I'm trying to update some old PHP code which is supposed to get the name, likes and a link to the given Facebook page. This is the current old code:
$fbsite1 = json_decode(file_get_contents('http://graph.facebook.com/page1'));
$fbsite2 = json_decode(file_get_contents('http://graph.facebook.com/page2'));
$fbsite3 = json_decode(file_get_contents('https://graph.facebook.com/page3'));
for($j=1; $j<=3; $j++){
$data[] = array(
'name' => ${'fbsite'.$j}->name,
'likes' => ${'fbsite'.$j}->likes,
'link' => ${'fbsite'.$j}->link
);
}
The problem is that this method requires an access token, which I'm not quite sure how to get. I've looked at the Facebook API reference, but there seems to be a few different access tokens (different permission etc.). Which one do I need to accomplish this? How do I get it?
If the pages are public, then you only need an app access token.
So create an app in the FB dev section (if you have not done so already), and then include your app access token in those request URLs:
http://graph.facebook.com/page1?access_token=…
FYI, you should consider requesting all that data in one go, instead of making multiple API requests. You can do that using this syntax (for up to 50 ids in one request),
http://graph.facebook.com/?ids=page1,page2,page3&access_token=…
And you will have to explicitly ask for the name, link and likes fields now (otherwise you will get name and id only):
http://graph.facebook.com/?ids=page1,page2,page3&fields=name,likes,link&access_token=…
Related
I have a Page Tab facebook app. I want to post to users timeline from it.
After login on client side with javascript sdk (I use angularjs module for that Ciul/angular-facebook (sorry, cannot post github link here)):
https://gist.github.com/Sevavietl/7e363fdfd0e714a12a43
I retrieve access_token on server side and trying to post a carousel to the users feed:
https://gist.github.com/Sevavietl/cec5fa434837312adfd3
I have two problems:
While first call I get
Graph returned an error: (#210) Param id must be a page.
After browsing, I found that this can be caused by wrong token usage. Not user_access_token. But I login the user on the client side.
And for next calls I get
Graph returned an error: This authorization code has been used.
Again, after browsing, I found that token can be used only once in order to be OAuth compliant.
Please, advise me how to do this right?
Thank you in advance.
Best regards,
Vsevolod
After spending some time on this, I am writing my solution, as it was not really obvious, at least for me. But, actually, all info is present in the documentation.
Starting with problem number 2: And for next calls I get Graph returned an error: This authorization code has been used.
As it was mentioned in the comments, I indeed was confusing access_token with authorization code. As I understand in really simplified form, the mechanism is:
When you login with facebook-javascript-sdk it writes authorization code to cookies.
Then on the server side you can retrieve access_token from javaScriptHelper available in facebook-php-sdk. This helper has getAccessToken() method, which retrieves access_token using authorization code from cookies. This is the place where I was confused. I was trying to use getAccessToken() on every request. As requests were made with AJAX the authorization code was not changed, and as you can use it only once I was getting an error. The solution to this was pointed in many places on the Internet, but somehow I was able to misunderstand this.
Here is the code excerpt that uses sessions to store access_token, and uses getAccessToken() method only if access_token is not set in the session.
$fb = new Facebook([
'app_id' => $widget->app_id,
'app_secret' => $widget->app_secret,
'default_graph_version' => 'v2.5',
]);
$helper = $fb->getJavaScriptHelper();
if ($request->session()->has('facebook_access_token')) {
$accessToken = $request->session()->get('facebook_access_token');
} else {
$accessToken = $helper->getAccessToken();
// OAuth 2.0 client handler
$oAuth2Client = $fb->getOAuth2Client();
// Exchanges a short-lived access token for a long-lived one
$longLivedAccessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
$request->session()->put('facebook_access_token', (string) $longLivedAccessToken);
$request->session()->save();
}
if ($accessToken) {
$fb->setDefaultAccessToken($accessToken);
} else {
die('No Access Token');
}
I use Laravel, so the session handling is not framework agnostic. This code is only for example, it is better to create service and move logic there.
Now. About the first problem: While first call I get Graph returned an error: (#210) Param id must be a page.
Again I was confusing two things '{user-id}/feed' and '{page-id}/feed'. My aim was to post a carousel with images and links. To create a carousel you have to provide child_attachments in the fields array. While you can send a Post like this to '{page-id}/feed', you cannot do so for '{user-id}/feed'. So at the moment you cannot post a carousel to users feed.
So when Graph Api was getting a Post data applicable for '{page-id}/feed', it was assuming that I have passed the {page-id}. And when getting the {user-id} instead, the Graph Api yelled back "(#210) Param id must be a page.".
