I'm trying to update some old PHP code which is supposed to get the name, likes and a link to the given Facebook page. This is the current old code:
$fbsite1 = json_decode(file_get_contents('http://graph.facebook.com/page1'));
$fbsite2 = json_decode(file_get_contents('http://graph.facebook.com/page2'));
$fbsite3 = json_decode(file_get_contents('https://graph.facebook.com/page3'));
for($j=1; $j<=3; $j++){
$data[] = array(
'name' => ${'fbsite'.$j}->name,
'likes' => ${'fbsite'.$j}->likes,
'link' => ${'fbsite'.$j}->link
);
}
The problem is that this method requires an access token, which I'm not quite sure how to get. I've looked at the Facebook API reference, but there seems to be a few different access tokens (different permission etc.). Which one do I need to accomplish this? How do I get it?
If the pages are public, then you only need an app access token.
So create an app in the FB dev section (if you have not done so already), and then include your app access token in those request URLs:
http://graph.facebook.com/page1?access_token=…
FYI, you should consider requesting all that data in one go, instead of making multiple API requests. You can do that using this syntax (for up to 50 ids in one request),
http://graph.facebook.com/?ids=page1,page2,page3&access_token=…
And you will have to explicitly ask for the name, link and likes fields now (otherwise you will get name and id only):
http://graph.facebook.com/?ids=page1,page2,page3&fields=name,likes,link&access_token=…
I work on a project that has Facebook pages as one of its data sources. It imports some data from it periodically with no GUI involved. Then we use a web app to show the data we already have.
Not all the information is public. This means I have to get access to the data once and then keep it. However, I don't know the process and I haven't found a good tutorial on that yet. I guess I need an access_token, how can I get it from the user, step by step? The user is an admin of a facebook page, will he have to add some FB app of ours to the page?
EDIT: Thanks #phwd for the tip. I made a tutorial how to get a permanent page access token, even with offline_access no longer existing.
EDIT: I just found out it's answered here: Long-lasting FB access-token for server to pull FB page info
Following the instructions laid out in Facebook's extending page tokens documentation I was able to get a page access token that does not expire.
I suggest using the Graph API Explorer for all of these steps except where otherwise stated.
0. Create Facebook App
If you already have an app, skip to step 1.
Go to My Apps.
Click "+ Add a New App".
Setup a website app.
You don't need to change its permissions or anything. You just need an app that wont go away before you're done with your access token.
1. Get User Short-Lived Access Token
Go to the Graph API Explorer.
Select the application you want to get the access token for (in the "Application" drop-down menu, not the "My Apps" menu).
Click "Get Token" > "Get User Access Token".
In the pop-up, under the "Extended Permissions" tab, check "manage_pages".
Click "Get Access Token".
Grant access from a Facebook account that has access to manage the target page. Note that if this user loses access the final, never-expiring access token will likely stop working.
The token that appears in the "Access Token" field is your short-lived access token.
2. Generate Long-Lived Access Token
Following these instructions from the Facebook docs, make a GET request to
https://graph.facebook.com/v2.10/oauth/access_token?grant_type=fb_exchange_token&client_id={app_id}&client_secret={app_secret}&fb_exchange_token={short_lived_token}
entering in your app's ID and secret and the short-lived token generated in the previous step.
You cannot use the Graph API Explorer. For some reason it gets stuck on this request. I think it's because the response isn't JSON, but a query string. Since it's a GET request, you can just go to the URL in your browser.
The response should look like this:
{"access_token":"ABC123","token_type":"bearer","expires_in":5183791}
"ABC123" will be your long-lived access token. You can put it into the Access Token Debugger to verify. Under "Expires" it should have something like "2 months".
3. Get User ID
Using the long-lived access token, make a GET request to
https://graph.facebook.com/v2.10/me?access_token={long_lived_access_token}
The id field is your account ID. You'll need it for the next step.
