I have set up a facebook app so people can post stuff from my site directly to facebook using the graph api.
I request offline access and manage_pages so that they don't have to be logged in to facebook, but just to my site.
I also have set up the ability to post to a fan page they are managing directly from the site.
both those things definitely work because i have a fan page and i authorized it on my site and am able to post stuff to it directly from my site.
the problem is that when i send the access token to facebook /accounts?access_token=XXX, nothing is being returned for some users even if they are definitely managing (they sent me a screenshot showing they were the manager of the page)
looking at the access tokens i noticed that mine looks like (this is fake):
200785063253279|561ec27497172e3ddvs32dsc.1-10002342352350235|kB2_OoBtsgscsVW2mKMijfNdvb0
while the users in question have an access token like (again - fake):
AAAC2nOrFTH0BAJjMgS3h22ADhirwsfweRT35235LGcZCGisrefwae5tSF535DGlLKJOIBMnrMnI324sfasdSFOIjo325sIigfWOE1aNbvd8wAZD
I can't help but notice the vast difference between the two. is there a reason? is that why i am not getting any page info when i send the request to facebook?
Any help is appreciated!
The first Access Token is the old access Token format and the second Access token is the new Access token format.
This new format was announced a year ago:
https://developers.facebook.com/blog/post/497/
And rolled out last September:
https://developers.facebook.com/blog/post/2011/09/09/platform-updates--operation-developer-love/
Any new Access tokens you get from the system will be of the new format.
Related
I try to fetch some images from an instagram business account through the instagram graph api by means of a permanent page access token (facebook: permanent Page Access Token?). These specific tokens seem to be the only possibility to get permanent access to the graph api for a server-side app.
On the other side I found a hint in the fb documentation that only user accesss tokens can be used to access instagram business accounts.
"Page access tokens are not supported."
https://developers.facebook.com/docs/instagram-api/overview/?locale=en_US
Funny enough I was using page tokens so far without any problems. After resetting the database of my project and generating new tokens I observered that some accounts weren't able to fetch the data while others had no problems.
"Unsupported get request. Object with ID 'XXX' does not exist, cannot be loaded due to missing permissions, or does not support this operation."
I had 2 instagram accounts: 1 was working with page access tokens the other didn't. So, I checked it in the fb graph explorer. Using the user access token I have no problem with both accounts. Using the page access token respectivly for both accounts one is working fine for the query while the other isn't. A third account that I created has the same problem.
Things I tried to resolve the issue:
deleting all permanent page access tokens from my database and generate them again
generate the permanent page access tokens manually by means of the fb graph explorer tool
turn my instagram account back into personal and then again into a business account through the app
turn my instagram account back into personal and then again into a business account through the facebook page
create a new instagram account and a new facebook page to connect (repeating 3. and 4.)
My questions now:
Can I use permanent page access tokens for the instagram graph api?
If not, how do I get permanent server side access to the instagram graph api?
I am now searching the internet and stackoverflow for days and getting crazy because I seem to be the only person experiencing this problem. So, help will be highly appreciated by my fellow developers. Tia.
Since yesterday everything works fine again also when using the permanent page access token. Seems like fb resolved an internal bug. However, the question remains, if page access token can be used in general or if it is just a bug itself.
I'm fairly new to facebook development and I still get confused about the oAuth thing.
A client of mine asked me to show the latest posts, links and statuses of his facebook page to his website.
On the a php page on his website I'm creating a url
"https://graph.facebook.com/".$clientFacebookPage."/posts?limit=1&access_token= xxx
In order to json decode it and display the info I want, but I don't know how to get an access token. I generated an access token with the graph explorer that is tied to my name as a facebook developer but that expires in 2 hours.
There are many thing that confuse me already and I hope you can point me towards a solution
I've read the documentation but everything revolves around users getting logged on your app and you app posting. So my questions are:
Do I need to create an app to do a curl (requiring special permissions) using the http://graph.facebook/xxxx url?
If so, does the adming of the facebook page need to authorize with the app?
What do I need to do next? I can create a web page using the app id and secret. Does that mean that I can retrieve the info of the facebook page? How?
I know that the page needs an auth token to curl the http://graph.facebook/xxxx page and retrieve the data needed. Where can I generate it? Does the webpage need to generate it, or do I have (as the app developer) acquire the token and write it to my php code?
If I log out of the facebook, will the program/webpage stop functioning?
I hope I didn't confuse you.
Thank you.
The basic process for obtaining an access token for a Page is as follows:
1. Get a user access token for a User who is an admin of the Page
2. Using this User token, request graph.facebook.com/me/accounts and look for the correct Page ID in the list returned.
3. Grab the associated Page token from that ID
4. Use it to do Page stuff.
There is a newly launched Facebook docs guide which shows you how to obtain one of these access tokens in a step-by-step fashion:
https://developers.facebook.com/docs/howtos/login/login-as-page/
Hopefully that guide should help you.
I will also answer your questions in order:
Yes, you will need an app in order to generate access tokens to make API queries
Yes
This is in the guide linked above (start at the Getting Started if you need to create a way to get a User Access Token also)
Again, see the guide above
Yes, but you should follow the steps in this guide to generate a long-lived access token. Once you do that, any Page token you retrieve will last forever.
I'd like to show my facebook wall posts on my website.
So i don't want to authenticate users with a dialog, to grant them some rights, i just want to show him my wall with comments (no ability to add comment just read only access).
As i know there isn't unexpired tokens now so is it possible to access just my data without requesting token every time it expires?
