I want to find out mutual friends between two random users using the facebook Graph API v2.2.
I read through the documentation https://developers.facebook.com/docs/graph-api/reference/v2.2/user.context/mutual_friends
It says, "A valid user access token with user_friends permission is required to view the mutual friends of other friends using the app. "
Is there a way that I can find number and possibly names of all mutual friends between currentUser and User2, if they are not friends with each other?
I referred to many other questions:
Facebook Graph API 2.2 mutual friends => No answers
How to get Mutual Friends via Facebook's Graph API => The solution works only if the two users are friends, which may not be true in my case.
I am about to implement this myself. I have a similar use case where the two users may not be friends but I'd like to see which of their friends are mutual.
Apparently, you have to include an 'app proof' parameter with the API request from your server when the two users are not mutual friends:
If you want to call this endpoint on behalf two app-users who are not friends, then you must provide the appsecret_proof parameter along with the user access token when making the request. This means you must call this endpoint from your server.
Looks like this might be a good idea to do anyway.
Managed to find a solution and it's working. If you got the call working within you and somebody else and you both are friends on Facebook, what you need to do is create the Appsecret
which represents the App secret key found on Facebook Dev under My Apps and the token. You create this key by running :
$appsecret_proof= hash_hmac('sha256', $access_token, $app_secret);
Afterwards you pass the token and the secret as parameters to the call:
Bundle params = new Bundle();
params.putString("appsecret_proof", appsecret_proof);
params.putString("access_token", access_token);
It is working for 2 users who are not friends.
Here is a working example for facebook mutual friend API:
curl -G -d "access_token=<access_token>" -d "appsecret_proof=<appsecret_proof>" 'https://graph.facebook.com/v2.5/{user-id}?fields=context.fields(mutual_friends)'
The App secret proof is sha256 of user access token with app secret as the key.
Remember both user should be using your App.
The response will have users who are also using your app and given friend list permission.
If you want to find specific info about the mutual friends try this:
curl -G -d "access_token=<access_token>" -d "appsecret_proof=<appsecret_proof>" 'https://graph.facebook.com/v2.5/{user-id}?fields=context.fields(mutual_friends.fields(id,name,picture.type(large)))'
This will return id, Name and current profile image link for all mutual friends. You don't need photos permission for this picture.
Facebook API does not allow this feature:
https://developers.facebook.com/bugs/346462608889036/
It's an old question but now I've dealt with it so I'll write...
to get all mutual friends if you not his friend it's passible only from
a server(in my case it's Node) as mention here:
https://developers.facebook.com/docs/graph-api/reference/user-context/all_mutual_friends/
get the token of user-2 and YOUR auth-id, also generate appsecretProof
and clientSecret from your Facebook admin panel of your app.
https://graph.facebook.com/v2.10/${auth_userId}?
fields=context.fields%28all_mutual_friends.limit%28100%29%29
&appsecret_proof=${appsecretProof}&access_token=${accessToken}
remember to ask permmision from users when they login and also send app review to Facebook to approve this feature.
with 'user_friends' permissions you can get from client only mutual friends that use in your app but not all mutual friends.
Related
Don't think as developer yet. I'm a Facebook "normal user" and I'm logged. Then I access a friend 'X' profile. As a friend, I can see all the friends of friend X through this url:
https://www.facebook.com/friendx/friends
Fine... I can close the browser and, when I open it again, I can access the same url and see my friend's friends. And it's fine, because there is a cookie telling the server who I am.
But now, I'm still logged and I wanna retrieve all the friends of friend X throught graph api request, so i access this url:
https://graph.facebook.com/friendx/friends
And the error is, according to the documentation, expect:
An access token is required to request this resource.
I can't understand why facebook needs an access token. I'm logged in both cases. That cookie, in the second situation, is useless when I try to access the same information through graph api request.
What I wanna mean is: I don't wanna parse a whole html page to know who are friends of my friend. Parsing json is much easily.
The Facebook API requires authentication from the user to make that GET request, therefore you need an access_token saying that the user gave permission for you to access their friends list.
You cannot get an access_token from your cookies as it has to be generated via the API after the user approves your app.
If you want to test the graph API consider using the Graph API Explorer to generate an access token and generate the request but you should not use this as a solution to your answer.
consider reading the facebook documentation on access_tokens to further understand how the facebook API and authentication work.