4. Get Permanent Page Access Token
Make a GET request to
https://graph.facebook.com/v2.10/{account_id}/accounts?access_token={long_lived_access_token}
The JSON response should have a data field under which is an array of items the user has access to. Find the item for the page you want the permanent access token from. The access_token field should have your permanent access token. Copy it and test it in the Access Token Debugger. Under "Expires" it should say "Never".
Here's my solution using only Graph API Explorer & Access Token Debugger:
Graph API Explorer:
Select your App from the top right dropdown menu
Select "Get User Access Token" from dropdown (right of access token field) and select needed permissions
Copy user access token
Access Token Debugger:
Paste copied token and press "Debug"
Press "Extend Access Token" and copy the generated long-lived user access token
Graph API Explorer:
Paste copied token into the "Access Token" field
Make a GET request with "PAGE_ID?fields=access_token"
Find the permanent page access token in the response (node "access_token")
(Optional) Access Token Debugger:
Paste the permanent token and press "Debug"
"Expires" should be "Never"
(Tested with API Version 2.9-2.11, 3.0-3.1)
In addition to the recommended steps in the Vlasec answer, you can use:
Graph API explorer to make the queries, e.g. /{pageId}?fields=access_token&access_token=THE_ACCESS_TOKEN_PROVIDED_BY_GRAPH_EXPLORER
Access Token Debugger to get information about the access token.
Another PHP answer to make lives easier. Updated for Facebook Graph API 2.9 . Just fill 'er up and load.
<?php
$args=[
/*-- Permanent access token generator for Facebook Graph API version 2.9 --*/
//Instructions: Fill Input Area below and then run this php file
/*-- INPUT AREA START --*/
'usertoken'=>'',
'appid'=>'',
'appsecret'=>'',
'pageid'=>''
/*-- INPUT AREA END --*/
];
echo 'Permanent access token is: <input type="text" value="'.generate_token($args).'"></input>';
function generate_token($args){
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.9/oauth/access_token?grant_type=fb_exchange_token&client_id={$args['appid']}&client_secret={$args['appsecret']}&fb_exchange_token={$args['usertoken']}")); // get long-lived token
$longtoken=$r->access_token;
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.9/me?access_token={$longtoken}")); // get user id
$userid=$r->id;
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.9/{$userid}?fields=access_token&access_token={$longtoken}")); // get permanent token
if($r->id==$args['pageid']) $finaltoken=$r->access_token;
return $finaltoken;
}
?>
Addendum: (alternative)
Graph 2.9 onwards , you can skip much of the hassle of getting a long access token by simply clicking Extend Access Token at the bottom of the Access Token Debugger tool, after having debugged a short access token. Armed with information about pageid and longlivedtoken, run the php below to get permanent access token.
<?php
$args=[
/*-- Permanent access token generator for Facebook Graph API version 2.9 --*/
//Instructions: Fill Input Area below and then run this php file
/*-- INPUT AREA START --*/
'longlivedtoken'=>'',
'pageid'=>''
/*-- INPUT AREA END --*/
];
echo 'Permanent access token is: <input type="text" value="'.generate_token($args).'"></input>';
function generate_token($args){
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.9/{$args['pageid']}?fields=access_token&access_token={$args['longlivedtoken']}"));
return $r->access_token;
}
?>
Although the second code saves you a lot of hassle, I recommend running the first php code unless you are in a lot of hurry because it cross-checks pageid and userid. The second code will not end up working if you choose user token by mistake.
Thanks to dw1 and Rob
I made a PHP script to make it easier. Create an app. In the Graph API Explorer select your App and get a user token with manage_pages and publish_pages permission. Find your page's ID at the bottom of its About page. Fill in the config vars and run the script.
<?php
$args=[
'usertoken'=>'',
'appid'=>'',
'appsecret'=>'',
'pageid'=>''
];
echo generate_token($args);
function generate_token($args){
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.8/oauth/access_token?grant_type=fb_exchange_token&client_id={$args['appid']}&client_secret={$args['appsecret']}&fb_exchange_token={$args['usertoken']}")); // get long-lived token
$longtoken=$r->access_token;
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.8/me?access_token={$longtoken}")); // get user id
$userid=$r->id;
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.8/{$userid}/accounts?access_token={$longtoken}")); // get permanent token
foreach($r->data as $d) if($d->id==$args['pageid']) return $d->access_token;
}
I tried these steps:
https://developers.facebook.com/docs/marketing-api/access#graph-api-explorer
Get Permanent Page Access Token
Go to Graph API Explorer
Select your app in Application
Paste the long-lived access token into Access Token
Next to Access Token, choose the page you want an access token for. The access token appears as a new string.
