Facebook Graph API 2.0 Permissions Request Denied - facebook

I'm working on a notification web-app that has a Post-to-Facebook feature. Until the (Graph) API v2.0, it worked great. A user would authenticate with their Facebook account, put their token into our app, and we'd use that to make posts to their wall/page for them when a new notification was sent.
We have applied for the permissions we need to use on Facebook's new API (publish_pages, publish_actions, manage_pages). We received a notice that our application was rejected, so we re-worded the same application for permissions to try to clarify what we use the permissions for, resubmitted it, but have been rejected again.
An app that does almost exactly the same thing we hope to do was granted these permissions (we know, because we both work with- and compete with- that app). Until we found out that that app can still publish posts to Facebook, we believed that all requests to repost/automatically post on users' behalfs were being denied because of a Facebook policy change.
We can't figure out who to contact or where to appeal the denial of these permissions. This probably isn't the right forum (since this isn't specifically a technical question about the API), but I can't see where to take this issue next.

Did you have a look at the Login Review FAQs:
https://developers.facebook.com/docs/facebook-login/review/faqs
or otherwise refer to
https://www.facebook.com/groups/fbdevelopers

Related

pages_messaging permission required when subscribing for Instagram messages (Facebook app)

I'm creating an app that will allow me to manage my Instagram account, following the guide from here
Now I'm at the App Review stage and I have a conundrum:
theoretically I should not need the pages_messaging permission (the documentation is not mentioning this as required)
that being said, when I make my call to register a callback for Instagram messages `POST /v11.0/{page-id}/subscribed_apps?fields=messages&access_token={access_token} the call will fail with WWW-Authenticate: OAuth "Facebook Platform" "insufficient_scope" "(#200) To subscribe to the messages field, one of these permissions is needed: pages_messaging" (this call is the same they are making in the documentation)
so I've added the pages_messaging permission in my review
now I'm unable to pass review as they keep telling me that I don't need the pages_messaging permission for my use case (managing Instagram messages) - "We determined that your app's use case for the requested permission or feature is invalid or is not needed to support its core functionality."
Hmm.... what am I missing? Any guidance that you can provide?
After further attempts:
we could not find a technical way for not needing the pages_messaging permission
Facebook would not approve this permission for our Instagram app - we got no more details than "invalid or is not needed"
we resorted to actually increasing the scope of our app to also cover Facebook page messages, we re-recorded our demos to showcase interaction with a FB page.
with the new approach we managed to pass the pages_messaging approval process
It feels like we're doing something wrong - we shouldn't have had to support Facebook messages and go through the lengthy process of changing our app just to showcase FB page interaction. Not if we only wanted Instagram support.
Alas, as of October 2021, this is how we moved things along.
Hopefully something will change in the future to make things more clear & transparent in future.

Facebook How to submit App Review for user_events permission

As all of you know, Facebook has reset and close a lot of permissions on Graph API since Cambridge Analytica.
Recently Facebook has re-opened their API access with app review process. For the review process, we would like to submit "user_events" permission.
But the problem is to demonstrate how we are using this permission with Screencast because we currently cannot get access to "user_events" even with test users.
So how should we record screencast for "user_events" permission to submit app review?
This seems to have changed since the questions was asked.
Current status:
This edge is only available to a limited number of approved apps. Unapproved apps querying this edge will receive an empty data set in response. You cannot request access to this edge at this time.
developers.facebook.com/docs/graph-api/reference/user/events/

new app-id - OAuthException (#200) on post comment

Since I created a new (Facebook) App last week, I get an OAuthException whenever I want to comment on a post.
"(OAuthException) (#200) You do not have sufficient to permissions to perform this action".
With the old App, my application works fine.
Now I found out that Facebook has changed the login policy recently. I also found the following remark on https://developers.facebook.com/docs/facebook-login/permissions/v2.0:
"If your app asks for more than than public_profile, email and user_friends it will require review by Facebook before your app can be used by people other than the app's developers".
So if I post with the same account with which I created the App, it should work, right? Only it doesn't...
Remark: if I use the new App with another Facebook-account, I have even less permissions (e.g. cannot access the account's pages). So I have more permissions if I use the same account, but still I cannot post!
I use Graph API via .NET Facebook-Client; my App is a native app (desktop app).
Could someone please tell me how to post with a new App? This is the main use-case of our application! Thank you very much!
Here is a screenshot of what I see instead of the login-screen when I use extended permission "publish_action" instead of "publish_stream"
You must be able to post with your own account since you are the admin of the application. - since only the admins/developers/testers will be able to test the app with the publishing functionality before it gets approved by facebook.
If you still are not able to, you must have not granted the permissions to the app. Things to check-
You are using publish_actions and not publish_stream
Check in your application settings whether or not you can see the publishing permission is granted for that app.
If not granted, go through the login process again and grant the publishing permission (may be by removing the app from settings and then authorizing again OR logout the app and then login again with publish_actions)
Problem solved - it was a stupid typo: I wrote publish_action instead of publish_actions (should be plural)! Thanks again to CBroe who pointed it out in this thread!

