I've read alot of topis, alot of docs. Literally i read them since morning.
From what I got there are few kind types of tokens: App token, App access token, User Token, User access token, Page access token.
While tokens with access allow some kind of action. the non-access tokens seem to allow me to generate a token of access type. Corrent me if I'm wrong. Docs are terrible and some answers are outdated due to facebook updates.
So basically, what I look for is to be able to:
$permanent_token = 'A token, which will allow me to generate access tokens whenever I request';
// And that token could be used for:
file_get_contents('https://graph.facebook.com/v2.1/me/accounts/?access_token='.$permanent_token);
// Some code here to extract page access token and write it to variable $app_token
file_get_contents('https://graph.facebook.com/v2.1/{page_id}/ratings/?access_token='.$app_token);
// Note: I may've missed some steps... those are the ones I lack I think.
Without having to make any user (including me) to login. It's more like I need some kind of API Key and method to generate access token.
And would prefer NOT to use facebook SDK. Just pure graph url calls.
This is the most import page to read about Access Tokens: https://developers.facebook.com/docs/facebook-login/access-tokens
There is the App Token, the User Token and the Page Token. A User Token can be extended to 60 days, a Page Token can be extended to be valid forever.
/me/accounts needs a User token, so there is no permanent Token to use that endpoint.
/{page_id}/ratings/ needs a Page Token and you probably want an extended one.
How to get an Extended Page Token is explained very well int he Facebook docs, here are some articles:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
http://www.devils-heaven.com/extended-page-access-tokens-curl/
Btw, i suggest not using file_get_contents but CURL.
And in order to get a User Token or Page Token, you MUST authorize/login with a User account. One that is admin of the Page, obviously.
If You are trying to get photos and captions like me, You could do like this:
Enter on facebook developer page: facebook developer
Create an app to the page. (I created to a not mine page)
Access on facebook developer menu: Tools & support and select access token tools.
There you'll find: User token - App token.(There some important text on the top)
copy App token. (should not be hard coded where is possible to see like on javascript)
create a php file to return a JSON.
use file_get_contents($url) function to get a facebook JSON.
echo the file_get_contents return.
finally, get on your page your own returned JSON from the created php file with the data desired and use it.
Obs: My URL is something like this: https://graph.facebook.com/desiredpage/photos?type=uploaded&access_token=013245667890|qwer-adsFGsfgsdGsfg
pay attention to the token on the URL that I pasted.
Related
I have a server-side script, that should upload photo-albums to my facebook app page. How can script obtain page access token?
I know it's possible on client-side, when user logs in into facebook, and then asks for page access token using me/accounts query. But server-side script can not authorize as a user. So how this can be done?
UPDATE: I actually found how the same goal - uploading albums to app page from server-side script - can be achieved in another way, by manually creating never expired page token. It's described in here: https://stackoverflow.com/a/43570120/4050723
But still I wonder, if this can be done programmaticaly, from script.
There is no way to generate a User Token server side, it always needs user interaction. And you do need a User Token to get a Page Token.
You can create an Extended Page Token with an Extended User Token though, as you have found out already.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/
I have a Node.js server running a social network site and I also have a facebook page for that site. For certain actions performed by users on my site, I want to post details on the facebook page of my app.
I referred to Thuzi facebook node sdk here on how to post to facebook wall. However, it requires app id, app secret and a temporary access token. App id and app secret are constant so I can put them somewhere in my config file and use from there. But how do I get the access token without any interaction from front-end ? All posts will be published by our app only and that too on our own page. I just want this to be triggered by the end user's actions. Any help ?
I am using Sails.js framework btw.
You would need to use an Extended Page Token for that, you only need to create it once and it will stay valid forever. And you will post "as Page" with a Page Token. How to get an Extended Page Token:
Create an App
Use the Graph API Explorer to generate a User Access Token (by authorizing the App with the manage_pages and publish_actions permission)
Extend the User Access Token (valid for 60 days)
Request an Extended Page Token by calling /me/accounts
Store that Extended Page Token on your server and use it for posting on the Page wall.