Click i to see the properties of this access token
Click “Open in Access Token Tool” button again to open the “Access Token Debugger” tool to check the properties
One Tip, it only worked for me when the page language is english.
As all the earlier answers are old, and due to ever changing policies from facebook other mentioned answers might not work for permanent tokens.
After lot of debugging ,I am able to get the never expires token using following steps:
Graph API Explorer:
Open graph api explorer and select the page for which you want to obtain the access token in the right-hand drop-down box, click on the Send button and copy the resulting access_token, which will be a short-lived token
Copy that token and paste it in access token debugger and press debug button, in the bottom of the page click on extend token link, which will extend your token expiry to two months.
Copy that extended token and paste it in the below url with your pageId, and hit in the browser url
https://graph.facebook.com/{page_id}?fields=access_token&access_token={long_lived_token}
U can check that token in access token debugger tool and verify Expires field , which will show never.
Thats it
Most of the answers above now doesn't give permanent token, they only extend it to 2 months. Here's how I got it:
From Graph Explorer tool, select the relevant permissions and get the short lived page access token.
Go to debugger tool and paste your access token. Then, click on 'Extend Token' button at the bottom of the page.
Copy the the extended token and use it in this API:
https://graph.facebook.com/v2.10/me?fields=access_token&access_token=<extended_access_token>
This should return you the permanent access token. You can verify it in debugger tool, the expires at field should say 'Never'.
If you are requesting only page data, then you can use a page access token. You will only have to authorize the user once to get the user access token; extend it to two months validity then request the token for the page. This is all explained in Scenario 5. Note, that the acquired page access token is only valid for as long as the user access token is valid.
While getting the permanent access token I followed above 5 steps as Donut mentioned. However in the 5th step while generating permanent access token its returning the long lived access token(Which is valid for 2 months) not permanent access token(which never expires). what I noticed is the current version of Graph API is V2.5. If you trying to get the permanent access token with V2.5 its giving long lived access token.Try to make API call with V2.2(if you are not able to change version in the graph api explorer,hit the API call https://graph.facebook.com/v2.2/{account_id}/accounts?access_token={long_lived_access_token} in the new tab with V2.2) then you will get the permanent access token(Which never expires)
In addition to mentioned methods it is worth mentioning that for server-to-server applications, you can also use this form of permanent access token:
app_id|app_secret
This type of access token is called App Token. It can generally be used to call Graph API and query for public nodes within your application back-end.
It is mentioned here: https://developers.facebook.com/docs/facebook-login/access-tokens
If you have facebook's app, then you can try with app-id & app-secret.
Like :
access_token={your-app_id}|{your-app_secret}
it will don't require to change the token frequently.
Thanks to #donut I managed to get the never expiring access token in JavaScript.
// Initialize exchange
fetch('https://graph.facebook.com/v3.2/oauth/access_token?grant_type=fb_exchange_token&client_id={client_id}&client_secret={client_secret}&fb_exchange_token={short_lived_token}')
.then((data) => {
return data.json();
})
.then((json) => {
// Get the user data
fetch(`https://graph.facebook.com/v3.2/me?access_token=${json.access_token}`)
.then((data) => {
return data.json();
})
.then((userData) => {
// Get the page token
fetch(`https://graph.facebook.com/v3.2/${userData.id}/accounts?access_token=${json.access_token}`)
.then((data) => {
return data.json();
})
.then((pageToken) => {
// Save the access token somewhere
// You'll need it at later point
})
.catch((err) => console.error(err))
})
.catch((err) => console.error(err))
})
.catch((err) => {
console.error(err);
})
and then I used the saved access token like this
fetch('https://graph.facebook.com/v3.2/{page_id}?fields=fan_count&access_token={token_from_the_data_array}')
.then((data) => {
return data.json();
})
.then((json) => {
// Do stuff
})
.catch((err) => console.error(err))
I hope that someone can trim this code because it's kinda messy but it was the only way I could think of.