I'm visiting a number of Facebook pages and collecting information about their posts. When the Facebook page has created a custom username / alias, I can simply query their page like so, using their ID:
$accessToken = FACEBOOK_APP_ID.'|'.FACEBOOK_APP_SECRET;
$url = 'https://graph.facebook.com/104958162837/?access_token=' . $accessToken;
However, if they didn't bother to setup a custom username / alias, then it won't work, even if I specify:
The default alias that FB gave them when they created the page (looks something like My-Page-Name-104958162837).
The numerical ID of their page.
What gives?
Works fine for me that way, if use a User Token:
/129319107123637
/129319107123637/feed
Just try it in the API Explorer, after authorization: https://developers.facebook.com/tools/explorer/145634995501895?method=GET&path=129319107123637&version=v2.5
It only does not work with an App Token if the Page is restricted by age or location. In that case, you have to use a User Token of a User who is allowed to see the Page, of course.
Has anyone seen a full example of how to pull facebook reviews using the graph api.
According to the docs:
A page access token is required to retrieve this data.
I have code that asks a user to login already and gets an auth token which I can use to post a message to their facebook feed. Is there an additional step I need to do to be able to read their reviews/ratings?
Here is an example of the code to post to their feed/page.
response = Curl.post("https://graph.facebook.com/#{page_id}/feed", {
:message => message,
:access_token => auth_token
})
Thanks
If you're referring to Page Ratings (different from App Reviews!), then the endpoint is
GET /{page_id}/ratings
as described here: https://developers.facebook.com/docs/graph-api/reference/page/ratings You'll need a Page Access Token for this.
Where I get a little bit confused is that you mention that you want to
read their reviews/ratings
In that case it's something else, because afaik it's currently not possible to query the User's Page ratings via Graph API or FQL. It's was only possible to query App Reviews via FQL (see https://developers.facebook.com/docs/reference/fql/review/) (Update: FQL is no longer available since 2016)
You need to set permission in the app to access the {GET /{page_id}/ratings} API. The permission is common for
/page/comments,
/page/posts,
/page/ratings,
/page/tagged,
and the permission name is "pages_read_user_content"
https://developers.facebook.com/docs/permissions/reference/pages_read_user_content
I was wondering if it is possible to change your site url or canvas url using the graph api. I have admin rights to my application and I can change it via the gui but I would prefer to be changing it via a curl.
Thanks
Here is example:
$properties = array(
"callback_url" => '',
"installable" => 1,
"profile_tab_url" => "",
"tab_default_name" => "",
'tos_url' => '',
'privacy_url' => ''
);
$facebook = new Facebook(array('appId'=>'YOUR_APP_ID','secret' = > '..', ...));
$facebook->api(array(
'method'=>'admin_setAppProperties',
'properties'=>json_encode($properties))
);
Here is a list of the properties you can set: http://developers.facebook.com/docs/appproperties/
There is also admin.getAppProperties more info you can find here: http://developers.facebook.com/docs/reference/rest/admin.getAppProperties/
Using Facebook SDK
You need to use the old REST method admin.SetAppProperties
https://developers.facebook.com/docs/reference/rest/admin.setAppProperties/
At the moment FB has not yet moved that method yet to the OpenGraph but you can still call REST methods via the Graph API (As shown in the console in the page above).
Even then you cannot change the secure_canvas and secure_tab url setting. FB is apparently working on make those settings as part of the API as far as I heard.
You can now change app properties via Graph API. You can make POST request, using the application id in the path, and use the app access token as the access token, and pass in key/value pairs as POST variables for properties you'd like to modify.
https://developers.facebook.com/docs/reference/api/application/ has a list of the application properties that you can modify with the Graph API.
I'm attempting to use the new Graph API Facebook recently released, but I can't seem to get it to work correctly.
I've gone through the steps, and after the /authorize call, I receive an access_token:
access_token=109002049121898|nhKwSTJVPbUZ5JYyIH3opCBQMf8.
When I attempt to use that token I get:
{
"error": {
"type": "QueryParseException",
"message": "An active access token must be used to query information about the current user."
}
}
I'm stumped as too why...
-AC
When using your Facebook Application's token
If you're using the me alias as in https://graph.facebook.com/me/ but your token is acquired for a Facebook Application, then "me" isn't you anymore - it's the app or maybe nothing. Anyway, that's not your intention for the app to interact with itself.
