We have a facebook website application that posts to user home page feeds as well as feeds to pages which they administer.
Until recently everything worked fine (maybe until the beginning of the year when the 1.0 API was discontinued). The problem turns out to be the presence of the "link" field.
All is well when posting to a user home page. But when we post to a another page the user is an admin of (or a group), the call fails with the following error.
The error that returns is:
{ message: '(#200) Permissions error',
type: 'OAuthException',
code: 200 }
Removing the link field is enough to make the call work again. I had thought we might affected by this issue: Stream post URL security - Website/FB page url. However, our applications Stream post URL security migration is set to off and we are linking to a url in our domain. When posting to a home page the url can be within our app domain or without and all works fine.
As I've been testing I've boiled the calls down to the following in every version of the api.
{{facebookId}}/feed?link=http://cir.cl
{{pageId}}/feed?link=http://cir.cl
For the former we use the long-lived token we got after authenticating. For the latter we use the token returned by {{facebookId}}/accounts or {{facebookId}}/groups. The former works. The latter fails, but changing link to message=foo works fine.
Has anyone noticed a breaking change that touches on this issue?
It turns out it's a valid bug and our friends at Facebook are addressing it:
https://developers.facebook.com/bugs/755514351208694
How often does that happen? I'm just surprised the internet isn't blowing up about this. Dozens and dozens and dozens of applications must be affected.
Related
Few of our websites like womens-health.com.my, mens-health.com.my, and elle.my having problem post any article to Facebook. When I test any URLs of these websites in Facebook Debugger, it gave me warning messages said that Failed to get composer template data. and Critical Errors That Must Be Fixed. I have no idea what causing this as other of our websites are working fine.
It's an actual Facebook bug, which is being fixed right now: https://developers.facebook.com/bugs/918385908182634/
In summary, you can fix this by making sure that article:author only contains Facebook user IDs or Facebook profile URLs.
I am trying to post a URL to a facebook page. using PHP SDK.
I am able to post successfully from my localhost. But on the live server, I get the result "Sorry, something went wrong".
when running the code from live server, I have no problem obtaining access_token to post to the page.
Only the posting will not work.
I tried to post the link manually using the graph api explorer. and found that
I am ABLE to post a message successfully via the graph api explorer.
I am NOT able to post a URL via the graph api explorer. I get the error
"(#100) link URL is not properly formatted"
I do encode the link that i am trying to post. and they are valid, existing links.
I even tried using http%3A%2F%2Fgoogle.com , and it would return the same error.
Some Other information
The code is executed from mydomainname.com/folder/
I have added the domain name to "App Domains" field.
Sandbox Mode is On.
When I tested from my local, I was able to post 25 links to the
page.[after which it was giving errors]. When things were not
working at the live server, I came back to locahost to again test
with 25 links and more and found things to be working fine from
localhost. I wonder if I hit some limit or my application has been
black listed.
Anyone has got any ideas?
Thanks
UPDATE
I took the URL that was used by the live server (to post link to the facebook page) , and used fiddler to post it from my local machine. and it worked.
so i am wondering whats preventing the code from working successfully from the server?
I tried the same code from another domain and it worked.
I am yet to find out if it was not working because of the way the 1st domain was sending CURL requests, or if the domain was blacklisted for posting too much in the past.
either way, facebooks error messages are not at all helpful!
If you're using your own wall, notice the difference between:
"me/feed" and "me/photos" url. The first one doesn't work!!!
I also tried the same thing but unfortunately it works for online images but not for local ones. i.e
'picture' => class_exists('CurlFile', false) ?
new CURLFile($photo, 'image/jpg') : "#{$photo}",
will not work, but
'picture' => "http://i.stack.imgur.com/VGWZD.jpg?s=24&g=1",
will work
I also had some problems with this. Weirdly enough it only worked when I sent the url to the picture without any URL encoding via the POST request to the Graph API.
Try the link without the quotation marks "". I was stuck as you but not any more without the quotation marks.
I have been working on Facebook app and I have been using Facebook Graph Toolkit for months and all the while, MY CODES are working (I can get Access Token, and I can use them to retrieve Facebook user details, publish news feed, etc)
Now, there's new problem arise that I never expect it to happen and didn't know what is wrong with Facebook!