Application request limit reached (#4) - FB API v2.1 and greater
This answer led me to the "ultimate answer for us" and so it is very much related so I am appending it here. While it's related to the above it is different and it seems FB has simplified the process some.
Our sharing counts on our site stopped worked when FB rolled over the api to v 2.1. In our case we already had a FB APP and we were NOT using the FB login. So what we needed to do was get a FB APP Token to make the new requests. This is as of Aug. 23 2016.
Go to: https://developers.facebook.com/tools/explorer
Select the api version and then use GET and paste the following:
/oauth/access_token?client_id={app-id}&client_secret={app-secret}&grant_type=client_credentials
You will want to go grab your app id and your app secret from your app page. Main FB Apps developer page
Run the graph query and you will see:
{
"access_token": "app-id|app-token",
"token_type": "bearer"
}
Where "app-id" and "app-token" will be your app id from your FB app page and the generated FB App HASH you just received.
Next go test your new APP access token: FB Access Token tester
You should see, by pasting the "app-token" into the token tester, a single app based token without an expiration date/time.
In our case we are using the FB js sdk so we changed our call to be like so (please note this ONLY gets the share count and not the share and comment count combined like it used to be):
FB.api(
'/','GET',{
// this is our FB app token for our FB app
access_token: FBAppToken,
"id":"{$shareUrl}","fields":"id,og_object{ engagement }"
}
This is now working properly. This took a lot of searching and an official bug report with FB to confirm that we have to start making tokenized requests to the FB api. As an aside I did request that they (FB) add a clue to the Error code (#4) that mentions the tokenized request.
I just got another report from one of our devs that our FB comment count is broken as well due to the new need for tokenized requests so I will update this accordingly.
Many of these examples do not work, not sure if it's because of 2.9v coming out but I was banging my head. Anyways I took #dw1 version and modified it a little with the help of #KFunk video and got this working for me for 2.9. Hope this helps.
$args=[
/*-- Permanent access token generator for Facebook Graph API version 2.9 --*/
//Instructions: Fill Input Area below and then run this php file
/*-- INPUT AREA START --*/
'usertoken'=>'',
'appid'=>'',
'appsecret'=>'',
'pageid'=>''
/*-- INPUT AREA END --*/
];
echo 'Permanent access token is: <input type="text" value="'.generate_token($args).'"></input>';
function generate_token($args){
$r = json_decode(file_get_contents("https://graph.facebook.com/v2.9/oauth/access_token?grant_type=fb_exchange_token&client_id={$args['appid']}&client_secret={$args['appsecret']}&fb_exchange_token={$args['usertoken']}")); // get long-lived token
$longtoken=$r->access_token;
$r=json_decode(file_get_contents("https://graph.facebook.com/{$args['pageid']}?fields=access_token&access_token={$longtoken}")); // get user id
$finaltoken=$r->access_token;
return $finaltoken;
}
As of April 2020, my previously-permanent page tokens started expiring sometime between 1 and 12 hours. I started using user tokens with the manage_pages permission to achieve the previous goal (polling a Page's Events). Those tokens appear to be permanent.
I created a python script based on info found in this post, hosted at github.com/k-funk/facebook_permanent_token, to keep track of what params are required, and which methods of obtaining a permanent token are working.
