I try to get ads performance data using this api: https://graph.facebook.com/v2.5/{ad-account-id}/insights. User access token is needed when doing this request. I have several ad accounts. But one user access token is valid just for part of my ads accounts. The error message is "(#10) You do not have sufficient permissions to perform this action". Why? (I can access the dashboard report of all ad accounts.)
Every user access token is related to an app. I have two user access tokens which are generated with different apps. If I change to another access tokens, the ad accounts of which I can get performance data by api are different. So I guess this is related to apps by which user access token is generated.
Access tokens are made of up a user + app. Make sure both the user, and the app have access entity you're trying to access (in this case, ad account).
Also, when generating the token make scope includes the permission for ads_read
Related
Question: Is it possible for application which associated with business manager to obtain ads_management permissions and make server-to-server calls using appId|appSecret as access token.
If yes then what are the correct steps to obtain those permissions for an app?
If no then is there a way to get access token for the user with such permissions which never expires?
Details: As stated in FB documentation, in order to make server-to-server requests without need to obtain and refresh access tokens we may use pair of app Id and app secret in form of appId|appSecret.
Our application now has the following permissions:
- email
- public_profile
- user_friends
In order to make calls to Ads API our application has to have ads_management permissions. Currently we make calls to Ads API through user-level access token and this is not preferable for us as this token requires refreshes which must be done manually using browser interaction (we can't obtain access token programmatically)
You may be confusing App Access Tokens (which allow you to make calls on behalf of the app itself) with permissions (which an individual user grants you to act on their behalf) - you'll always need a user token to update things belonging to a user.
A user, who's an admin of the ad account you want to manage, needs to grant your app ads_management permission - once they've done that, the OAuth flow gives you an access token to make API calls on their behalf, and that token doesn't expire for up to 60 days (after which point they need to come back to your site/app while logged into Facebook for you to get an updated token)
In the context of Business Manager, that user must be someone that has access via Business Manager to the assets (ad acccounts and pages) you want to update via the API
If your app has Standard access to the Ads API, you can also use 'System Users' to make sessionless API calls to update the assets of the business: https://developers.facebook.com/docs/marketing-api/businessmanager/systemuser/v2.2
More info about login here:
https://developers.facebook.com/docs/marketing-api/guides/chapter-1-Setup-and-Authentication
https://developers.facebook.com/docs/facebook-login/access-tokens
I am using Facebook as advertising platform to promote my application on Apple and Google stores. I would like to make windows service which will download daily report(s) about advertising status of my marketing campaign running one Facebook, preferably using 60 day token, or some permanent solution so that token is retrieved when required. I think that i understand everything to do this except how to generate access token to use it with Facebook Graph API. Which token for which Facebook account do I need and how to obtain it?
You'll need a Facebook app and to grant that app the ads_read permission in order to retrieve reports about your advertising efforts via the API (source).
You'll want a long-lived token so that you don't have to re-authenticate very often. The access token documentation details the steps to exchange a short-lived token for a long-lived one.
You may also want to consider managing the app, ad account, and access tokens (via a business system user) with the FB Business Manager.
Create a facebook app.
Go to the Graph API Explorer in Facebook's Tools & Support section.
Pick your app from the drop down.
Hit Get Token > Get User Access Token.
In Select Permissions choose required permissions or select them from extended permissions.
Use the user access token that will be presented to you in the access token form input field.
Each user who allow permission to my app will have an access token
or
One access token can handle actions, for example, upload photos to an user album?
I know that an access token can expire up to 60 days,
so do I need save this access token for each user on my database and when request comes from that user, load the access token for him?
Each user who allow the app will have an access token, which will include all the permissions user has granted to your app.Read more about user access tokens here
Each user who allow permission to fb app, will have different Access Token which will be unique.
The Access Token is generated on the basis of browser session from client, AppID and App Secret. In a web server based application, it is not absolute requirement to save application token for user. But application like HootSuite saves user credentials and access token for later use to get facebook feeds and other services.
So it depends on application requirement.
Thanks
Each user sends you another access token in context to use User session of course.
An access token is a random string that provides temporary, secure
access to Facebook APIs.
A token identifies a User, App or Page session and provides
information about granted permissions.
And in User Access context:
You can use this token to perform API calls on behalf of a user,
including reading, publishing and deleting, depending on the
permissions your app has. For example, you can retrieve a user's
friend list or publish a new photo to their timeline with a user
access token.
http://developers.facebook.com/docs/concepts/login/access-tokens-and-types/
Yes, you have to remember this access token if you dont want to reconstruct it. But in many API's this is done "automagically", for e.x. in PHP SDK the access token is stored in user cookie. If you implement more complicated user-flow, you have to remember access token OR regenerate it each time (http://developers.facebook.com/docs/concepts/login/login-architecture/). Remember, that access token will expire and you will have to regenerate it (on the faith of already granted permissions).
FYI: If you want to preserver offline access (executing application activities without user session), you will consider offline_access, but it is deprecated:
http://developers.facebook.com/roadmap/offline-access-removal/
Hope it revealed the problem.
According to Facebook Devlopers: Test Users, I can list the test users of my facebook app by making a request to https://graph.facebook.com/APP_ID/accounts/test-users?access_token=APP_ACCESS_TOKEN. The response includes a valid user access token for each user.
How can I get a valid user access token for a specific test user without downloading the whole list of test users?
Test users should be able to be authenticated with your application in the same way as an other user. So use the Authentication flows while logged in for a specific test user.
Other than that there is no way to call one by one without parsing with code.
I want to fetch feed/post/statuses data for a particular user.
But found that it is necessary to have an access token.
My concern is , do we need to have a separate access token for every user to fetch their information or merely with a single access token it is possible?
The access token is used to verify that the user making the call is verified and has the correct permissions to perform that action. Every user has his/her own access token for each application. As the comments say above, access tokens expire after a while, so you have to re-request them when the user logs back into your application.
There is also "long-term" access tokens that can be retrieved by requesting the offline_access permission. In this case the access token is valid for (i think) 30 days or until the user changes his/her facebook password.
All the information you need about access tokens can be found at https://developers.facebook.com/docs/authentication/
An Facebook Graph API access token allows you to do what a Facebook application running as a particular user, with a particular set of permissions (https://developers.facebook.com/docs/reference/api/permissions/), is permitted to do. Some data on other Facebook objects (such as users) may be available with the access token of another user, especially if they are a "friend" of the user in the access token.
For example, suppose the access token specifies User A and permission "friends_birthday". You should be able to query the birthday of user B if (1) user B is a friend of user A, and (2) user B permits his/her friends to see his/her birthday.
I don't know your full scenario, but if you are really just fetching data, you may find it easier to use https://facebookpsmodule.codeplex.com rather than writing your own Facebook application.