My goal is to add third party Ad Account IDs I need to access using the reportstats and insights APIs. (My developer account is at 'Basic' access so this is still a requirement.) I can see this being set in two places and I don't know what the difference is between them.
Here I can add the Ad Account Ids directly to the 'Authorised Ad Account IDs' input field:
But if I click on the "Ads API" button in the pop up I can also add Ad Account IDs, and these two places do not seem to be in sync with each other.
Those are for different purposes
The first screenshot, with the 'Authorized Ad Account IDs' field designates advertising accounts that you want to be able to run ads promoting your Facebook app - a user who isn't an admin or developer of your app will be able to create ads about your app if they do so in one of those accounts
The second screenshot is specific to apps which themselves access ad accounts via the Marketing API - for apps with 'Development' or 'Basic' access to the Marketing API you may only access a limited set of accounts, and this UI is where you specify which accounts you want to manage (otherwise any single user of your app could have so many accounts that they push you over the limit)
Related
I have troubles with adding my application to group for any test user.
I've created two test users and one of them has group and he is an admin there and I wrapped those users into test application.
I've added two permissions for groups (groups_access_member_info, publish_to_groups). In user settings I see my application but in group settings I can't add my application.
I need this because I would like to make request from facebook graph API.
Regards
In order to test the Groups API with an app in development mode, you need to be an admin of both the app and group. Test users don't count as admins of the app. Therefore, you'll need to use a real user account.
You don't have to add the app to the group, it is assumed that the app is added if you are the admin of the group.
Source: Facebook Platform Bug Report.
Additional information from another useful bug report:
to read group information (such as the /events edge on a group), the app needs to have the "Groups API" feature reviewed and approved,
and the app needs to be installed to the group. No additional
permissions are required on the access token.
to read information about the members of a group, the access token needs to have the groups_access_member_info permission granted during
login, and the app must have been approved for the "Groups API"
feature.
to publish to a group, the access token needs to have the publish_to_group permission granted, in addition to the app having the
"Groups API" feature
When testing this with your own groups in development mode, the Groups
API feature is assumed to be enabled, and when querying groups that
you manage, the API will behave as though the app is installed to your
group. Note that when querying group posts, you may only receive posts
made by yourself or other admins of the app.
When querying your group's events with your app in development mode,
the call worked as you didn't need any additional permissions on the
access token, and the API behaves as though your app is installed on
the group. This is similar to how this would work in production, as
the access token wouldn't need any additional permissions to be
granted during login.
To add your App to a Facebook Group in development mode so as to use the Groups API, you'll need to follow these steps
Ensure you are an Admin to both the App and the Facebook Group.
Create a Test version of your App from the main App, this enables you to use the Test App in a Facebook Group without needing to add the App to the Facebook Group or you'll get an OAuthException using the main App, see the docs.
Don't bother looking for the Test version of your App in the group app store as the Test App is bound automatically to any Facebook Group you are an Admin to.
Add the required permissions Groups API would use in a standard App see the docs like groups_access_member_info and publish_to_groups to get the most out of the Groups API.
Add Test Users to the App for them to see your posts made with the Test version of your App see the docs. This is not a must see the note below.
If you're testing with the Graph API Explorer change the Facebook App to the test version of your App to prevent an OAuthException.
Congrats! You can now use the Groups API with a Test version of your App to post to the Facebook Group you are an Admin to.
NOTE: Only your Admin account and the Test Users you add to the App can see the posts made with the Test version of your App, meaning mutations to Facebook are private to you an Admin and the Testers till you submit your App for review which you can read about here.
I am currently developing an app to manage my clients' Facebook AdAccounts. The usual workflow is to, among other things, individually authorize each AdAccount I want my app to have clearance to, by use of the dashboard at https://developers.facebook.com/apps/. The usual path is you click on your app -> Settings -> Advanced and scroll down until you find the Advertising Accounts panel. Then you click on the top-right button called Ads API and use the modal to manually include the Ad Account IDs to which you want to have API permissions.
However, this app is intended to manage dozens or hundreds of Ad Accounts, and it's supposed to manage this programmatically, as per the app's requirements. I looked all over the place and couldn't find any endpoints or wrappers in any programming languages to do that and I've been stuck for a few days now... so I was wondering if you guys could help me somehow.
