I'm new to the Facebook Graph API!
I want to display the 5 latest news feed items from my public Facebook page. I understand you can do that through https://graph.facebook.com/cocacola/feed/?limit=5, but it requires an access token, however, https://graph.facebook.com/cocacola doesn't.
When these access tokens are generated through Facebook's Graph API Explorer, what permissions are given for the token? Just the information already displayed in the above link?
So would it be safe to use the access token via cURL's PHP? I only need read access. Would it be insecure to display the access token in the source code? I'm confused as to why the latter link doesn't need an access token while the /feed/ does, even though it's a public facebook page.
when you use your app in a website there is a parameter that defines how much access you have from the user, u can set up params like, email, photo_stream, friend_stream, etc. when the user accepts the conditions, the generated AUTH TOKEN has permisions from that scope.
Related
We are using Graph API for accessing public feed from our own Facebook Page.
What is the best way to obtain Access Token, so the requests are not dependant on one person's (my) User Access Token?
So after I leave the project, someone else can use the same token, without it being associated with me, but with the Page or a company instead?
Page Tokens are always tied to a specific user, because you need a User Token to generate a Page Token. For a non-restricted Page, you can just use an App Access Token though. It has no relation to any user.
More information about Tokens and how to generate them:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
I've read alot of topis, alot of docs. Literally i read them since morning.
From what I got there are few kind types of tokens: App token, App access token, User Token, User access token, Page access token.
While tokens with access allow some kind of action. the non-access tokens seem to allow me to generate a token of access type. Corrent me if I'm wrong. Docs are terrible and some answers are outdated due to facebook updates.
So basically, what I look for is to be able to:
$permanent_token = 'A token, which will allow me to generate access tokens whenever I request';
// And that token could be used for:
file_get_contents('https://graph.facebook.com/v2.1/me/accounts/?access_token='.$permanent_token);
// Some code here to extract page access token and write it to variable $app_token
file_get_contents('https://graph.facebook.com/v2.1/{page_id}/ratings/?access_token='.$app_token);
// Note: I may've missed some steps... those are the ones I lack I think.
Without having to make any user (including me) to login. It's more like I need some kind of API Key and method to generate access token.
And would prefer NOT to use facebook SDK. Just pure graph url calls.
This is the most import page to read about Access Tokens: https://developers.facebook.com/docs/facebook-login/access-tokens
There is the App Token, the User Token and the Page Token. A User Token can be extended to 60 days, a Page Token can be extended to be valid forever.
/me/accounts needs a User token, so there is no permanent Token to use that endpoint.
/{page_id}/ratings/ needs a Page Token and you probably want an extended one.
How to get an Extended Page Token is explained very well int he Facebook docs, here are some articles:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
http://www.devils-heaven.com/extended-page-access-tokens-curl/
Btw, i suggest not using file_get_contents but CURL.
And in order to get a User Token or Page Token, you MUST authorize/login with a User account. One that is admin of the Page, obviously.
If You are trying to get photos and captions like me, You could do like this:
Enter on facebook developer page: facebook developer
Create an app to the page. (I created to a not mine page)
Access on facebook developer menu: Tools & support and select access token tools.
There you'll find: User token - App token.(There some important text on the top)
copy App token. (should not be hard coded where is possible to see like on javascript)
create a php file to return a JSON.
use file_get_contents($url) function to get a facebook JSON.
echo the file_get_contents return.
finally, get on your page your own returned JSON from the created php file with the data desired and use it.
Obs: My URL is something like this: https://graph.facebook.com/desiredpage/photos?type=uploaded&access_token=013245667890|qwer-adsFGsfgsdGsfg
pay attention to the token on the URL that I pasted.
I use the following code:
$access_token = $object->getAccessToken();
This method sometimes generated an access token (118-char string)
and sometimes it's a 49-character string with a pipe symbol which does not work properly.
Can I use same access token to post feed with different user id?
Why do access tokens not work properly in safari with iframe & non iframe?
Is there any link do access token documentation?
Firs of all there are two type of tokens that are generated by Facebook
Application without User
When there is no user using the application the application uses what is known as "App Access Token". The app access token can be represented as
<APP ID>|<APP Secret>
This token can retrieve all the public domain information for different Objects in Facebook, like it can be used to retrieve basic information about a User with specific ID, likes on a Public Page, Public Posts on a Page.
Application with User
When User authorizes the application Facebook generates a "User Access Token" which is the access token with longer length. You can't use User Access Token of one user to do the actions on behalf of another User and if you try the action will be done as the User for whom the token was generated for(If you are not Using Extended Access Token it will also expire).
There is issue in setting the Cookies within an iframe in the safari due to which there is some issues in the application working.
For further clarification on Access Token check this documentation
Interesting problem I'm having right now.
Signing in an App gives a access token looking something like this:
AAACwFsGcSr4BAOGUTwfuZAWuUcwZC0rJ7noZCKMqhBI7ivDCsIGqduGIZCus5PRaS6KuREqxLmhfvZAZAkz5WCpFfANtUpYHgZD
This access token can't access users PUBLIC information, while one issued by Facebook on developers.facebook.com - CAN.
You can easily test this by logging to your facebook and going to this link: http://developers.facebook.com/docs/reference/api/
You'll see that Facebook automatically generates access token on DEMO urls like this one:
https://graph.facebook.com/me/music
?access_token=2227470867|2.AQCvlA_ZaJ2MfRR0.3600.1318266000.0-100001572415177|2FeweU6ZvOQS9OCF5ZBV58_PtPg
If you would change /ME/ to any user which has his MUSIC posted as public, you WILL be able to access that data with Graph API.
Now try to get an access token to your APP and call the same Graph API method with generated access token, the returned data is empty JSON object.
Whats’ the difference between these access tokens? How to obtain access token, that I could get public information using Graph API?
I was thinking that logging in your APP is the highest possible access token and the only higher token is token with specified permissions...
Any guidelines would be great :)
http://developers.facebook.com/docs/reference/api/permissions/
I believe the difference is that you can specify additional permissions in a scope parameter,
so if you wanted to read a user's feed you would have to specify read_stream. I was trying to accomplish this with an access token from a server-side authentication flow in ruby, but the access token only allowed to me to navigate accross a certain portion of graph.facebook.com/user_id/feed? requests. If you get any insights or comes across a solution shoot it my way too, if you can.
On the documentation page for Facebook Graph API there are a lot of example links such as https://graph.facebook.com/me/likes?access_token=SOME_AT
Could anyone explain how the access_token for these links are generated?
All I've read in the documentation were about getting access_token only for applications, but on that page everyone could get an access_token without one.
You can use the graph API to get public information. People set privacy settings on facebook, so to prevent social freaks from stalking you, they(fb) created Autorisation.What I believe is that on the documentation, they are generating the access token using the Developers App. You can generate this Access token by making an application and asking a user to Authorise your application to access his data using OAUTH dialogs. Usually people reading at developer.facebook.com have enabled the Developers app so it easily opens your information.
The Graph API as such allows you to
easily access all public information
about an object. For example,
https://graph.facebook.com/btaylor
(Bret Taylor) returns all the public
information about Bret. For example a
user's first name, last name and
profile picture are publicly
available.
To get additional information about a
user, you must first get their
permission. At a high level, you need
to get an access token for the
Facebook user. After you obtain the
access token for the user, you can
perform authorized requests on behalf
of that user by including the access
token in your Graph API requests:
The access_token in these links are generated using your Facebook identity and an application ID (presumable associated to "developers.facebook.com"). If you go to the same page with another Facebook account, you will see different access tokens.