We have created a Facebook application that is restricted to US only, using the Graph API location restriction method (https://developers.facebook.com/blog/post/574/).
This application has then been added to a Facebook page. However, it appears that admins of the page are still able to see the application, regardless of their location.
So our question is: would it be possible to disallow access to admins of the page if they are outside of the US?
Just to make sure, is it admins, or just because you are the owner of the app.
I have no experience with the restriction functionality but if the above still proves that page admins can view it, then it looks like page admin's can still view it. But there are some other steps you can apply considering people can easily fake location on Facebook anyway.
IP Location
Download GeoIP (free IP address database) and you can lock people out of your app that way as well.
Graph API
Connect to the graph API with their user Id, manually get their location and block based on that.
Or you can use a combination of all of the above.
This is completely intentional - page admins will always see the tabs on their page - there's no way to hide content on a page from the admins of that page.
Broadly, there should be no way to hide content from users who are responsible for that content
Related
Premise:
After solving the mystery of the permanent token access, I have been able to post on my Readerly.Ink page from my app.
Problem:
My app, however, is supposed to post on multiple pages, depending on the language of the content. Hence, I today created the other pages (Readerly - Italiano, Readerly - English etc) but I cannot see them through the app!
Even if i GET /me/accounts, the original/first Readerly.Ink page is all I see. I also tried: /new-page-id?fields=access_token&access_token=your-user-access-token (as per instructions of the Pages API) - but I get an error! :-(
Question:
How do I add the new pages to the app?
Or do I need to create a different app for each page?
As far as I can tell, I created the new pages exactly as I created the first one (I'm the admin) and I added them all to my business account.
Please advise. Thanks
Or do I need to create a different app for each page?
No, you don't need to do that. An app is still able to manage multiple pages.
It used to be that you just granted an app access to manage all pages you have admin access to. But since that is obviously a bit broad and risky, Facebook has since changed things - users can specify which of their pages they actually want an app to have access to.
You get asked for that on the login dialog, when the permission is initially requested - but that list does not auto-update later to include any pages you created after that happened.
Currently, there does not seem to be any more practical procedure to get the new pages included, than removing the granted permission, and then asking for it again - upon which the user will be asked to chose which of their current set of pages they want to grant access to again.
For a quick fix, you can use Graph API Explorer - use the "get token" functionality, remove the granted manage_pages permission, and then ask for it again.
For a public facing app that has other people manage their own pages, probably such a step should be implemented within the app - remove the permission via API when necessary, then send them through the login flow again. (Might need to use the reauthenticate parameter at this point.)
I want to make an events calendar using Facebook API. I have an array with page URLs I want to scan and take its events. The problem is, I am using an App Access Token and I can't obtain events from pages with restricted age (alcohol pages etc.). Is there any way I can obtain those events?
There is no way to access restricted Pages with an App Token. You have to use a User Token of a User who can access the Page, or a Page Token of that Page. There is no other way, or the restriction would be pointless.
Go to the advanced settings of your applications page on developers.facebook.com. e.g. for me it would be https://developers.facebook.com/apps//settings/advanced/. And set app restrictions for 'references alchohol' to yes, similar for age.
Screenshot of setting attached
I have a client who already has a Facebook page associated with their own website. I finally convinced them to integrate open graph tags into their pages, since when anyone clicked the Facebook Like button on their website, it looked awful on Facebook (since it chose whatever images and content it wanted).
I have admin access to their Facebook page, however, they are using the fb:appid tag instead of fb:admins on their website, so I can't see any of the insights on Facebook.
So I need to be made an admin of their Facebook application as well, in order to see the insights?
I've read dozens of forums and posts about this, including Facebook's own Open Graph documentation and I still don't REALLY understand the difference between fb:admins and fb:appid. As far as I can tell, fb:appid is more for developer/programming access, whereas fb:admins is for those who just want reports and insights for page activity.
In what circumstances would I want to use fb:appid over fb:admins?
EDIT : Let me clarify. I can already view insights for the company's Facebook page. What I want to do, is see the insights for users who have clicked the Like button on the website.
fb:app_id is the most flexible one to use.
It allows anyone who's listed in the app settings as an admin, developer or insights user to see their domain or app insights. This means as people join or leave a company, they update their app in one place, and access to things like insights changes too.
fb:admins is for User IDs, and once they've been associated with a URL or domain, they remain connected with that domain until their removed from the root HTML document.
fb:page_id works in the same way as fb:app_id in that access to insights is controlled by the list of people who are admins of that page.
As app_ids are becoming more and more important as you integrate with the deeper bits of the Facebook platform (use connect, comments etc) I STRONGLY suggest you use fb:app_id, claim your domain using this, and manage access to insights via your app's settings.
We're developing a Canvas app that will have a tab when implemented on the fan page. The Tab will have the like gate. What we want to do, is restrict access based on location. So, Facebook users outside of the US wouldn't see the tab when the go the fan page.
This blog posts speaks to showing users different content based on location (http://developers.facebook.com/blog/post/394), but i don't want them to see the tab at all.
Any thoughts?
To set demographic restrictions (i.e., location, age, etc.) issue an HTTP POST with an app access token to
https://graph.facebook.com/APP_ID?restrictions={“RESTRICTION_TYPE:VALUE”, …}
ie:
https://graph.facebook.com/APP_ID?restrictions={"location":"US"}
Users who do not pass the restrictions will not see the tab.
More information at: Facebook Developer Blog & Graph API: Application.
When an application is accessed as a Tab on a Page (iFrame) Facebook Passes a signed request (http://developers.facebook.com/docs/authentication/signed_request). You would be able to use that data to get the user's location. However, it might need further authentication to get that information.
Please refer to this question for a hack to find the user location through their IP:
Getting user location on Facebook page tab
Anyway, as far as I know, you cannot remove the application all together, you have to show up 'some content' for the users who load the tab. I suggest that if you want to restrict page content to use the country restriction for the entire page. However, it might be impractical for your use case.
Is it possible to access Facebook APIs for logging in a user, or to allow a user to become a fan of a fan page through a third party site, without actually creating an app on facebook?
Why don't you create a fab page directly for users to become fans for that page? And as far as i know, you can not access facebook API without API key.
You can't access the API without creating an application and getting an API key. There are a small number of API queries that will work without the user having added an application or even interacted with it but they generally on retrieve very basic data.
There's certainly no programmable way of making a user a fan of a page without using a fan box widget or having them do it directly through the site. This is because the post_form_id value which Facebook uses for these kinds of interactions is only present on pages served from facebook.com and is never accessible to the developer. To allow otherwise would open up the system to all kinds of exploitation.
I've no idea what problem you're trying to solve anyway. Creating an application API key is no hardship (and it doesn't have to be an active application for session-less queries - just create an app and grab the keys) and the fan box widget can be styled with CSS, as long as you follow the basic rules that Facebook has set out.