How to post to my own timeline/page without requesting publish_actions and manage_pages permissions?

I have a blog website and I have a Facebook page where I would like to share updates from my blog. I also would like to share those updates to my personal profile/timeline. I made an application and requested the publish_actions and manage_pages permissions.
It got rejected with the following comment:
You do not need to request these permissions because your blog or CMS
is integrated with an app that you admin. As an App admin, you can
already access these permissions and post to your Timeline or a page
you admin. You can provide access to additional users by adding them
as developers of your App.”
Yes, I am an admin on website, app and Facebook profile/page.
But, can anyone tell me what does it mean?
I read documentation several times. It's pretty clear that I can post even to my own only with access_token. I can get access token if I ask for authorization.
If a request authorization with publish_actions, manage_pages authorization dialog comes with the red banner saying:
"The following permissions have not been approved for use and are not being shown to people using your app: publish_actions and
manage_pages.Submit them for review or learn more."
and
"This does not let the app post to Facebook."
. Then any attempt to post comes with Error #200) The user hasn’t authorized the application to perform this action. It I don't ask for permission I just getting Error 200.
So how exactly I can "already access these permissions and post to my Timeline or a page I admin" as an App admin?
It seems that around mid May they of went back on the review process, at least partially; if your user owns the app and the page then you should be able to publish to your stream or to your page without going through the review process... I guess you just don't have to ask for the permissions that triggers the review process.
I'll be testing this in a bit and I'll get back to you with my results.
UPDATE: Yup. I've just tested it... just ask for publish_actions, manage_pages and status_update and it'll let you autopost on your own page, just ignore the warning about the review process.

Controlling Facebook oauth login experience

I'm building a Facebbook application that uses the Facebook oauth login. I see some existing sites that have a single-page experience that combines application authorization with asking for permissions. But when I build my application, I'm seeing a two-page authorization dialog: application authorization and basic permissions come on the first screen, the second screen asks for additional permissions.
I'd like to get to a single-screen dialog, similar to the one shown on this page:
http://developers.facebook.com/docs/authentication/
but that's not what I'm seeing, even though I use the URL from that page, and even though I use the same Oauth redirect URL that I see in another app that shows the dialog as I want it.
Anyone have any ideas on how to have the older app authentication dialog?
Short answer: that's the way it works now. Facebook changed things. Go figure.
Facebook has changed the way the auth dialog works. It seems like they are trying to discourage use of publish_stream and other permissions and make it easier for users to grant the open graph publish_actions permission.
From the recent blog post:
Added functionality to the publish_actions permission
When we turn on the new auth dialog, we will also add some of the most frequently requested permissions to publish_actions to make the permission more robust and improve conversion. publish_actions now includes the ability to post status updates on the authenticated user’s own timeline, tag photos, publish photos and videos. Other actions such as posting to a friend's timeline still require the use of publish_stream.
Adding these common permissions to publish_actions eliminates the need for extended permissions and the second screen of the auth dialog for the majority of timeline apps built with the Open Graph. This makes the auth process clearer to new users and should improve conversion rates. Additionally, approved Open Graph actions are no longer required for the publish_actions permission. Apps should only ask for the stream_publish permission if they absolutely need functionality not present in publish_actions.
See this blog post for full details and references: https://developers.facebook.com/blog/post/2012/03/02/enhanced-auth-dialog-and-updates-to-permissions/
Subscribing to the Facebook devleoper blog and monitoring the platform roadmap at https://developers.facebook.com/roadmap/ are good ways to see these changes coming.