I've been trying to figure this out for a few days now and have read a bunch on the google apis.
In short, I'm trying to build an Iphone app that basically shows my google public calendar but most importantly get the events and do some stuff with them. <-- possibly a different question later.
I am missing something simple. I have created an api key and associated that with my iOS bundle ID. I have not, however, created the OAUTH stuff on the premise :'Use API keys to identify your project when you do not need to access user data'
I dont need the users data, just MY events data. am i correct in this?
I have gotten the gData lib to work and download the events however, i have to enter my email and password in code which is not acceptable. I have seen code where developers are putting their usernames and password in client code. Is that right?
With the my API key i do this #"https://www.googleapis.com/calendar/v3/users/me/calendarList?maxResults=10&key=xxxxxxxx";
and get this:
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
Do i HAVE to use oauth? Where should i go from here?
Thanks!
I think I have found that i must use an oAuth token. this page has been most useful to me
http://cornempire.net/2012/01/15/part-3-oauth2-and-configuring-your-application-with-google/
And i believe is the best way of handling authentication if i HAVE to use oAuth. Though I'm not sure why if i tie my API key to my iOS bundle ID.
Related
I am building a dedicated CRM solution and it is supposed to show the list of Facebook leads of the client and then convert manually it to internal lead . I am managed to setup a websocket client and Facebook is sending me lead details including leadgen_id.
{
"object":
"page" ,
"entry": [{
"id": "*****" ,
"time": 1627211279 ,
"changes": [{
"value": {
"form_id": "******" ,
"leadgen_id": "******" ,
"created_time": 1627211277 ,
"page_id": "******"} ,
"field": "leadgen"}
]}
]}
Then i have created an user access_token using Facebook's graph api and requested for the details of the leadgen_id using api endpoint
https://graph.facebook.com/v11.0/<LEADGEN_ID>?access_token=<ACCESS_TOKEN>
I was able to get the details of the test lead I created with the Facebook 's lead testing tool. But when accessing the production leadgen_id I am getting an exception with following as response.
{
"error": {
"message": "Unsupported get request. Object with ID '<LEADGEN_ID' does not exist, cannot be loaded due to missing permissions, or does not support this operation. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api",
"type": "GraphMethodException",
"code": 100,
"error_subcode": 33,
"fbtrace_id": "*********"
}
}
Then I have tried using a system user token and its not even working for the test leads. In some part of documentation it is saying that I need to complete App review to access live data using lead_retrieval and in some other part of documentation its quoted that I don't need app review to use API for internal users . And I don't get the point of creating a 'login with Facebook' for this internal app specific for one user .
Is there anyway other way than completing app review to access lead details using leadgen_id ?
Its turns out I need to complete the app review specifying it as a 'Server to server app' on the review description, which doesn't need any Login with facebook button . Got the idea from https://developers.facebook.com/docs/app-review/resources/sample-submissions/server-to-server/
Our Facebook Ad system uses work position in its targeting spec as documented here: https://developers.facebook.com/docs/marketing-api/targeting-specs/v2.3#education_and_workplace
Sometimes Facebook deletes existing work positions and API requests to update the targeting spec fails:
{
"error":
{
"message": "Invalid parameter",
"type": "FacebookApiException",
"code": 100,
"error_subcode": 1487079,
"is_transient": false,
"error_user_title": "Invalid Targeting Spec",
"error_user_msg": "The specified targeting spec is not valid because: Job Titles with id 1542119359378854 is invalid."
}
}
The same happens with interest, but there is an API request to validate interests: https://developers.facebook.com/docs/marketing-api/targeting-search/v2.3#interest_validation
Is there something similar for work positions? (Probably undocumented?)
I could do requests to the /search/ API endpoint, but then I'd run into API request limits.
Unfortunately you are out of luck; there is no validation feature for work positions.
However, the example on the Facebook docs page you mentioned ([{'id':105763692790962, 'name':'Business Analyst'}]) seems to contain a working Facebook ID. Fetching e.g. https://graph.facebook.com/v2.2/105763692790962 will return the following output, so long as this profession exists:
{
"category": "Profession",
"name": "Business Analyst",
"id": "105763692790962"
}
This is of course not entirely what you are looking for, but if you want to limit the number of requests you make, you could implement your advertising app in such a way that it only tries to resolve professions by their ID once you run into trouble with your targeting spec. Getting back data for such a sanity check-request indicates that a work position is still valid. Should it not be valid any more, you can resort to using the /search endpoint to find a replacement.
You could also suggest that Facebook add this feature: https://www.facebook.com/help/suggestions
I am having some unusual errors while fetching some data for some users via graph API.
As for example w all know we can get basic user info via graph.facebook.com/username
And it works. But it is not working for some users. Like the user www.facebook.com/sanzida.tanzum is a valid facebook user. So, we should get her basic info via graph.facebook.com/sanzida.tanzum. But when you will try that, you will get the error
{
"error": {
"message": "Unsupported get request.",
"type": "GraphMethodException",
"code": 100
}
}
And it is not a permission issue because use user herself gets the same error when she try to retrive her own data via graph API. Actually the user sanzida.tanzum is invisible to graph API. For example user sanzida.tanzum is on my friend list. You can check here. my friendlist.(it is public). But when I retrive my friendlist via graph API, my friendlist is shown excluding the user sanzida.tanzum ! But she is in my friendlist!