I have been following my old set of codes and discovered that Facebook now returns back Access Token that is not in this format (which is the correct format all the while I'm using, it is even the same format found in this page
|c4e304f814362ec6b6dd823a.1-|LeRzWafqGjfriGabNmmOU4U07Pw
Now, I've been getting the format like this
AAABddZAETAbYBAKNESQCdiZC2ojQOjSAIHfFCBFtn99wUYC448po2FN4VrvempAQVnUaBwJb9Qxwg6j9uegLZAeaZA4vmh503bHkUIsj1hIl1ZCvCbZBkz&expires=6204
Anyone knows what happen??
This is the new style access_token. You can see it working by visiting this link:
https://graph.facebook.com/me?access_token={access_token from your question}
This change has been advertised on the Facebook dev blog:
https://developers.facebook.com/blog/post/497/
...
https://developers.facebook.com/blog/post/555/
I can't, however, yet answer why the style of the access_token has changed, because the documentation hasn't been updated yet to show this change: https://developers.facebook.com/docs/authentication/
Note: I suggest you remove the access_token from your question, as it means others are able to access your data!
This looks to be the new encrypted access token that Facebook is moving to. Will probably be the norm. If you were previously parsing it for different bit's of info you'll probably need to change to decoding it.
at the time of this question, if you go here:
http://www.facebook.com/realplayer
you'll see six posts down, I have posted a photo with a message of "#highfive Cincinnati, OH"
but if you to either of these:
http://graph.facebook.com/realplayer/feed
http://graph.facebook.com/realplayer/tagged
the JSON that is returned seemingly includes everything on the wall, except for MY post. there is another photo post from someone else down below mine, and it is showing up (and both my photo and his photo are in the "Fan photos" section)
obviously, since I can see everything with these links already, it appears that access_token is not a part of the equation... BUT, some more info:
if I use an access_token from a session that isn't me, I can't see the post in the JSON
if I use an access_token from MY logged in session, then I DO see the post in the JSON
so I'm very confused.
if everyone in the world can see those posts on the wall without even authenticating, then I expect all of them to come back in the graph api as well.
anyone have thoughts on this?
I am aware of the "manage_page" permission... which I can use to get a list of accounts and special offline access tokens for those pages... and that's something I can explore... but it seems like alot of work when my post seemingly SHOULD be there in the graph
well looks like FB has this nice little anti-spam feature for pages... such that a non-admin can't write lots of messages on your page. what's interesting is that facebook uses similar "silent treatment" techniques that StackOverflow uses ( https://blog.stackoverflow.com/2008/09/podcast-21/ )... so when I look at a wall that I've been "spamming" I will see all of my posts... but no one else will.
I was able to create a new test account and get about 3 or 4 messages on a page before it started blocking me again
so probably the Graph API is working as designed :)
========================
UPDATE: this appears to only be part of the problem. I have constructed another page and app and been doing testing:
http://www.facebook.com/pages/RP-Test-Page/116735865065591
note the entry for "#highfive Orlando, FL" ... even an unauthenticated user can see this entry from the actual page... but there is seemingly no way for me to get it back through the API. He only posted once, so it can't be an "anti-spam" thing (you wouldn't think).
I have obviously tried the Graph API (with and without my own access token)
I have tried FQL (with and without my own access token)
and I have followed this post:
http://en-gb.facebook.com/topic.php?uid=10381469571&topic=3815&post=51980
in order to request manage_pages and offline_access extended permissions from myself and use that to get the /me/accounts and then get the "impersonation" access token (whew)... STILL NOTHING
there must be some other super security thing going on. is it not possible to reliably get all of the wall posts from a page?
I'm testing the post-remove URL call that should be pinged via POST when my Facebook application is removed, but it doesn't seem to be called.
Monitoring the network traffic in firebug and looking at the POST made when removing the app, the POST does not directly call the Post-Remove URL I specified in the app settings, nor does it pass the POST variables I expected per the documentation.
I set up a simple output at the URL specified "remove page called" that I'd expect to see as the response but don't.
Lastly, the URL called should remove database items which do not get removed.
I don't have any evidence that my post-remove URL is getting called at all. It seems I'm not the only one having this issue but not much insight has been provided.
Answer posted by folks on the Facebook Devleoper forums