I am building my first facebook app and am facing a issue.
Task : Build a entirely server side application to be used by the admin of a facebook page to post videos/photos on the page. This should not involve having the admin to log in everytime to generate the user acess and page access token.
What I found : Based on the requirement, I found that app tokens can be used for this purpose. This line specifically hints at the usefulness.
App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application
I think that using this will be safe since mine is an entirely server side app.
Problem The docs say that:
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
will give the app token that can be used in place of user access token.
However, I have not been able to do so. Specifically the error encountered is
Error 200 .The user must have accepted the TOS. Since I have already tried publishing content with page access token, I know this is a permission issue.
The following line
a person who has granted an open graph publishing permission to your application.
does not clarify everything. I came across a related question, but the answers seem to be a bit vague.
It would be really great if someone could give me insights about how this can be achieved.
In order to post to a page, you need at least authorize with the manage_pages permission. If you want to post "as user", you need to add publish_actions and use a "User Access Token". If you want to post "as page", you need to add publish_pages and use a "Page Access Token".
Information about how to generate those Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
The error message with the TOS has been discussed a lot of times already, please go to those threads (or find a lot more with the search function):
(OAuthException) (#200) User must have accepted TOS on C# - Facebook
How come I get a "must have accepted TOS" error for test users with app installed?
facebook long term token "(#200) User must have accepted TOS"
Occassional (OAuthException - #200) (#200) User must have accepted TOS
You cannot post to a Page via an App Access Token. This is clearly stated in the docs at
https://developers.facebook.com/docs/graph-api/reference/v2.3/page/feed#publish
A user access token with publish_actions permission can be used to publish new posts on behalf of that person. Posts will appear in the voice of the user.
A page access token with publish_pages permission can be used to publish new posts on behalf of that page. Posts will appear in the voice of the page.
I'd recommend to use a eternal Page Acess Token, so there's no obligation to renew the User Access Token. Have a look at my answer here:
Post to a facebook page without "manage_pages" permission using php
See
https://developers.facebook.com/docs/facebook-login/access-tokens#pagetokens
Related
I am writing application for getting reviews for particular page from facebook. I found that for getting reviews you need to ask user for manage_permission and you will get one token which can be use for further communications.
But, right now manage_pages permission is deprecated since May 2022, what is alternative for getting user page access token to get reviews.
Furthermore, here it says that we can get page access token and page id using get page id. I am passing user id and token which I store using facebook login, but, I am not getting any data related to page.
Thanks.
With regards to your question, you can request for pages manage posts permission.
Read Doc. https://developers.facebook.com/docs/permissions/reference/pages_manage_posts
As i understand, i need to validate my person, wait for my app review etc.
But what if i just need to post only on my page and nowhere else? Someone told me that i just have to be an app and page administrator and i even can leave app in dev mode but it didn't work for me. In all cases i just recieve
If posting to a group, requires app being installed in the group, and either publish_to_groups permission with user token, or both manage_pages and publish_pages permission with page token; If posting to a page, requires both manage_pages and publish_pages as an admin with sufficient administrative permission
Is it any way to skip all these checks and use API for posting? If not, can you tell me some free services i can use to reach this with? Much thanks for answers.
If you are posting to a page (any page) you need a token with manage_pages and publish_page.
You can generate a test token using the explorer: https://developers.facebook.com/tools/explorer/ - but this token is short lived (1h)
Using the short term token in the explorer, you can get a list of your pages (endpoint: /me/accounts) that you manage and that list will contain a page_token for each page you manage.
With that page_token you can post to the page.
You can put the page_token into the Access token debugger to see it's permissions.
https://developers.facebook.com/tools/debug/accesstoken/
You need approvals if you are putting the app live and allowing non-developers access to it.
I have a blog website and I have a Facebook page where I would like to share updates from my blog. I also would like to share those updates to my personal profile/timeline. I made an application and requested the publish_actions and manage_pages permissions.
It got rejected with the following comment:
You do not need to request these permissions because your blog or CMS
is integrated with an app that you admin. As an App admin, you can
already access these permissions and post to your Timeline or a page
you admin. You can provide access to additional users by adding them
as developers of your App.”
Yes, I am an admin on website, app and Facebook profile/page.
But, can anyone tell me what does it mean?
I read documentation several times. It's pretty clear that I can post even to my own only with access_token. I can get access token if I ask for authorization.
If a request authorization with publish_actions, manage_pages authorization dialog comes with the red banner saying:
"The following permissions have not been approved for use and are not being shown to people using your app: publish_actions and
manage_pages.Submit them for review or learn more."
and
"This does not let the app post to Facebook."
. Then any attempt to post comes with Error #200) The user hasn’t authorized the application to perform this action. It I don't ask for permission I just getting Error 200.
So how exactly I can "already access these permissions and post to my Timeline or a page I admin" as an App admin?
It seems that around mid May they of went back on the review process, at least partially; if your user owns the app and the page then you should be able to publish to your stream or to your page without going through the review process... I guess you just don't have to ask for the permissions that triggers the review process.
I'll be testing this in a bit and I'll get back to you with my results.
UPDATE: Yup. I've just tested it... just ask for publish_actions, manage_pages and status_update and it'll let you autopost on your own page, just ignore the warning about the review process.
I have implemented a server-side login flow for a facebook page management application to allow my users to grant the necessary permissions to this application. So far, this works nicely and allows my application to obtain a "page access token" after being granted the manage_pages permission.
However, during the login flow, the facebook UI on facebook.com requests both the manage_pages permission (which is what I asked for) and the permission to see the list of friends of the user (which I did not ask for).
To be specific, I redirect the user to https://www.facebook.com/dialog/oauth?client_id=...&redirect_uri=...&state=...&response_type=code&scope=manage_pages.
Is there a way to convince the facebook UI to not request permission from the user to see his list of friends ?
For reference, since I spent a good amount of time researching an answer to that question, I believe that it is impossible to explicitely not request permission from the user to see his list of friends. The Facebook documentation hints at this by stating that these are the "default" permissions that every application gets.
I want to connect my web application with the facebook business page. Each time I add a new product to the page I want to post it on facebook wall. I have a facebook application and the page owner username and password. Can I automatically authenticate with the user, pass to facebook and send the post request from server side only? Usually I am logged in with another facebook account when I add products. Also I would like to post when another page user add a product.
You can post to Facebook as a facebook page using the manage_pages permission. You'd need to obtain this permission from a user who is an administrator of the page. There are a few steps to the process, here is a basic summary:
Get an access token from a user who is an administrator of the page
and has granted "manage_pages" to your app. read about authentication
here: http://developers.facebook.com/docs/authentication/
using that access token, make a graph request to
https://graph.facebook.com/me/accounts?access_token=USER_AUTH_TOKEN
You'll get a json response containing all the pages the user administrates, containing their name, category, facebook id, and an auth token - this is what you'll need to post to that page
you can then use this access token to post to the specific page using
https://graph.facebook.com/PAGE_ID/feed?message=POST_MESSAGE&access_token=AUTH_TOKEN&method=post
I just found this blog post which gives you a pretty good explanation
http://developers.facebook.com/blog/post/465/
It sounds like you need the 'offline_access' extended permission.
It is scheduled to be deprecated. Take a look at the following link for more details:
Deprecation of Offline Access Permission
I'm not going to pretend to be an expert on this, but I do NOT recommend trying to login through Facebook's user interface and perform POST requests/HTML scraping on behalf of the user. That procedure would grant you far more functionality than is possible through the Graph API; I don't think Facebook would approve of this.