The facebook GraphAPI doesnt allow us to collect the data which belongs to someone else. As you said you can access the friend's friend but at that time you are not collecting data for personal use, so that is allowed. That data is public so you can access, but I certainly doubt that they do allow us to access that data through GraphAPI or any other API. Also scrapping Facebook data is not against the facebook policies.
I'm noticing an inconsistency with the FB Graph API.
Suppose I'm logged in (and have access_token for) user Bob. Bob isn't friends with user Jim.
If I, as Bob, via the Graph API, ask for data about Jim:
https://graph.facebook.com/jim?access_token=blah&fields=location,hometown,name,id,address
I get a structure like this back:
{
"id": "1",
"name": "Jim"
}
Note that the fields that I've requested are conspicuously missing.
However, if I log in to the FB website as Bob, and then search for Jim, I can see his location and hometown on his "About" page, even if I'm not friends with him.
Why is this? Is there some additional token permission I have to specify or field I need to ask for in order to get this data (which is evidently rather public) from the API?
Got stuck on the same issue.
As I understand from end of this page access token has to include user_location and user_hometown permissions. Tried it in api explorer but had no success - still was not able to see location information through api for users that had this info visible on their profile page.
update: answers here and here suggest that data access through api / app is more restricted than through webpage to prevent web mining. I assume it is the case regardless you use user or app permissions.
If you are using a user access token then you might need to switch to using an app access token retrieved by a call like:
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&
grant_type=client_credentials
is it possible to get the friend lists from an user with the APP secret(not with the access token) by using the open graph?
The User has already installed the APP.
Thanks in advance.
PS:
If I understand aright ...
-> graph API = only works with the acces token
-> FQL = works with access token and app secret
Right?
I´ve never heard that you can use an app secret with FQL. Theoretically it is impossible to get the friend list from a user with the app secret only, because the app secret is the same for all users. There are only different access tokens (page token, app token, user token), but to get the friends of a user you will always need a user access token.
Btw, you don´t really need to worry about that if you are using one of those SDKs (PHP SDK, JS SDK...).
Also, it is best practice to use the Graph API if there is a possibility, and FQL only if there is non (good) way with the Graph API.
My personal FB account is in the Admin Role of "Manager" on our company's FB page.
I have an Access Token w/ the correct permissions that I can use to successfully post a Note to the Company page using the REST API.
However, when I use the same Access Token to Post a note to https://graph.facebook.com/PROFILE_ID/notes (where PROFILE_ID is replaced with the ID of our Company page, it posts the note to my personal FB page.
How do I use the Graph API to post notes to the company page.
Thanks!
POST requests generally seem to post to the profile of the user that is authenticated, not necessarily the user with the profile ID supplied - it's odd.
Hence, you need to authenticate as the page, rather than as yourself. The details regarding this are here:
https://developers.facebook.com/docs/authentication/pages/
Essentially, you authenticate as yourself, retrieve a list of pages that you manage with associated access tokens, which you can then use to post the note.
For the benefit of other users, the process is thus:
Firstly, acquire the create_post permission, as described in the API Reference
A POST request must be issued to https://graph.facebook.com/PAGE_ID/notes?message="MESSAGE_BODY_TEXT"&subject="NOTE_SUBJECT"
I am wondering if it is possible to post to the wall of the Facebook app page created for using Facebook in iOS. Rather than use the user login to post to their own wall, I would like to post to the app's page with updates on open games. Is this possible to do?
Yes, it's possible. From http://developers.facebook.com/docs/reference/api/application/:
To perform the following operations as an Application Page, and not the current user, you must use the Application's Page access token, not the user access token commonly used for modifying Graph API objects nor the Application access token. This access token can be retrieved by issuing an HTTP GET to /USER_ID/accounts with the manage_pages permission. This will return a list of Pages (including Application profile pages) to which the user has administrative access, along with an access_token for each Page.
…
You can create a link, post or status message by issuing an HTTP POST request to the APP_ID/feed connection. To see more details please see links, posts, and status messages documentation.
To impersonate the Application when posting to the wall (i.e. post as the Application, and not the current user), you must use an Application Page access_token with the manage_pages and publish_stream permissions, as described under Application Access Tokens above.
So you first have to ask the API for an Application Page access token and then use this access token to post on the wall. The Facebook iOS SDK helps to construct the Graph API calls mentioned in the documentation cited above.