I'm using asp.net mvc but i think this sultion doesn't depend at platform at all.
You should:
Make your Facebook Posts public
Call the API endpoint: https://graph.facebook.com/{your_id}/feed?access_token={app_access_token} with your user_id and valid application access_token
Show the results on your website.
The App Access Token doesn't expire so you won't have a problem. As long as the posts are public, the API will be able to pick them up. In theory, your posts should be public anyway so anonymous users can see this.
This also gives you the ability to share stuff privately and not have it show up on your website.
I need to make an web application to manage posts, when a post is made sometimes I should post a brief promotional message one of the company fanpages on facebook (depending on criteria on the post).
This is possible right now using the offline_access permission: create application A, request the manage_pages, offline_access, publish_stream permissions and with that access token you can connect when you want to the graph api and post to the page.
Since offline_access is being deprecated and is going to be removed in May 2012 I was wondering how it would be possible to post to different pages of the company.
I can't implement any of the OAuth authentication mechanisms since the final user that uses the web application will not have access to the fb account that is page administrator and the posting to facebook should happen in a backend process not interacting with the user.
A workaround I found is to post to the page by posting on the admin user stream and tagging the page (that would only require publish_stream), but the Graph API is bugged and doesn't allow you to tag in posts. In code (Ruby + Koala) it would be something like this:
oauth = Koala::Facebook::OAuth.new("app-key", "app-secret", nil)
api = Koala::Facebook::API.new(oauth.get_app_access_token)
api.put_wall_post("message #[page-id:1:page-name]", {}, "admin-user")
The only problem is a bug in the facebook API prevents you from tagging stuff in posts to your stream.
Is this kind of model not going to be supported anymore? Anyone knows of any workaround?
You can increase 2 table columns in your app namely short_access_token & long_access_token.
Once user authenticates your app, an access token is generated, store it in short_access_token. Then pass this access token to:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID& client_secret=APP_SECRET& grant_type=fb_exchange_token& fb_exchange_token=EXISTING_ACCESS_TOKEN
Once you run this, an access token with 60 days validity will be generated. Store it in long_access_token. Now, use this long_access_token for 60 days.
You can add another condition where if the long_access_token was generated more than 30 days ago, just take the short_access_token and generate a new lon_access_token.
You can generate long lived access token only once a day i.e. the first time. Use this long lived access token to manage paes (if you've already got the permission).
Ref: https://developers.facebook.com/roadmap/offline-access-removal/
The only workaround you have is to give the app user page administrator access to the various pages, so when you do post to the page's wall, it can be posted as the page rather than a post as the user. However, you will only be able to extend a "valid" user access token to 60 days per Facebook's new rules. But with that 60 day user token, you can then get a 60 page access token, so you can post as the page to the page.
If you don't have the requirement of posting to the page as the page, then it's pretty simple to do it without attaching that user as a page admin. Just let them be a normal user.
As mentioned in this other question, if a user grants the publish_stream permission, I can publish to that user's wall using an app access_token. I tested that and it works. But I couldn't publish to the user's pages using the app access_token! Am I missing something?
Right now I use the /me/accounts/ connection to get the access_token of the pages, and use that to publish. But this is a huge headache for me and for users because these tokens expire often (when users change their password, ...et), and every time that happens the publish fails and I need to email the user to come login again so I can retrieve a new access_token for the page. It's a bad user experience and I'm trying to find a way around it. The app token works for publishing to users, which is great, but I couldn't find a way to make it work for pages. Any tips?
Edit:
To clarify further, I currently request the manage_pages and offline_access permissions, and then fetch the access_token of each page and use that to publish to it. That works. The main problem is that tokens expire, even with the offline_access permission. The most common reason a token would expire is if the user changes her password. Here is a common error that I get a lot when publishing to Facebook pages.
Facebook error. type: OAuthException, message: 'Error validating
access token: Session does not match current stored session. This may
be because the user changed the password since the time the session
was created or Facebook has changed the session for security reasons.'
To handle this, I email the user and ask them to visit our app again, and when they do I grab a fresh set of access_token to work with. But that's problematic because users are confused about why the error happened and blame us for it, and some users don't open their emails so the problem doesn't get solved and then they're angry later when they discover that our app had stopped weeks ago without them asking it to stop.
That's why I was hoping that I can publish with the app access_token to avoid these problems. Since it works for user profiles, I hoped it would work for pages as well. But so far no luck, unless I'm missing something obvious.
What you're describing used to work - all last year we were able to successfully post to fan page walls using the app access token. In fact, for some of our users, I see it still working. However, I think the other two answers are correct, this is no longer the way to post to pages (see "Page Login" here)
That said, you should be able to store the access token of the page to spare yourself the step of re-querying the users' linked accounts.
Unfortunately, the page's access token will suffer the same fragility as a user's, per the answer here: Facebook Page Access Tokens - Do these expire? . The page access token will expire when the user who gave you that access token changes their password.
To publish to pages, there is an extra step where you use their token to get a list of their pages. Each page has its own token, use that token to post to the page. Keep in mind that when setting up the original token, you need to specify that you need access to pages.
my app does exactly what you're after.
I request both manage_pages and offline_access permissions from a user.
I store the user's access_token.
I ask the user which page (determined by me/accounts) they want a stream item posted to and when.
Later, when it is time to publish to a page's feed, I grab the user's access_token from the database, the pageid, and the message.
Using that user's access token, I query the me/accounts and grab the latest access token for that account (aka page)
Using that page's access token, I me/feed (or is it me/posts...away from my codebase at the moment) post the stream item.