I have tried to contact facebook for this matter because I did not find any doccument related to this matter. They replied it is usual. (probably they did not read my mail at all. I am including the email conversation with facebook)
Hi তৌফিক,
They are getting errors because they are not you... they dont have
permissions to see the same things you do. They might also be missing
an access token. Either way: no bug here.
Thanks,
Emrakul Security Facebook
-----Original Message----- From: *****#ovi.com To: Subject: Report a Security Vulnerability - Unusual bug in facebook graph API
Your Email Address: *****#ovi.com Do you have technical details of
a security vulnerability?: Yes Vulnerability Type: Privacy /
Authentication Vulnerability Scope: Platform Developer API Title:
Unusual bug in facebook graph API Product / URL:
https://graph.facebook.com/sanzida.tanzum Description and Impact: I
was doing some graph API calls for testing purpose. Mostly I was doing
mostly user profile calls. (https://graph.facebook.com/exampleuser)
Somehow I realized facebook is giving following errors for some users
even they are on my friendlist. Same thing occurs when they try by
themselves.
As for eample the user "https://www.facebook.com/sanzida.tanzum" is on
my friendlist. (My friendlist is public.You can check if you want.)
So, according to facebook graph API, I can request the user's basic
info using (https://graph.facebook.com/sanzida.tanzum) But it returns
this error:
"{ "error": {
"message": "Unsupported get request.",
"type": "GraphMethodException",
"code": 100 } }"
Actually graph API can't access nothing of this user. Another
example.. When I request my friendlist via graph API , All friends of
my friendlist is shown except the user (sanzida.tanzum). But she is in
my friendlist! check here (my friendlist is public)
"https://www.facebook.com/toufiqueimam/friends". So why is this
happening only for few users?
Just now I got confirmation that the user herself gets the same error
if she tries to access (https://graph.facebook.com/sanzida.tanzum)
{ "error": {
"message": "Unsupported get request.",
"type": "GraphMethodException",
"code": 100 } }
Reproduction Instructions / Proof of Concept: Reproduction: first go
to https://www.facebook.com/sanzida.tanzum You will see it is a valid
profile. Now try https://graph.facebook.com/sanzida.tanzum You will
get following error
{ "error": {
"message": "Unsupported get request.",
"type": "GraphMethodException",
"code": 100 } }
This isn't a bug, the error means that the data you're trying to access is not accessible to you, does not exist, has been deleted, is not available because you haven't provided an access token from a user who can see it, etc.
See this answer for an example of this error message in relation to Facebook pages: https://stackoverflow.com/a/6847088/21062 - the same is true when trying to access user profiles if that user has blocked you, blocked your app, disabled their account or disabled all apps from accessing their information.
Just an FYI, I ran into this problem, and it wasn't because the user had blocked all applications. In my scenario, my application was attempting to force-convert Facebook's 64 bit integers into a 53 bit JavaScript integer (Node application). It was mangling the value, so when I was making the Facebook GET Request later on in my application lifecycle, I was doing so with the mangled value, and Facebook was trying to tell me "Um, this UserId doesn't exist".
So in my application, I had to use the Node Big-integer add-on, along with the Mongoose mongoose-long plugin for my Mongodb.
Long story short, if you are converting the UserId to it's native 64 bit integer, don't do so unless the intger type in your application is at least 64 bits.
I'm following the documentation here:
https://developers.facebook.com/docs/opengraph/using-object-api/
Using the following:
/me/objects/<app-namespace>:<created-object>?privacy={"value":"SELF"}
&object={"image":"https://<image-url>"}&access_token=<user-token>
Testing with the Graph API tool i'm getting this error:
{
"error": {
"message": "(#200) Requires extended permission: publish_actions",
"type": "OAuthException",
"code": 200
}
}
Ok well that seems obvious until I debug the access token:
Valid True
Origin Mobile Web Faceweb
Scopes publish_actions, user_friends
Anyone else seen this or have an idea of how to fix it?
EDIT Ok so I had publish_actions in both User & Friends and Extended permissions. I removed the User & Friends permission and now I get this:
{
"error": {
"message": "An unknown error has occurred.",
"type": "OAuthException",
"code": 1
}
}
Me no like unknown.
Ok so a couple things to note here that went wrong.
I picked an object type as an item thinking it would be <myapp>:item in the call. Well as it turns out the item is actually a product type so it is product.item a global type. What is handy is to actually click the get code link on the objects you create. Solution was to actually create my own app object type, which I thought I had.
In the Graph API make sure you actually use the application pull down in the top right to select the right app. I noticed some issues when it was set to the generic Graph API Explorer app.
Silly mistakes but cost me some time, hope it helps someone else.
Yesterday I started a new app on Facebook. Today I got the message that when people copy the link to Twitter they get an error. This is what you get:
{
"error": {
"message": "Unknown path components: /your_namespace:your_action",
"type": "OAuthException",
"code": 2500
}
}
What does this mean? What could be the problem?
Are you actually sending the POST action link to Twitter? Why?
I think you misunderstood how Open Graph works. Basically, you should be the one publishing actions when users take an action using your service. You can use a server-side or a client-side language to POST request (when you click a link, your browser actually makes a GET request, not a POST) to https://graph.facebook.com/me/namespace:action?access_token=ACCESS_TOKEN&OBJECT_PATH=OBJECT_URL
Note that you need to create an app, use it to authenticate users to get the access token and also set your custom actions / objects. These will need to be approved before you can actually use them.
You should start by taking a look at the sample apps to see how they work: https://developers.facebook.com/docs/samples/