Here are some additional resources, explaining everything in detail:
https://developers.facebook.com/docs/facebook-login/access-tokens/
https://developers.facebook.com/docs/graph-api/reference/v2.1/page/feed
http://www.devils-heaven.com/facebook-access-tokens/
http://www.devils-heaven.com/extended-page-access-tokens-curl/
I am also digging more in to this nowdays As I am working on a node module for this.
Till now I got to know that we can create a temporary access_token and we can than extend that token upto max 60 days.
For this after getting temporary token you need to make a call to this url to get a access token with 60 days validity.
https://graph.facebook.com/oauth/access_token?client_id=&client_secret=&grant_type=fb_exchange_token&fb_exchange_token=
I have read some introduction about Facebook's access token on http://www.devils-heaven.com/facebook-access-tokens/
What I want to ask is that can the page access token of Facebook be used as a permanent token if I just want to post something on the wall like user access token?
First of all don't ever follow the third-party documentation for the facebook integration. They have the official documentation pls follow that. For access tokens read here.
What I want to ask is that can the page access token of Facebook be used as a permanent token if I just want to post something on the wall like user access token?
Its actually a vague question. It depends on what kind of posting you want to do. For eg:
If you want to post on a user's wall- there's nothing that a page access token can do
If you want to post a user's group/event etc. wall, again page access token has nothing to do with it.
If you want to post on a page, then yes you have to use the page access token in order to post on behalf of page itself.
Page access tokens are used in Graph API calls to manage Facebook Pages. To generate a page access token, an admin of the page must grant an extended permission called manage_pages. Once this permission has been granted, you can retrieve the page access token using the following Graph API request:
GET /{user-id}/accounts
You can also extend a page access token that will never expire. See here how to do that!
I'm new to the Facebook Graph API!
I want to display the 5 latest news feed items from my public Facebook page. I understand you can do that through https://graph.facebook.com/cocacola/feed/?limit=5, but it requires an access token, however, https://graph.facebook.com/cocacola doesn't.
When these access tokens are generated through Facebook's Graph API Explorer, what permissions are given for the token? Just the information already displayed in the above link?
So would it be safe to use the access token via cURL's PHP? I only need read access. Would it be insecure to display the access token in the source code? I'm confused as to why the latter link doesn't need an access token while the /feed/ does, even though it's a public facebook page.
when you use your app in a website there is a parameter that defines how much access you have from the user, u can set up params like, email, photo_stream, friend_stream, etc. when the user accepts the conditions, the generated AUTH TOKEN has permisions from that scope.
Interesting problem I'm having right now.
Signing in an App gives a access token looking something like this:
AAACwFsGcSr4BAOGUTwfuZAWuUcwZC0rJ7noZCKMqhBI7ivDCsIGqduGIZCus5PRaS6KuREqxLmhfvZAZAkz5WCpFfANtUpYHgZD
This access token can't access users PUBLIC information, while one issued by Facebook on developers.facebook.com - CAN.
You can easily test this by logging to your facebook and going to this link: http://developers.facebook.com/docs/reference/api/
You'll see that Facebook automatically generates access token on DEMO urls like this one:
https://graph.facebook.com/me/music
?access_token=2227470867|2.AQCvlA_ZaJ2MfRR0.3600.1318266000.0-100001572415177|2FeweU6ZvOQS9OCF5ZBV58_PtPg
If you would change /ME/ to any user which has his MUSIC posted as public, you WILL be able to access that data with Graph API.
Now try to get an access token to your APP and call the same Graph API method with generated access token, the returned data is empty JSON object.
Whats’ the difference between these access tokens? How to obtain access token, that I could get public information using Graph API?
I was thinking that logging in your APP is the highest possible access token and the only higher token is token with specified permissions...
Any guidelines would be great :)
http://developers.facebook.com/docs/reference/api/permissions/
I believe the difference is that you can specify additional permissions in a scope parameter,
so if you wanted to read a user's feed you would have to specify read_stream. I was trying to accomplish this with an access token from a server-side authentication flow in ruby, but the access token only allowed to me to navigate accross a certain portion of graph.facebook.com/user_id/feed? requests. If you get any insights or comes across a solution shoot it my way too, if you can.