I created a small NodeJS script based on donut's answer. Store the following in a file called get-facebook-access-token.js:
const fetch = require('node-fetch');
const open = require('open');
const api_version = 'v9.0';
const app_id = '';
const app_secret = '';
const short_lived_token = '';
const page_name = '';
const getPermanentAccessToken = async () => {
try {
const long_lived_access_token = await getLongLivedAccessToken();
const account_id = await getAccountId(long_lived_access_token);
const permanent_page_access_token = await getPermanentPageAccessToken(
long_lived_access_token,
account_id
);
checkExpiration(permanent_page_access_token);
} catch (reason) {
console.error(reason);
}
};
const getLongLivedAccessToken = async () => {
const response = await fetch(
`https://graph.facebook.com/${api_version}/oauth/access_token?grant_type=fb_exchange_token&client_id=${app_id}&client_secret=${app_secret}&fb_exchange_token=${short_lived_token}`
);
const body = await response.json();
return body.access_token;
};
const getAccountId = async (long_lived_access_token) => {
const response = await fetch(
`https://graph.facebook.com/${api_version}/me?access_token=${long_lived_access_token}`
);
const body = await response.json();
return body.id;
};
const getPermanentPageAccessToken = async (
long_lived_access_token,
account_id
) => {
const response = await fetch(
`https://graph.facebook.com/${api_version}/${account_id}/accounts?access_token=${long_lived_access_token}`
);
const body = await response.json();
const page_item = body.data.find(item => item.name === page_name);
return page_item.access_token;
};
const checkExpiration = (access_token) => {
open(`https://developers.facebook.com/tools/debug/accesstoken/?access_token=${access_token}&version=${api_version}`);
}
getPermanentAccessToken();
Fill in the constants and then run:
npm install node-fetch
npm install open
node get-facebook-access-token.js
After running the script a page is opened in the browser that shows the token and how long it is valid.
I found this answer which refers to this tool which really helped a lot.
I hope this answer is still valid when you read this.
I am trying to figure out how to get the tab ID of the current tab of a Facebook Page the user is visiting.
I have made an app for installation on Facebook Pages, that I need to save settings for, per instance. I have figured out that you can get an array of tabs for the page the app is installed on, but I can't figure out how to get the tab ID for the actual tab you're on.
The point is for an admin to be able to save settings for each tab that they've added the app to, using a single backend. I'm not sure if you can have multiple instances of one app on the same page, but if not, we'd have 2-3 duplicate apps with the same backend in the iframe. Because of that, I need to be able to identify app installations as unique - the best way I can figure out is through using the page id and tab id, for the app.
How do I do that?
UPDATE: Found out that you can only have one instance per app on a page.
With that, I went with using this solution (with '/tabs/' to get the tab info):
try {
$tab = $facebook->api('/'.$fb_page_id.'/tabs/'.$fb_app_id);
$fb_tab_link = $tab['data'][0]['link'];
} catch (FacebookApiException $e) {
echo '<!-- '.htmlspecialchars(print_r($e, true)).' -->';
}
In the above code, $fb_tab_link or a combination of $fb_page_id and $fb_app_id can be used as unique identifier. I decided to use the concatenation $fb_page_id . '-' . $fb_app_id as the instance ID.
After some research, I found the call to get the tab information via the API.
try {
$tab = $facebook->api('/'.$fb_page_id.'/tabs/'.$fb_app_id);
$fb_tab_link = $tab['data'][0]['link'];
} catch (FacebookApiException $e) {
echo '<!-- '.htmlspecialchars(print_r($e, true)).' -->';
}
Apparently, the tab ID is the combination of Page ID and App ID, which means that you cannot install the same app to more than one tab on a page.
I hope this can be helpful to someone who needs to find the unique ID for a tab on a Facebook Page.
In facebook api, when you want to change the tabname, you need to pass the tab id. see the example below.
To change your tab name using Javascript SDK.
your application tab_id will be app_[AppId].
FB.api([PageId]/tabs/[tab_id]', 'post',
{access_token: [page access token], custom_name:[custom tab name]},
function(response){
if(respose == true)
console.info("Successfully done");
}
);
Ok Calle thanks for the confirmation!
I was trying to figure out this too... and it makes sense... That's why when you create a tab programmatically for a page the only parameters are app_id & access_token.
If you try to create an app tab twice on the same page you'll get "true" which in my opinion means that you overwrite last tab you have created.
