I have a page I cannot fetch the public profile image from. Why is that, and why does it happen?
The page in question is: (WARNING: NSFW-ish images of strippers, real sorry, only example I could find - no need to view the page anyway)
https://www.facebook.com/pages/Texas-Poolhouse/98758030102
I can access the page through the graph API. Notice that the results tell me the ID is 98758030102, as expected:
https://developers.facebook.com/tools/explorer/?method=GET&path=98758030102
And even get the image URL this way too:
https://developers.facebook.com/tools/explorer/?method=GET&path=98758030102%2Fpicture
However, using the ID, I cannot fetch the image the way I normally do. I just get a blue question mark:
http://graph.facebook.com/98758030102/picture
Are you sure you're using an access token from a user who can see the page? I can see the correct image when using my own access token - if you're not using an access token you're limited to the information which is publicly available and given the nature of the page it's probably limited to adults only because of its alcohol and/or stripper content.
I realize that this is an old question but I will add my answer for future searchers since this worked for me.
You say that using this as the image URL does not work. http://graph.facebook.com/98758030102/picture
Well I got curious and changed the http:// to https:// and entered my page ID in place of yours and it worked.
I am assuming by turning the connection secure it allows the graphi api to fetch the image.
This URL should work.
https://graph.facebook.com/YOUR_PAGE_ID_NUMBER/picture
Adding the access_token GET parameter to the url makes sure users who are allowed to view the page image will see it (18yo++ in this case). I have, however, not found a way to, through the API, determine when or why pages are not accessible by certain users.
Related
Note: I realise it's a bit unconstructive and I'm not sure whether this is the best place to ask. Please advise me of improvements.
You know you can get the link to a facebook photo (or video) by right clicking and selecting 'view image'. The result is a link like this:
https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-xpf1/v/t34.0-12/10933156_10203060010133603_822853448_n.jpg?oh=dba759bccf50f4ae560b537fa9c00220&oe=54B175C2&__gda__=1420909750_63a4972d4a589cd466a895e276fc47eb
And it's a public link, that everyone can access.
However, I kept this link in my open tabs for a few days, and later on it didn't work anymore. I went back to the photo on facebook, and did 'view image' again. I got the following link: https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-xpf1/v/t34.0-12/10933156_10203060010133603_822853448_n.jpg?oh=70ebf67dc3467b8005e2127c4c2a176e&oe=54B8B602&__gda__=1421384950_1bad935cd7546335702cca5849a374fe
Note the two links are identical up to the .jpg part, but they differ in the parameters.
Is there any way to find out what those parameters are and to generate them? Namely, if by having the link up to .jpg I can use some logic to get the right parameters to view the content (like profile id, date, encoding etc)
To get an updated link of a image, you'll need to get it via Graph API using the object id.
Example: https://graph.facebook.com/<object_id>?fields=images&access_token=<access_token>
This call will return an JSON object with all the sizes of images and updated links:
{
"height": 1365,
"source": "https://fbcdn-sphotos-e-a.akamaihd.net/hphotos-ak-xpa1/t31.0-8/10904088_10152667653291915_7973131445285931474_o.jpg",
"width": 2048
}
You can get the object id via Graph API or the link of the image on the web interface. Example of url: https://www.facebook.com/photo.php?fbid=10152667653291915 - The fbid parameter is the object id you need.
No. Those are CDN links and they expire. And it is by design they expire so no you can't generate the rest of the url
I hope I am not duplicating a question. I am banging my head against a wall for several days now. I am adding the Dailymotion PHP SDK to our site, I am using the Dailymotion::GRANT_TYPE_AUTHORIZATION, I am able to authenticate using a static call back url in my API on Dailymotion.
I want to be able to use this from several different scripts on the site. The first will be to call a link up page, so we can capture that a person has linked to Dailymotion. The second will be to upload video's through our system to Dailymotion, to that users account, not mine. I know I could do this with the authentication type of password, but I want to use the API and not have to have the visitor sign in or enter their credentials every time.
Back to the question, I see that the API can have a dynamic url, but I can not figure out how to make this work. If I someone could send me an example of how to enter this in the API section I would appreciate it. This does not work:
http://example.com/dailymotion/[dailymotion_checklogin.php]
nor does something like this:
http://example.com/callback/[dailymotion_upload.php][dailymotion_checklogin.php]
I would appreciate any help.
Thanks
Mrpepik
Replace the [dynamic] part with your dynamic part.
If your redirect URI on your API key is http://example.com/dailymotion/[dynamic], then your real redirect URI could be http://example.com/dailymotion/dailymotion_checklogin.php
When I request a photo from Facebook, some urls are like this:
https://{hidden_for_privacy}79141548_n.jpg
And others are like this:
https://{hidden_for_privacy}23364315_n.jpg?oh=c566c56ca9fd7eb1ed5d8bfca4255e84&oe=544AF123&__gda__=1414682395_6d2cb778f5b2c857d1be1c781e81cdfa
The second one has a few extra GET parameters (oh, oe and __gda_ _ (space is there to prevent bold).
When these parameters exist, the image will be invalid after a few days because those values will be different (you can check this by doing a new API call to get the same photo).
What do these parameters mean and how are they linked to the maximum timeframe?
Thanks!
I know some history and its purpose.
Originally facebook image url look like this
https://{*snipped*}/XXXXXXXXXXX_b.jpg
but there are more than on size of image available so people have access to thumbnail image can simply replace suffix _b with _n
(So now it is https://{*snipped*}/XXXXXXXXXXX_n.jpg)
to access to larger version of the image (if available).
Some time later facebook implements central image system that can dynamically crop and resize image on the fly upon request.
