According to Facebook Devlopers: Test Users, I can list the test users of my facebook app by making a request to https://graph.facebook.com/APP_ID/accounts/test-users?access_token=APP_ACCESS_TOKEN. The response includes a valid user access token for each user.
How can I get a valid user access token for a specific test user without downloading the whole list of test users?
Test users should be able to be authenticated with your application in the same way as an other user. So use the Authentication flows while logged in for a specific test user.
Other than that there is no way to call one by one without parsing with code.
Related
I want to write a process which downloads data about my ads.
Basically this is the code:
https://github.com/airflow-plugins/facebook_ads_plugin/blob/master/hooks/facebook_ads_hook.py
It construct a URI as:
https://graph.facebook.com/v{api_version}/act_{account_id}/insights?{payload}
Where payload contains the access_token, breakdowns, fields etc..
Now, I passed over the facebook dev guide https://developers.facebook.com/docs/graph-api/using-graph-api/ and it doesn't explain how do I get the account_id and the token.
It always leads to a user account that needs to log-in to facebook and then process the request.
I want to build a process that doesn't involve user action. Just download logs about my ads.
How can I do that? Where can I get the account_id and the token.
In other systems like google and other they create a json file with credentials that is used for the outh. there doesn't seem to be equivalent with facebook.
For this type of use case, I would create a System User that is permissioned on all your ad accounts, following this guide. That will allow you to generate a token that can used without user login. (You can do the same for your personal facebook account, but that requires you to pass app verification. This can be done without that.)
Then to get the account ids of all the accounts the system user is permissioned on, query the "me/adaccounts" endpoint, using the access token generated for the system user. The docs for that are here. You can use that to get a list of all the account ids.
Alternatively, if you only need one account id, you can get that straight from the facebook ads manager.
I try to get ads performance data using this api: https://graph.facebook.com/v2.5/{ad-account-id}/insights. User access token is needed when doing this request. I have several ad accounts. But one user access token is valid just for part of my ads accounts. The error message is "(#10) You do not have sufficient permissions to perform this action". Why? (I can access the dashboard report of all ad accounts.)
Every user access token is related to an app. I have two user access tokens which are generated with different apps. If I change to another access tokens, the ad accounts of which I can get performance data by api are different. So I guess this is related to apps by which user access token is generated.
Access tokens are made of up a user + app. Make sure both the user, and the app have access entity you're trying to access (in this case, ad account).
Also, when generating the token make scope includes the permission for ads_read
We have Rest Api created by Laravel 4 Php framework. We are using combination of scope and grant to prevent users accessing some resources. But we are having problem preventing one user accessing another user data.
For Example- in our application a user can log in using email and password and we use password grant type to create access_token.
user can see their access token by using browser debugging tolls. Now, that user can use postman or curl request with that access_token to get other users data. What is the best way to prevent user showing other user data ?
When user login into the system, create access_token with roles and permissions return that access token to the user. When user calls the API with the access_token, then check that users is having the permissions to access the requested data.
If that user not having permissions then return with some error message.
You can create filters for this, In which you can check access_token permissions.
Userful like for Laravel routing- http://laravel.com/docs/4.2/routing
I've found in documentation that it is possible to use appId and appSecret pair as access_token in the format "appId|appSecret".
The problem, when I'm using this technique with graph API, I don't receive the full information, only some of the fields (permissions are set in the app settings). When I'm trying to use it with FQL I get "A user access token is required to request this resource." exception.
Could somebody route me on the right track how to perform API requests?
My application is running on the server-side, that's why I've chosen these method.
E.g.
When I run GET request on https://graph.facebook.com/me/friends?fields=name&access_token="app_id|app_secret" I get correct response. But when I run https://graph.facebook.com/me/friends?fields=name,notes&access_token="app_id|app_secret" the query returns only friends id's and names. It's worth to mention, that I user has granted access to "notes" for that application.
I think this because this kind of access token can replace the app token, but not the user token.
And with the app token, you can:
This can be used to modify the parameters of your app, create and manage test users, or read your application's insights. App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application.
It means that with this kind of token, you don't have any special permission, so your request cannot work.
What you could do is send the user access_token to your server and then use this token to perform the API request.
I want to fetch feed/post/statuses data for a particular user.
But found that it is necessary to have an access token.
My concern is , do we need to have a separate access token for every user to fetch their information or merely with a single access token it is possible?
The access token is used to verify that the user making the call is verified and has the correct permissions to perform that action. Every user has his/her own access token for each application. As the comments say above, access tokens expire after a while, so you have to re-request them when the user logs back into your application.
There is also "long-term" access tokens that can be retrieved by requesting the offline_access permission. In this case the access token is valid for (i think) 30 days or until the user changes his/her facebook password.
All the information you need about access tokens can be found at https://developers.facebook.com/docs/authentication/
An Facebook Graph API access token allows you to do what a Facebook application running as a particular user, with a particular set of permissions (https://developers.facebook.com/docs/reference/api/permissions/), is permitted to do. Some data on other Facebook objects (such as users) may be available with the access token of another user, especially if they are a "friend" of the user in the access token.
For example, suppose the access token specifies User A and permission "friends_birthday". You should be able to query the birthday of user B if (1) user B is a friend of user A, and (2) user B permits his/her friends to see his/her birthday.
I don't know your full scenario, but if you are really just fetching data, you may find it easier to use https://facebookpsmodule.codeplex.com rather than writing your own Facebook application.