Which access token type should I use to make a light and secure Open Graph call, say to get the number of likes on certain URL?
The first solution that came to me was to generate a user access token with just a "public profile" permission via Open Graph Explorer and use that one. But it didn't work, and it will expire, so I would have to re-generate the token every time.
The other one solution is to use an application access token which doesn't expire:
app_id|app_secret
It seems redundant to me, quote the docs:
This can be used to modify the parameters of your app, create and
manage test users, or read your application's insights.
Why do I need to get so many privleges, if I just want to read some public data? And I don't want to expose my application to some possible malware intrusion in the case of a app_id and/or app_secret leak
The question is not only about how I can get the likes of certain URL, I guess it's more about how to use and manage access tokens wisely.
All Facebook Graph API endpoints are documented. From this documentation, you will be able to learn which action on which endpoint requires which type of access token, and which permission scopes.
To get "the number of likes on certain URL" you cannot use graph API. Neither the /?id=URL endpoint, nor the /OG-Object-ID endpoint that you can derive from the former give you back a like count.
For websites that you manage, Facebook Domain Insights might give you what you are looking for.
Related
I know how to get short-term user access token then extend it to long-term access token (facebook) when i have my own app id and app secret. But now I want to get and extend the access token provided by Graph Api Explorer. How can I do it ?
If we do it manually, we get an access token from Graph Api Explorer but its short term and will expires in about 1 hours, how can I make it a long-term access token?
This is not possible. To extend the Access Tokens, you must utilize an app_id as well as an app_secret. I assume you don't have the app_secret of the Graph Explorer, so this might get difficult.
See
https://developers.facebook.com/docs/facebook-login/access-tokens#extending
I still have this issue and Tobi not understood the problem.
The Facebook Access Tokens are really problematic most of times and this is one of the bigger issue.
I have a facebook stream plugin where user can show their personal profile posts.
But the only access token that work is the one generated by Graph API Explorer and this can not be extended. Any other access token associated to an APP will not work.
Is incredible that Facebook not have a tool to allow users to generate an access token for access their personal informations.
Currently there is not any working solution. Incredible.
I want to know the best way how to obtain the basic info of a foursquare location, so for instance the mayor, total checkins, profile picture,...
Important: I should be able to get this information without providing an oauth_token, and that exactly is my problem. The API demands a token, but I figured it should be possible to get the data without the token, because you can access places without authenticating.
E.g.: https://foursquare.com/v/whole-foods/49bc3b0af964a52020541fe3
The reason I want to do this, is because I want to make a facebook application which fetches the data for a locationbased facebook page and I don't want to demand the facebook users to login to foursquare first.
An alternative is webscraping, but that really is my last option.
Thanks in advance for your responses.
The "Venues Platform" allows you to access venue information through the API without an OAuth token. You can access all the information you're looking for, all you need to do is supply your Client ID and Client Secret when making a request to the /venues API endpoint.
When working with my app, or with the Graph API Explorer, I have learned that I can access some information about anybody. Take for example,
https://graph.facebook.com/btaylor.
This includes the topics 'feed' and 'posts', which need 'read_stream' permission. I can get the information, even though he has not extended such permission to my app that I know of. My question is, do 'read_stream' topics have an undocumented peculiar status that does not require permissions?
I'll answer your two questions separately.
First, read_stream permissions is not inconsistent. You will need an access token to read someone's stream, no exceptions. The inconsistency you're observing probably lies in the presence of the access token within the URL. For instance
https://graph.facebook.com/btaylor should not provide you with anything more than basic details because the URL does not contain an access token.
https://graph.facebook.com/btaylor?access_token=AAAAAAITEghMBAMFnukHXAQgLGCfnptZAkF41gIDFt7ycPYkRpGic5MoHkpB6CZCaT21PPyQDOjYo7Tn4mGFH7CyNW06kgrZAWbeTVt9YwZDZD will show you additional details because it does contain the access token. However, realize that the access token will expire at some point, so the above link might not work. This link with the proper access token can be found here: http://developers.facebook.com/docs/reference/api/#auth
When looking at btaylor's posts, https://graph.facebook.com/btaylor/posts will tell you you need an access token but https://graph.facebook.com/btaylor/posts?access_token=AAAAAAITEghMBAMFnukHXAQgLGCfnptZAkF41gIDFt7ycPYkRpGic5MoHkpB6CZCaT21PPyQDOjYo7Tn4mGFH7CyNW06kgrZAWbeTVt9YwZDZD will show you all the posts.
