I have a Facebook app and want to add it to a page programmatically without user interaction.
Exactly what this page does:
https://www.facebook.com/add.php?api_key=[my_app_id]&pages=1&page=[page_id]
But without the user having to confirm it. This is important as some users might need to do this for 100s of pages so confirming every single one is not really an option.
I searched around for this for a while and found some posts that suggest this should work:
https://graph.facebook.com/[page_id]/tabs?app_id=[app_id]&method=post&access_token=[access_token]
But I am always getting an
OAuthException: "(#10) Application does not have permission for this action"
When I check the permissions via https://graph.facebook.com/me/permissions?access_token=[...], I am getting this:
{
"data": [
{
"installed": 1,
"basic_info": 1,
"public_profile": 1,
"email": 1,
"read_insights": 1,
"manage_pages": 1,
"user_location": 1,
"user_friends": 1
}],
[ ... ]
}
Looks all right to me. I think manage_pages should be all I need?
Also, I can't find any official documentation about this and all posts about this are from 2011 or so. Has this function been removed maybe?
I am doing this on the server side (using PHP).
Eventually, I found the problem:
I need to use a page access token instead of a user access token.
It's mentioned in the API Reference here:
https://developers.facebook.com/docs/graph-api/reference/page/tabs/
Works fine now. manage_pages is the only permission I need.
Related
I would like to find the id (app-scoped) for someone who has posted a comment on a public page.
For example, I get a list of recent posts/comments on the NY Times page via:
v2.11/nytimes/feed?fields=comments.limit(10){message,created_time,from},name,message,from&limit=2
The data returned looks like this:
"comments": {
"data": [
{
"message": "Wouldn’t know. Not paying $13/mo for this.",
"created_time": "2017-12-10T05:57:18+0000",
"id": "10151412260164999_10151414049324999"
}
],
There is no from field. The same is also true if I attempt to view the comment directly using it's id with
v2.11/10151412260164999_10151414049324999?fields=from,message,created_time
I have tried using the Facebook Graph API Explorer, using both my User Token, as well as an App Token.
Since v2.11 of the Graph API, you need a Page Token to get user data of comments: https://developers.facebook.com/docs/graph-api/changelog/version2.11#gapi-90
User information will not be included in GET responses for any objects owned by (on) a Page unless the request is made with a Page access token. This affects all nodes and edges that return data for objects owned by a Page.
In other words: You can only get user information if you manage the Page.
Edit: Since the latests update in the Graph API, you have to get the App reviewed and you must go through Business Verification or Individual Verification. (thanx #Guiman04)
Please check whether you are using the accessToken for the page you are trying to get data from, i had same issue, and was resolved by using the correct accessToken for the page.
This question already has answers here:
Facebook Graph API v2.0+ - /me/friends returns empty, or only friends who also use my application
(8 answers)
Closed 6 years ago.
I'm building a Rails backend for an iOS app. The backend needs to interface with Facebook to grab and use each user's Facebook friends.
But the Facebook 'friends' request is returning empty.
I'm essentially making the following request:
curl https://graph.facebook.com/[FILTERED_USER_ID_FOR_APP]?fields=friends&access_token=[FILTERED]&debug=all
I've looked at a ton of StackOverflow posts about this (this one, and this one, and this one, and more), but haven't found an identical problem or a solution that fits.
I seem to have set permissions correctly. Both on the Rails app and when the user authenticates through the iPhone app, I've set user_friends to be one of the permissions, and, in fact, when someone registers now, it asks them to OK the user friends permission.
But when I actually request their friends, I get a response telling me that there are many friends, but not returning any of them. The below response is for a user who definitely has friends on the app.
{
"data":[],
"summary": {
"total_count": 419
},
"__debug__": {
"messages": [
{
"link": "https:\/\/developers.facebook.com\/docs\/apps\/versions\/",
"message": "No API version was specified. This request defaulted to version v2.7.","type":"warning"
},
{
"link": "https:\/\/developers.facebook.com\/docs\/apps\/changelog#v2_0",
"message": "Only friends who installed this app are returned in API v2.0 and higher. total_count in summary represents the total number of friends, including those who haven't installed the app.",
"type": "info"
}
]
}
}
What's perplexing to me is that a) The App ID/User ID/Access Tokens seem right, because I can get basic profile info, and b) I do not get an error telling me that the request doesn't have the proper permissions. If I make a similar request without permissions on the explorer, it returns a relevant debug note:
{
"message": "The field 'friends' is only accessible on the User object after the user grants the 'user_friends' permission.",
"type": "warning"
}
If I make it with the right permissions in the explorer, it returns a list of friends (in the data array).