The url provided by facebook at this point of time may look like this:
https://{*snipped*}.fbcdn.net/hprofile-xxx1/v/t1.0-1/p32x32/12345678_123412341234123_4123412341234123412_n.jpg
And when people see the url their curiosity arise.
Let's try remove some parameter from the url.
https://{*snipped*}.fbcdn.net/hprofile-xxx1/v/12345678_123412341234123_4123412341234123412_n.jpg
And what they get is the largest and most complete version of the image they can possibly get from facebook server.
This method was working for a long time.
When people see image in their email (mostly profile picture) they can get complete version of image without even log into facebook.
It was working everywhere include private profile picture.
The quick fix and cheapest solution for facebook is to sign request path with some signature algorithm.
I guess they use HMAC as the core algorithm and derive HMAC input from various source including request path.
This will ensure that the only party who can generate valid url is the one who have HMAC key. (presumably just facebook)
Now old issue is fixed you can not use it anymore but there are more than one issue that can be fixed by adding MAC.
It is invalidation of access to images.
Let say people once publish their photo (now other can have both valid request path plus signed signature from facebook) and later on they change their mind and make the photo private.
However, people with valid url and signature can still fetch the image from facebook server.
To solve this issue with super cheap resource considered that they already implements HMAC calculation.
(And to obscure the fact that facebook does not actually delete your image from their system when you delete it.)
They decided to mix value derived from timestamp into input of HMAC.
(See RFC-6238 for similar usage)
So signature refreshing from facebook is periodically required to gain access to photo.
This solved the latter issue with very cheap additional resource.
And here you have it.
Some of history and rationale behind facebook's parameters.
I'm certain that there is no official document about the time frame but it should not be difficult to do some experiment yourself considered that now you know that the value of time frame you want is fixed and predictable.
I think they are facebook image session keys and they produced by facebook on every image showing. So fb servers consider that the request for an image is allowed and known by facebook itself.
Sorry for my bad English and my shallow comment, but i think the solution of this problem may be that fetch a url for a new image session when old one expired. Or i don't know your whole system but maybe you can connect to that assign-keys-for-images mechanism of facebook directly and get all fresh links.
If I am right about those parameters' working mechanisms purposes, i think there is no second solution.
Sorry for my bad English again.
I found the answer (finally). The point is that the photos are not public. If you request a private photo through the API they add a query string so that the url is not valid anymore after some time. Therefore the photo is still somewhat "private". The feature is understandable and there is no workaround other than downloading the image to some other place.
there's only one similar question and it's not been answered. not for me at least.
There are public pages on Facebook, suppose i want to get their photostream ? their album pictures ?
I don't see how the Graph API allows me access since i can't get an access token, if i browse from my browser, NOT LOGGED IN, i can still see this public information, so how do i use the AI to access it.
BTW, i tried scrapping with python+mechanize and it's no go as if u get the regular we photo stream u get only partial, no all of it and the rest you need to scroll or to know how to build the same request the browser is building, but suprise suprise the JS doing the request is obfuscated pretty well...
Any help ?
in short it's not possible to do what i wanted annonymously, moreover at the moment, only some of the API works in the web site by accident only, if u are not logged in FB do not want to let u see any page and anyone, considering the last article about their cooperation with the US gov. it's not surprising.
In any case i just use grease money and FF to get a full page\album and then download the whole thing and i i need scrapping i'll do it on those pages with a script.
basically if i log in i can get a full page using the scripts in script monkey.... though script monkey is easier since he has the browser to parse all the data and works inside the browser...
I gave up after 3 weeks...
I'm trying to implement a feature like that where a user inputs a url and when displaying that url I want to have a custom display (an embed object if it's a video from youtube, a thumbnail if it's an image link, title and excerpt of body if it's a normal link).
How can such a feature be realized?
There is a new idea called oEmbed that a few sites support (Flickr, Vimeo and a few others) that addresses this problem. oEmbed site
Otherwise, just check the site against a list of ones you pick and then pull out the relevant bits to construct an embed link.
I liked the idea of oEmbed a lot but unfortunately it doesn't has that much adoption yet.
oohEmbed tries to solve this issue by building oEmbed for many websites.
For the feature to work, it needs the server's interaction where I believe the following scenario is how it works
Assume that we have the site humanzz.com and that it provides such feature
A user enters a url on the humanzz.com's webpage and presses a button like facebooks' preview button
An AJAX call is made to a dedicated page on humanzz.com
humanzz.com does calls the remote website and gets its data
The AJAX call now returns the page's data (oEmbed JSON object)
This involves so much server's overhead.
I really wanted to do it using JavaScript as the server's role was only to bypass "Same Origin Policy"'s restrictions.
oohEmbed allows bypassing the server's step by specifying a callback parameter to oohEmbed so that the JSON object returned is passed to a callback function on your page.
An example illustrating this is as follows
Add a script tag dynamically to your page
< script type="text/javascript" src="http://oohembed.com/oohembed/?url=http%3A//www.amazon.com/Myths-Innovation-Scott-Berkun/dp/0596527055/&callback=myCallBack">< /script>
This would result in executing myCallback(oEmbedJSONObject) which is great.
The problem with that solution is you still have to have a fallback for websites that don't have oEmbed representations.
For the embedded things, I have been using auto_html ( https://github.com/dejan/auto_html) with great success (vimeo, youtube, images) and even added soundcloud myself. But I am still looking for a "thumbnail" generation with an image and text facebook-like.
I guess you have to construct it by yourself by manually parsing the kind of URL you get.
If it is an image url, well then you just have to rescale it and in case the user clicks on it, then handle that by opening the original one somehow.
If it is a link to some youtube video, then you have to take a look at how the embedding of Youtube videos works. You can just copy the code that is provided by Youtube itself, and then exchange the parts with the URL to the video with the URL you got from your user.
I did never implement something like that, but I assume it should work somehow like this.