We've been trying to diagnose issues with some of our users who use our application for Instagram. We've been noticing that some access tokens have been return a 400 error for some users (Access Token Invalid).
We were able to get in touch with a few of these users, and asked them to check their "Manage Applications" section on their Instagram account through the Instagram website.
To ours, and their suprise - our application was no longer on the list, and none of these users (Over 20 asked and helping us diagnose) said they revoked access.
What's going on here? We have nearly 3,000 users using our service, but it seem 30 to 50 of these total users are having our application randomly removed from their enabled applications without them doing so.
Related
We implemented the Marketing API into our company's order management system to automate the creation of ad campaigns. A system user was created with the proper permissions, and the integration has been working. We're only using the API for our own ad account and pages, which we of course own. The "Facebook App" is set to live mode and has been for a couple weeks now.
But starting sometime today, we have been getting errors saying that the ads_read and ads_management permissions are required. And sure enough, they are indeed missing from the access token for the system user when I use the access token debugger.
What would have caused the system user to be missing these permissions all of a sudden? We are still on the dev tier and have only recently reached the 1,500 calls required to request standard access. That's the only thing I can think of so far, but is that the reason we suddenly don't have the proper permissions, or could it be something else? I haven't read anywhere in the documentation that we would lose these permissions upon reaching 1,500 calls, and I was planning on requesting the standard access next.
Also, I have read in various spots: "You do not need to submit your app if it will only be used by you or by a reduced number of people." That is actually our case, as we are only using a system user for the API calls, and there are only a few users tied to the Facebook ad account. So, do we need to submit our app for review?
Thanks in advance.
I have a Facebook Business Account, which I used to create 84 pages (for 84 countries). Years ago, everything worked perfectly. But today, I can't access the API anymore, which is deprecated for Business Accounts. The solution presented on Creating and managing a Facebook app from a Business Account doesn't work anymore: the app dashboard link now redirects back to the list of user administered pages.
I created a Personal Account and gave it Admin rights to all pages. It works, but Facebook blocks the new account constantly (as it was probably flagged for transferring the ownership of too many pages). The account is currently blocked because of this, and I can't unblock it due to errors in the Facebook platform.
Since it has become a burden to unblock the account so many times (around 20 times already), and every time it takes days for it to be unblocked, I would like to know if there is a solution to using the API with these pages that doesn't involve giving Admin right to a new personal account, or at least doing so without having my account flagged by Facebook.
I'm building an internal app for a client of mine (an ad agency) who wants to do ad performance reporting for about 30 of their clients. Part of this project is to pull down performance metrics from Facebook Ads for these 30 clients.
I've created a Facebook App and got a development token. With this token, I've been able to get the technical part of the project working -- I can pull down the metrics just fine using Facebook's Marketing API.
My question is about authorization and authentication. I'm thoroughly confused by Facebook's mechanisms for this.
What do I need to do to get access to Marketing API metrics for these 30 clients?
Do I need to publish a Facebook App? If so, do I need to go through the approval process? This seems kind of crazy because Facebook wants a login so they can test things out, but the product is strictly internal so there's really nothing they can log in and see.
I guess another question is: Is there another way I can get access to these 30 clients? With Google Adwords, it was easy. I just used oauth and am granted access as needed. Is there a simple way like that with the Facebook Marketing API?
You need to submit your app for review, if you want to be able to ask all users for the permission.
If your app is used by a limited number of people only, that you can add to a role in the app - then they can be asked for all permissions, even without review. This is mainly for testing purposes, but Facebook has it documented as a kind of “loophole” for apps that are only used by a limited user base. https://developers.facebook.com/docs/apps/faq#faq_180362122361921
I can't figure this out, I hope someone here can point me in the right direction. I've searched for an answer but was unable to find it.
I want to create a Facebook app which would manage ads (download ads reports and statistics). I've got user account, registered as developer, created and whitelisted the app. I've got only Development Access and that means means I can query only ad accounts owned by the admins of the app, set up in the account list associated with your application.
Problem is that the account with ads is a business account so I can't add this account as part of developers team and get the statistics. I get permissions errors when trying to access the business account (I have access token and everything, it just won't let me see the ads data due to insufficient permissions).
Is there a way to do this without applying for Basic access (not sure if I'll get it since the app is not done)? Can't I really somehow connect my developer's account with that business account?
About access limits: https://developers.facebook.com/docs/reference/ads-api/access/v2.2#limits
Seems like this is working correctly - you can build and test the app against accounts administered by your app's admins/developers at first
Once it's working you can submit it for approval to the Basic access level, where you can manage more accounts, including those belonging to users who aren't admins/developers of the app
There's more information about the access levels and how to move between them in the Access levels dovumentation
Are there any volume issues regarding the Facebook app secret and how many separate connections (or "applications") I can use the same app id/secret on? For example, I'm creating a SharePoint auto-hosted Facebook application. Auto-hosted means that the server component of my app will be automatically deployed to Azure each SharePoint customer. There is no way (that I know of, obviously anything is hackable to a degree) that a user will be able to get the app id or secret, so I'm not concerned about the security aspect of it, or sharing the secret. However, potentially thousands of individual apps could be using the same app id/secret to connect to Facebook. Is this an issue?
By the way, I'm not necessarily talking about the bandwidth/traffic threshold, I'm more concerned with the number of individual connections using the same id/secret. I realize that the policy states: "If you exceed, or plan to exceed, any of the following thresholds please contact us as you may be subject to additional terms: (>5M MAU) or (>100M API calls per day) or (>50M impressions per day)." This is not my immediate concern.
However, potentially thousands of individual apps could be using the same app id/secret to connect to Facebook. Is this an issue?
yes, absolutely yes.
The App access token is intended for making API calls on behalf of an application, to prove the calls are made on behalf of the app itself - the typical use cases are performing administrative actions like uninstalling the app from a user profile or blocking them, updating app settings, sending notifications to authorised users, reading financial data about the app's payments transactions, etc.
If you're planning on making read calls with an app access token i suspect you're misunderstanding the access model used in Facebook's API - you should be making API calls on behalf of specific Facebook users who've granted your app permission to access and update their data - embedding an app ID and secret in code you're distributing widely is a security issue for your app's users, will quickly hit API rate limits and if the app is shut off will break all instances of your client code immediately.
I strongly recommend you read the login documentation and ensure you're using user access tokens to request user data - https://developers.facebook.com/docs/facebook-login/