I'm looking to run some data analysis on the users of my Facebook application. I don't have their user access tokens stored on the server so I am planning on using my app access token to pull information from the graph API.
By default, calling /{user-id} returns
id
name
first_name
last_name
link
username
location
quotes
favorite_teams
gender
email
locale
languages
The documentation says that the following things are available with an app access token:
Basic Profile Info of a User (ID, Name, Username, Gender)
A User’s Friends and their IDs
Permissions granted by the User to your App
It seems that by default you get more than the basic information. Are there other things you can get with an app access token than the above?
I have noticed that some other fields can be manually added by appending them to ?fields=x in the URL.
Available fields that I've noticed so far are
cover
third_party_id
installed
permissions
picture
Related
I want to write a process which downloads data about my ads.
Basically this is the code:
https://github.com/airflow-plugins/facebook_ads_plugin/blob/master/hooks/facebook_ads_hook.py
It construct a URI as:
https://graph.facebook.com/v{api_version}/act_{account_id}/insights?{payload}
Where payload contains the access_token, breakdowns, fields etc..
Now, I passed over the facebook dev guide https://developers.facebook.com/docs/graph-api/using-graph-api/ and it doesn't explain how do I get the account_id and the token.
It always leads to a user account that needs to log-in to facebook and then process the request.
I want to build a process that doesn't involve user action. Just download logs about my ads.
How can I do that? Where can I get the account_id and the token.
In other systems like google and other they create a json file with credentials that is used for the outh. there doesn't seem to be equivalent with facebook.
For this type of use case, I would create a System User that is permissioned on all your ad accounts, following this guide. That will allow you to generate a token that can used without user login. (You can do the same for your personal facebook account, but that requires you to pass app verification. This can be done without that.)
Then to get the account ids of all the accounts the system user is permissioned on, query the "me/adaccounts" endpoint, using the access token generated for the system user. The docs for that are here. You can use that to get a list of all the account ids.
Alternatively, if you only need one account id, you can get that straight from the facebook ads manager.
Facebook documentation states that public_profile is enabled by default and, among the details allowed to retrieve from there, there is age_range.
I'm trying to retrieve such field using the Facebook app token. I can retrieve name, first_name, last_name, picture, etc... with the app access token. But when I specify the age_range in the fields query param of the request, age_range is not returned:
curl -i 'https://graph.facebook.com/<user_facebook_id>?access_token=<app-access-token>&fields=picture,age_range'
then I get
{"picture":{"data":{"height":50,"is_silhouette":false,"url":"https:\/\/lookaside.facebook.com\/platform\/profilepic\/?asid=<user-facebook-id>&height=50&width=50","width":50}},"id":"<user-facebook-id>"}
Is age_range exposed only when the graph is accessed via the /me path and user Facebook access token?
I've asked Facebook support and they confirmed that field is not accessible via the app token.
Just curious,
In case I want to make application using API for login(i.e Facebook of Google+)
What user's unique key do I stored in my database? Do my apps have same user's unique key as them(Facebook or google+), or they generate a new unique key for my user when sign in my apps? And what type of data is it?
Do I duplicate user's information into my database or keep accessing user's information from Facebook or Google+? Like do I have to create table for user's name, gender, birthday,etc and register user's information once user login to my apps or straight access it from Facebook or Google+ every time my apps needs it?
Is it really safe for user to using login with API? Can someone using API to get user's email and password, or make post in user's Facebook or Google+ that user don't want to post, or hijack user's account?
This might be common case, but I have no experience in using API so I have no idea about that.
What user's unique key do I stored in my database? Do my apps have same user's unique key as them(Facebook or google+), or they generate a new unique key for my user when sign in my apps? And what type of data is it?
When you use Google or Facbook signin you really only need to store the information that they return to you.
LoginProvider ProviderKey ProviderDisplayName UserId
_____________________________________________________________________
Facebook 1969950809700159 Facebook 21248583
Google 117200475532672775346 Google 21248582
User Id is the users id from my user table. Where i store there user information my system needs ProviderKey is the users Id on the login providers system.