That place you're referring to only applies to apps with 'Development' or 'Basic' access to the API
If you apply for and receive 'Standard' access, that dialog isn't necesssary, and your app can make API calls on behalf of any user who grants your app the ads_management permission
I.e once a user grants your app access to their accounts, you use their access token to access any accounts they are able to manage, on their behalf; it's only in the lower access levels of the API you need to provide a fixed list of Ad Accounts you'll be managing
Take a look at the Business Manager APIs. They're intended for the use case you mentioned (managing other accounts).
https://developers.facebook.com/docs/marketing-api/businessmanager/v2.6
I'm working on a application that post messages on facebook pages using the manage_pages, publish_pages roles.
Now we need to boost some of those post using ads. For that reason, we also ask for the ads_management, read_ads roles.
With these roles and the marketing api, we thought that we will be available to create an ad for the page post (with the access token of the page) and using an ad account linked to the app, not to the page (the ad is a reward for posting, so it will be payed by the app).
In our first POC, we get authorization errors when using the access token of the page and the ad account of the app. And this is logic for me: an app cannot allow a page token to use the money on an ad account that does not belong to him/them!
Ok. We changed of approach. Now we use a user token from someone of our organization that have access to the the ad account. Now the marketing api is allowing us to manipulate the account, but this user cannot create ads for the posts of the managed pages because it does not have the Advertiser role on each of those pages!
I think that the problem is that the marketing api does not use application level roles but user roles only ... I'm right?
I'm saying this because our application has all the roles that we need, but of course, our staff don't (facebook users authorize apps, not people from the app's organization).
So, there is a way to use the facebook marketing api using an app that can post and manage ads for that page but that use an ad account that is not related to the page?
The page, for which you want to run ads, will have to add the Ad Account (or respective User account that has access to the Ad Account) as an advertiser to the page. That way, you app will be able to create ads for those pages. Can you confirm that works?
I can't figure this out, I hope someone here can point me in the right direction. I've searched for an answer but was unable to find it.
I want to create a Facebook app which would manage ads (download ads reports and statistics). I've got user account, registered as developer, created and whitelisted the app. I've got only Development Access and that means means I can query only ad accounts owned by the admins of the app, set up in the account list associated with your application.
Problem is that the account with ads is a business account so I can't add this account as part of developers team and get the statistics. I get permissions errors when trying to access the business account (I have access token and everything, it just won't let me see the ads data due to insufficient permissions).
Is there a way to do this without applying for Basic access (not sure if I'll get it since the app is not done)? Can't I really somehow connect my developer's account with that business account?
About access limits: https://developers.facebook.com/docs/reference/ads-api/access/v2.2#limits
Seems like this is working correctly - you can build and test the app against accounts administered by your app's admins/developers at first
Once it's working you can submit it for approval to the Basic access level, where you can manage more accounts, including those belonging to users who aren't admins/developers of the app
There's more information about the access levels and how to move between them in the Access levels dovumentation
My website has accounts that are often accessed by multiple users. For example, a company might create an account under a generic company email address, and have different interns, etc update it.
We also have normal users that are the only people accessing their account.
We know we could make registering / signing in so much easier and more effective by utilizing various third party services like Facebook, Twitter, OpenID, etc, but we can't think of how to handle those services when multiple people want to create / sign into a single account.
How do we know which users authenticated with FB/Twitter should be allowed to access the company account on our website?
Facebook doesn't let you sign in as a Page yet, right?
You can let the users log in with their normal company account, and then give them a facebook Connect button. The only important thing you need to keep for facebook connect is their facebook id. I would add a new table, or a new entry in the users table with all the ids that have connected to that account. There would be no difference between single user and multiple user accounts, only in the number of ids connected to that account.
I use a sql table with two values, user_id and remote_id, and every time a user connects you add an entry. The same can be done with other open ids and twitter, the same able can be used.
Technically, no you can not log in as a page. But, once you get an install from a user, you can easily tell which page they are administrators of. If you create your company organizational unit around the entity of a page (or allow users to do this) then you could allow your users to log in with their Facebook accounts and once you have their Facebook session, you can access the /me/accounts graph endpoint and look at the pages they're administrators of and cross reference that with your company->Facebook Page definitions.
You could allow Facebook Page Administrators to invite users who do not have access to their Facebook Page. Once the lesser-privileged (intern) user gets to their invite URL endpoint, they could click a Facebook connect button to link their FB account with the Company/Page that the Administrator invited them to. This way, the Administrator wouldn't have to add a bunch of users to their Facebook Page as Administrators (thereby keeping their page more secure).