Facebook adds a signed_request parameter to the request URL of your app. You can decode this parameter to obtain the page ID, among other useful information:
http://developers.facebook.com/docs/authentication/signed_request/
I was wondering if it is possible to change your site url or canvas url using the graph api. I have admin rights to my application and I can change it via the gui but I would prefer to be changing it via a curl.
Thanks
Here is example:
$properties = array(
"callback_url" => '',
"installable" => 1,
"profile_tab_url" => "",
"tab_default_name" => "",
'tos_url' => '',
'privacy_url' => ''
);
$facebook = new Facebook(array('appId'=>'YOUR_APP_ID','secret' = > '..', ...));
$facebook->api(array(
'method'=>'admin_setAppProperties',
'properties'=>json_encode($properties))
);
Here is a list of the properties you can set: http://developers.facebook.com/docs/appproperties/
There is also admin.getAppProperties more info you can find here: http://developers.facebook.com/docs/reference/rest/admin.getAppProperties/
Using Facebook SDK
You need to use the old REST method admin.SetAppProperties
https://developers.facebook.com/docs/reference/rest/admin.setAppProperties/
At the moment FB has not yet moved that method yet to the OpenGraph but you can still call REST methods via the Graph API (As shown in the console in the page above).
Even then you cannot change the secure_canvas and secure_tab url setting. FB is apparently working on make those settings as part of the API as far as I heard.
You can now change app properties via Graph API. You can make POST request, using the application id in the path, and use the app access token as the access token, and pass in key/value pairs as POST variables for properties you'd like to modify.
https://developers.facebook.com/docs/reference/api/application/ has a list of the application properties that you can modify with the Graph API.
how can i show or display information only if the user is fan or likes my page? there are several pages that do that to catch more fans. thanks!
edit:
like the victorias secret page with this box
http://www.facebook.com/victoriassecret?v=app_117241824971601&ref=ts
My answer applies if you use an iFrame for your tab/canvas. First, you need to ask for permissions (just need basic info from user). Then, make a call to the Javascript API, like so:
FB.api('me/likes', function(response) {
});
This gives a JSON object of everything the user has liked. So, you have to loop through the response and try to find your page. If you are successful in finding it, display the awesome content!
Hope this helps!
Edit: Looking back, my answer was way off. This information is actually contained in the signed_request given by Facebook.
If you mean Facebook Page, use functions from Facebook API: Signed Request
$signed = parse_signed_request($_REQUEST['signed_request'], YOUR_APP_SECRET_KEY);
$signed = Array (
[algorithm] => HMAC-SHA256
[expires] => 13..
[issued_at] => 13..
[oauth_token] => ...
[page] => Array (
[id] => 29...
[liked] => 1
[admin] =>
)
[user] => Array ( [country] => cz [locale] => en_US [age] => Array ( [min] => 21 ) )
[user_id] => ..
)
If current user like your Facebook tab page, you find out from $signed['page']['liked']
If you're using the php sdk, you can use a call to the facebook object api and then determine if they have the like you want them to have.
$path = 'me/likes';
$likes = $facebook->api($path);
More info here
This is a privacy and security setting. Facebook Privacy FAQ
Page Tabs gets Signed Request that contain "liked" field
http://developers.facebook.com/docs/authentication/signed_request/
FQL isFan
http://developers.facebook.com/docs/reference/fql/page_fan/
Old REST API isFan
http://developers.facebook.com/docs/reference/rest/pages.isFan/
Legacy FBML isFan
http://developers.facebook.com/docs/reference/fbml/visible-to-connection/
There doesn't have to be any code involved. Just create a landing page (you could create a jpeg photo and link to the photo) and set that as the default landing page in your page settings. For users who are fans they go directly to the wall posts. All other people (non-fans) go to your specified landing page.
By the way, you realize that people can still access your content by just clicking on one of the tabs, correct? Even the Victoria Secrets example allows you to click on the "wall" tab, for example, and see the content.
A lot of people just like the page because it's the default landing page and they "think" they have to like the page first. It's more social psychology than anything else.
Google for Facewall Script, that should do what you want. But keep in mind to offer an option for users that not have Facebook Account.