Do I duplicate user's information into my database or keep accessing user's information from Facebook or Google+? Like do I have to create table for user's name, gender, birthday,etc and register user's information once user login to my apps or straight access it from Facebook or Google+ every time my apps needs it?
You can duplicate some of it when the user creates or links their account to your system but i wouldn't automatically update it without informing the user you are doing so. Some users dont realize how much information you have access to via linking to social media accounts.
Is it really safe for user to using login with API? Can someone using API to get user's email and password, or make post in user's Facebook or Google+ that user don't want to post, or hijack user's account?
I think you are confusing identity for Authentication. Using Oauth2 you request a user to grant you access to see there data though an api this is authorization. If you are using Google+ or facebook signin you are using an identity server and signing in as the user. You should be using signin if you want them to login to your system using their social media accounts. By singing in you are that user. No I dont think they can be hijacked using signin.
Is there a way to get the user IDs of all the people who are using your Facebook application?
Doing an extensive research I concluded that there's NO method to do this!
What I have found:
An old REST API called friends.getAppUsers that gets all the IDs of the user's friends that authorized the application.
What I wish I had found:
After reading the App Login section in the authentication document:
In addition to User Login, Facebook
Platform support App Login using
the OAuth 2.0 Client Credential flow.
App Login allows you to take various
administrative actions for your app,
such as retrieving Insights data or
approving Requests.
I thought the application object would have a direct method for this (similar to accounts):
$facebook->api("/APP_ID/users");
But I was wrong. And then with the introduction of the insights feature, I was shocked that you can only get the count of the User IDs!
What you can do:
Storing the User ID in your DB as soon as a user authorize your application and if your application already has users (most likely the case), check if you have a record for each user that interacts with your application in your DB...this way, you'll get the User IDs for your active users in no time.
Just a little more on this - I managed to find a lot of the userIDs I was looking for by doing basic Graph API searches and then checking they were valid with my app.
Search an email address or username here:- https://developers.facebook.com/tools/explorer?method=GET
QUERY: https://graph.facebook.com/search?q=user#email.com&type=user
If you get a match or more than one, you can check it is valid as install on the FQL query button of the same explorer:-
SELECT uid FROM user WHERE uid = *USER_ID_TO_SEARCH* AND is_app_user = 1
If it appears as a uid, you're good - they're valid. This helped me get to what I needed (when I hadn't got some of my app users info on signup).
GET /v2.10/{app-id}/accounts
You will get all the accounts for the application
Is there a way to get the user IDs of all the people who are using your Facebook application?
Doing an extensive research I concluded that there's NO method to do this!
What I have found:
An old REST API called friends.getAppUsers that gets all the IDs of the user's friends that authorized the application.
What I wish I had found:
After reading the App Login section in the authentication document:
In addition to User Login, Facebook
Platform support App Login using
the OAuth 2.0 Client Credential flow.
App Login allows you to take various
administrative actions for your app,
such as retrieving Insights data or
approving Requests.
I thought the application object would have a direct method for this (similar to accounts):
$facebook->api("/APP_ID/users");
But I was wrong. And then with the introduction of the insights feature, I was shocked that you can only get the count of the User IDs!
What you can do:
Storing the User ID in your DB as soon as a user authorize your application and if your application already has users (most likely the case), check if you have a record for each user that interacts with your application in your DB...this way, you'll get the User IDs for your active users in no time.
Just a little more on this - I managed to find a lot of the userIDs I was looking for by doing basic Graph API searches and then checking they were valid with my app.
Search an email address or username here:- https://developers.facebook.com/tools/explorer?method=GET
QUERY: https://graph.facebook.com/search?q=user#email.com&type=user
If you get a match or more than one, you can check it is valid as install on the FQL query button of the same explorer:-
SELECT uid FROM user WHERE uid = *USER_ID_TO_SEARCH* AND is_app_user = 1
If it appears as a uid, you're good - they're valid. This helped me get to what I needed (when I hadn't got some of my app users info on signup).
GET /v2.10/{app-id}/accounts
You will get all the accounts for the application