In this case you will want to interact with your personal user account from an app. What you need to do (after giving the app the permissions it requests in the UI when it asks) is find your facebook userid # and put it in place of "me" to access your own info. e.g. Mark Zuckerberg's facebook userid is 4 so he is https://graph.facebook.com/4/
The alias me only works if you're you! Sometimes it's hard to remember who the current user is when programming facebook (i.e. you, the Page, the App, etc) because we're accustomed to using the facebook UI as ourselves most of the time. From a programming standpoint it depends on what the acquired token represents.
A great blog post that always helps correct me is Ben Biddington | Facebook Graph API — getting access tokens.
same thing here. I followed Ben Biddington's blog to get the access token. Same error when trying to use it. Facebook's OAuth implementation doesn't follow the spec completely, i am fine with it as long as the doc is clear, which obviously is not the case here. Aslo, it would be nice if the userid and username are returned with the access token.
Just to clarify -- after you call
https://graph.facebook.com/oauth/authorize?
you should receive a CODE which, in conjunction with your CLIENT_ID and CLIENT_SECRET (assuming you have registered your application) can be exchanged for an access_token at
https://graph.facebook.com/oauth/access_token?
If this is indeed how you came by your ACCESS_TOKEN, you should then be able to request
https://graph.facebook.com/me/
Adding type parameter returns the auth_token for the application level, so it is better to OMIT it. What worked for me, after countless attempts and combinations, is using the same redirect_url parameter in the call to /oath/access_token as was used in the call to /oath/authorize.
So the full sequence to authorize your app on someone's behalf is:
1. call or redirect to:
"https://graph.facebook.com/oauth/authorize?client_id=" + my_clientId + "&scope=publish_stream,offline_access,manage_pages" + "&redirect_uri=" + "http://my_redirect_url?blah"
2. in the page located at the return_url above, issue a request or what ever else to this url:
"https://graph.facebook.com/oauth/access_token?client_id=" + client_id + "&client_secret=" + secret + "&code=" + Request.QueryString["code"] + "&redirect_uri=" + "http://my_redirect_url?blah"
I've been having the exact same problem. A couple of things I've done to resolve it:
Try it all out in the browser first to make sure the urls are correct at each stage
Ensure the redirect url is identical, not just equivalent. Parameters in the same order, encoding the same
Don't use the type=client_cred, or anything else for that matter
Encode any ampersands in the redirect_url (but not the rest of the url) e.g. http://example.com/fb?foo=234%26bar=567. This one caused me the most issues. When the callback page was run, only the url before the first ampersand was included, as the ampersand was assumed to be part of the url for graph.facebook.com, not part of the redirect_url. I was then getting the values from the querystring to put in the redirect_url for the second call, but they weren't there. Once I encoded the ampersands they appeared correctly.
Don't have any empty values in you encoded querystring parameters (e.g. ?foo=%26bar=123)
I want to point out what has sort of been said on Ben Biddington's blog, and what I noticed from looking at the "malformed" access_token in the initial question. Others have said similar things in this thread, but I want to be explicit.
The token is not actually malformed, but rather a token that allows you to do actions on behalf of the APP, not the user. This is the token you'd use if you wanted to get all of the users of the app, or view insights for your app, etc, with the requests typically coming from your server, not the client. This type of token is gained by using the type=client_cred parameter. If you want to do things on behalf of the user, do not specify type=client_cred, and make sure you specify the following parameters in your call to http://graph.facebook.com/oauth/access_token:
'client_id' => APP_ID
'redirect_uri' => REDIRECT_URI
'client_secret' => APP_SECRET
'code' => $_GET['code']
I've written this as key-value pairs of a PHP array, but I think you get the point. The code GET value is gained after making the initial call to http://graph.facebook.com/oauth/authorize with the following parameters:
'client_id' => APP_ID
'redirect_uri' => "http://your.connect.url/some/endpoint"
I hope this helps! What the Facebook docs say, but don't say well, is that getting an access_token is a two-request process.
I actually noticed that if your return uri doesn't have a slash on the end you have issues. I'm currently testing in the browser and return_uri=https://mydomain.com doesn't work but return_uri=https://mydomain.com/ does work. If I use the first I get "Error validating verification code."
This seems a bit odd, but I prolly just missed a word in the spec/instructions some where. Did lose two hours of my life to it though.
I had the same problem, but getting rid of type=client_cred and making sure that the redirect_uri parameter is the same when making the authorize and the access_token call fixed the issue.
I had the same issue in IE8 only.
The solution for me was sending the access_token in the API request.
Something like this:
FB.api('/me/friends?access_token=<YOUR TOKEN>
I obtained my token through PHP like this:
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => '<API_ID>',
'secret' => '<SECRET>',
'cookie' => false,
));
$session = $facebook->getSession();
$token = $session['access_token'];