It's possible that the Graph API Explorer is caching the access token and sending it with your request without your knowledge, but this doesn't seem to be the case for me. Are you sure the access token is not present within the "Access Token" field?
Second, the reason that you can see data publicly on someone's Facebook profile is because of their Facebook privacy settings. Facebook privacy settings do not correlate at all to the permissions requested and given via the Graph API. You could have everything public on your Facebook profile but none of it (besides the basic information) will be available via the API. A user has to explicitly allow your application access to their information when using the API. As to "why" this is the case, it's probably due to privacy and spam. If everyone in the world had API access to all information a person provided publicly, there would probably be a whole lot more spam only allowing that information to be viewed on facebook.com.
Interesting problem I'm having right now.
Signing in an App gives a access token looking something like this:
AAACwFsGcSr4BAOGUTwfuZAWuUcwZC0rJ7noZCKMqhBI7ivDCsIGqduGIZCus5PRaS6KuREqxLmhfvZAZAkz5WCpFfANtUpYHgZD
This access token can't access users PUBLIC information, while one issued by Facebook on developers.facebook.com - CAN.
You can easily test this by logging to your facebook and going to this link: http://developers.facebook.com/docs/reference/api/
You'll see that Facebook automatically generates access token on DEMO urls like this one:
https://graph.facebook.com/me/music
?access_token=2227470867|2.AQCvlA_ZaJ2MfRR0.3600.1318266000.0-100001572415177|2FeweU6ZvOQS9OCF5ZBV58_PtPg
If you would change /ME/ to any user which has his MUSIC posted as public, you WILL be able to access that data with Graph API.
Now try to get an access token to your APP and call the same Graph API method with generated access token, the returned data is empty JSON object.
Whats’ the difference between these access tokens? How to obtain access token, that I could get public information using Graph API?
I was thinking that logging in your APP is the highest possible access token and the only higher token is token with specified permissions...
Any guidelines would be great :)
http://developers.facebook.com/docs/reference/api/permissions/
I believe the difference is that you can specify additional permissions in a scope parameter,
so if you wanted to read a user's feed you would have to specify read_stream. I was trying to accomplish this with an access token from a server-side authentication flow in ruby, but the access token only allowed to me to navigate accross a certain portion of graph.facebook.com/user_id/feed? requests. If you get any insights or comes across a solution shoot it my way too, if you can.
On the documentation page for Facebook Graph API there are a lot of example links such as https://graph.facebook.com/me/likes?access_token=SOME_AT
Could anyone explain how the access_token for these links are generated?
All I've read in the documentation were about getting access_token only for applications, but on that page everyone could get an access_token without one.
You can use the graph API to get public information. People set privacy settings on facebook, so to prevent social freaks from stalking you, they(fb) created Autorisation.What I believe is that on the documentation, they are generating the access token using the Developers App. You can generate this Access token by making an application and asking a user to Authorise your application to access his data using OAUTH dialogs. Usually people reading at developer.facebook.com have enabled the Developers app so it easily opens your information.
The Graph API as such allows you to
easily access all public information
about an object. For example,
https://graph.facebook.com/btaylor
(Bret Taylor) returns all the public
information about Bret. For example a
user's first name, last name and
profile picture are publicly
available.
To get additional information about a
user, you must first get their
permission. At a high level, you need
to get an access token for the
Facebook user. After you obtain the
access token for the user, you can
perform authorized requests on behalf
of that user by including the access
token in your Graph API requests:
The access_token in these links are generated using your Facebook identity and an application ID (presumable associated to "developers.facebook.com"). If you go to the same page with another Facebook account, you will see different access tokens.