app has certain permission? - twitter-oauth

Before attempting to write to a user's timeline, I would want to check if an app has write access. How do I check this?

The response to API requests with a valid access token will have a header named X-Access-Level. You can look for the value read-write there. Ideally, you will make an API request toaccount/verify_credentials node for this purpose.

Related

Facebook get access_token by username/password

I implement some facebook related stuff and accessing graph api for that pourposes. But for implement Integration testing I need a simple strategy to get access_token. So I create test user for that. How could I get access_token only with server side involved, without including browser in the chain. Ideally I just need to exchange login/password to the token.
Correct workflow loooks like this:
According the correct answer, there is special tests users provided by facebook.
To to be able to tests system properly you need to do the following flow
Get application access token
Request application's tests user's via "GET /{app_id}/accounts/test-users"
Parse response and extract access_tokens for each user from that response.
You can't exchange the login/password for an Access Token, but you can create test users programmatically. Have a look here:
https://developers.facebook.com/docs/graph-api/reference/v2.0/test-user
https://developers.facebook.com/docs/graph-api/reference/v2.0/app/accounts/test-users
How to get an access token with the right permissions for a test User
https://developers.facebook.com/docs/graph-api/reference/v2.0/user/permissions/
Short answer: You can´t.
Server side you can only get an App Access Token, Page Access Token or extend an existing Access Token.
So it depends on what you need to achieve, if you just want to get public stuff from a Facebook Page, even an App Access Token may be good enough. But you cannot create User Access Tokens server side.
It may be possible with real test users created via the Graph API itself though, see Tobis answer for links about that. But it is definitely not possible with username/password.

Use "appId|appSecret" as access_token

I've found in documentation that it is possible to use appId and appSecret pair as access_token in the format "appId|appSecret".
The problem, when I'm using this technique with graph API, I don't receive the full information, only some of the fields (permissions are set in the app settings). When I'm trying to use it with FQL I get "A user access token is required to request this resource." exception.
Could somebody route me on the right track how to perform API requests?
My application is running on the server-side, that's why I've chosen these method.
E.g.
When I run GET request on https://graph.facebook.com/me/friends?fields=name&access_token="app_id|app_secret" I get correct response. But when I run https://graph.facebook.com/me/friends?fields=name,notes&access_token="app_id|app_secret" the query returns only friends id's and names. It's worth to mention, that I user has granted access to "notes" for that application.
I think this because this kind of access token can replace the app token, but not the user token.
And with the app token, you can:
This can be used to modify the parameters of your app, create and manage test users, or read your application's insights. App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application.
It means that with this kind of token, you don't have any special permission, so your request cannot work.
What you could do is send the user access_token to your server and then use this token to perform the API request.

how can get data from facebook api and write those data in my own database using web services?

For this task I have already created my own facebook application to get the API key and secret key. Can anyone explain the next steps that should be done to
1) Read from facebook API
2) Write my own database
by using web services
Thanks in advance!
A high level answer:
I'm assuming you want to use the authorization code OAuth flow (this means you want Facebook users to give you access to their profiles so you can grab data from there). If so, you need to bring up a web server and an application that will run your users through the Facebook OAuth flow. In case you just want to access Facebook with your own credentials you don't have to have a web server, simply use the client credentials OAuth flow.
So, Once you have a valid access token, you simply make calls to Facebook API using this token. using Facebook Graph API is simply a matter of calling URLs and getting the data as JSON.
You can test-drive the API here.
BTW, according to Facebook's platform policy, you're only allowed to store Facebook data for caching purposes.
Let me know if this helps.

Get foursquare place details with/without API

I want to know the best way how to obtain the basic info of a foursquare location, so for instance the mayor, total checkins, profile picture,...
Important: I should be able to get this information without providing an oauth_token, and that exactly is my problem. The API demands a token, but I figured it should be possible to get the data without the token, because you can access places without authenticating.
E.g.: https://foursquare.com/v/whole-foods/49bc3b0af964a52020541fe3
The reason I want to do this, is because I want to make a facebook application which fetches the data for a locationbased facebook page and I don't want to demand the facebook users to login to foursquare first.
An alternative is webscraping, but that really is my last option.
Thanks in advance for your responses.
The "Venues Platform" allows you to access venue information through the API without an OAuth token. You can access all the information you're looking for, all you need to do is supply your Client ID and Client Secret when making a request to the /venues API endpoint.

developers.facebook.com issued access token VS OAuth generated

Interesting problem I'm having right now.
Signing in an App gives a access token looking something like this:
AAACwFsGcSr4BAOGUTwfuZAWuUcwZC0rJ7noZCKMqhBI7ivDCsIGqduGIZCus5PRaS6KuREqxLmhfvZAZAkz5WCpFfANtUpYHgZD
This access token can't access users PUBLIC information, while one issued by Facebook on developers.facebook.com - CAN.
You can easily test this by logging to your facebook and going to this link: http://developers.facebook.com/docs/reference/api/
You'll see that Facebook automatically generates access token on DEMO urls like this one:
https://graph.facebook.com/me/music
?access_token=2227470867|2.AQCvlA_ZaJ2MfRR0.3600.1318266000.0-100001572415177|2FeweU6ZvOQS9OCF5ZBV58_PtPg
If you would change /ME/ to any user which has his MUSIC posted as public, you WILL be able to access that data with Graph API.
Now try to get an access token to your APP and call the same Graph API method with generated access token, the returned data is empty JSON object.
Whats’ the difference between these access tokens? How to obtain access token, that I could get public information using Graph API?
I was thinking that logging in your APP is the highest possible access token and the only higher token is token with specified permissions...
Any guidelines would be great :)
http://developers.facebook.com/docs/reference/api/permissions/
I believe the difference is that you can specify additional permissions in a scope parameter,
so if you wanted to read a user's feed you would have to specify read_stream. I was trying to accomplish this with an access token from a server-side authentication flow in ruby, but the access token only allowed to me to navigate accross a certain portion of graph.facebook.com/user_id/feed? requests. If you get any insights or comes across a solution shoot it my way too, if you can.