So it doesn't seem to be a permissions issue, but the request is returning an empty friends list. Any ideas?
With Igy's help (pointed to this answer), I found the specific answer to my issue, which seems worth adding here.
The problem was that the new 2.0+ API version only returns friends:
Who are on the app
Who have agreed to the user_friends permissions themselves.
1 was all figured out, but because I'm still testing the app out, and nobody had yet accepted permissions, my test user was the only person who had accepted permissions. Nobody else had accepted user_friends, so nobody showed up as a friend of the test user. Getting a friend of the test user to add the permissions fixed the problem, adding that friend to the list of friends returned.
I am trying to create a FB photo album, so that I can use that album in a FB AD. I am using the following request on fiddler:
POST https://graph.facebook.com/v2.5/{page_id}/albums
and I pass the page access token in the body of the request. I keep getting this reply:
{"error":{"message":"(#200) Requires extended permission: manage_pages and publish_pages","type":"OAuthException","code":200,"fbtrace_id":"FCspsWIecMV"}}
After a lot of research, I found this video: https://www.youtube.com/watch?v=vZ28bjBNk6I
This video shows how to give extended permissions, which seems to be the problem, but it is not working properly. I used the following query to give the necessary permission to myself:
https://graph.facebook.com/oauth/authorize?client_id={ap_id}&redirect_uri={our_page}&scope=publish_pages
But it only redirects me to the 'our_page' link. But the first time I have used this link, with "manage_pages" in the scope, it actually has shown me the page in which I had to allow this permission. So I guess the query is correct, because by querying the /me/permissions I get this:
{
"data": [
{
"permission": "manage_pages",
"status": "granted"
},
{
"permission": "public_profile",
"status": "granted"
}
]
}
Any tip on how I can get this done?
I found out that, by selecting the app in the https://developers.facebook.com/tools/explorer, the necessary permissions are then shown for the specific request. After clicking there, all my requests started to work, so it seems that this method is permanent. Below there's an illustrative screenshot of how to do it.
I have a facebook account I KNOW has articles posted to the open graph as read actions under the news.reads global namespace (I can see them under the News aggregation in my timeline) but when I try to get a list of them using this api address:
https://graph.facebook.com/me/news.reads?access_token=[my access token]
it returns:
{
"data": [
],
"paging": {
"next": "https://graph.facebook.com/me/news.reads?access_token=[my access token]&offset=25&limit=25"
}
}
as though there were no articles posted at all. I checked my permissions and cant find anything that might be causing this issue. Anyone know how I should be accessing this data correctly? Thanks!
You need the user_actions.news Permission in order to access the user's list of news reads, otherwise the array comes back empty
I'm running into a situation where requesting a list of permissions that a user has granted to a canvas application intermittently returns an empty array.
The graph request would look something like this:
https://graph.facebook.com/[uid]?access_token=[token]&fields=permissions
Typically, a normal response would look something like this:
"permissions": {
"data": [
{
"installed": 1,
"email": 1,
"bookmarked": 1,
"publish_actions": 1
}
]
}
Occasionally though the response looks like this:
"permissions": {
"data": [
]
}
The code equates this situation to the user having not granted any permissions and restarts the auth flow. The problem appears to be intermittent, because the users eventually make their way into the application and if I manually retry some of the failed requests I find in logs the permissions are returned as expected.
Looking at the User API docs (http://developers.facebook.com/docs/reference/api/user/), it looks like permissions that are not granted are excluded. It's not clear from the documentation what happens when no permissions are granted. One would assume an empty map, which would render a response something like:
"data": [
{
}
]
However, even if the response is an empty array, the point in the code where this request is made should not be reachable without accepting a least some permissions.
This leaves me with a few questions that I'm hoping someone with relevant knowledge can answer:
Are there any circumstances under which the permissions granted by the user to the application are not available via the Graph API?
Are there any circumstances under which a canvas application can be authorized by the user without granting any permissions? (cancelling the auth dialog results in a request with additional query string params, which is handled differently)
Are there any circumstances under which a user can revoke initially-granted permissions without de-authorizing the application?
Edit:
Based on the discussion below I would like to clarify that my app requires the email permission, which does not appear to be revocable. The app has always required the email permission, so there shouldn't be a case of an older install without that permission.
Nope, not to my knowledge.
That situation is called basic permissions, where no additional permissions are specified in the scope parameter during login
Yes, the app user can revoke certain permissions. Go to (http://www.facebook.com/settings?tab=applications) and click edit on one of the apps (for example Groupon or Music or YouTube) and you can see there's certain permissions that can be removed by the user at any time. So it is good your app reads the permissions it still has available to it. It might save you some wasted graph calls to objects/actions you're no longer able to get.