How to get the access_token for Facebook with no application - facebook

On the documentation page for Facebook Graph API there are a lot of example links such as https://graph.facebook.com/me/likes?access_token=SOME_AT
Could anyone explain how the access_token for these links are generated?
All I've read in the documentation were about getting access_token only for applications, but on that page everyone could get an access_token without one.

You can use the graph API to get public information. People set privacy settings on facebook, so to prevent social freaks from stalking you, they(fb) created Autorisation.What I believe is that on the documentation, they are generating the access token using the Developers App. You can generate this Access token by making an application and asking a user to Authorise your application to access his data using OAUTH dialogs. Usually people reading at developer.facebook.com have enabled the Developers app so it easily opens your information.
The Graph API as such allows you to
easily access all public information
about an object. For example,
https://graph.facebook.com/btaylor
(Bret Taylor) returns all the public
information about Bret. For example a
user's first name, last name and
profile picture are publicly
available.
To get additional information about a
user, you must first get their
permission. At a high level, you need
to get an access token for the
Facebook user. After you obtain the
access token for the user, you can
perform authorized requests on behalf
of that user by including the access
token in your Graph API requests:

The access_token in these links are generated using your Facebook identity and an application ID (presumable associated to "developers.facebook.com"). If you go to the same page with another Facebook account, you will see different access tokens.

Related

Differentiating between 'personal' facebook API key and 'Business Page' API keys

I am building a website and want to transfer over the data of a business Facebook page (posts) and put it into a 'social wall' so to speak on the website, using the Facebook API. The problem that I am having is that it is copying the data from my own personal Facebook account, rather than the Facebook 'business pages' account. I can't seem to change it!
How can I make the Facebook API differentiate between my 'personal' facebook API key and the 'Business Page' API key, and thereby transfer the data from the business page rather than my personal page?
I assume that what you're trying to do is use FB API to get post from a FB page and then display that into a website. After that, I guess you're planning to allow comments and some kind of interaction from there.
The issue you're facing is likely that when you use the API, you're getting back posts from your personal account instead of the page you want.
If so, the problem is the access token you're using.
To work with FB Graph API, you need an access token for every request, the access token will identify the person making the call.
You can learn more about access tokens here:
https://developers.facebook.com/docs/facebook-login/access-tokens
That said, I think there might be two different issues here:
You're calling me/posts using your user access token. That will get you back your own posts.
You're calling [your_user_name]/posts with a page access token, That will also give you your own posts.
You can see page posts that are public using your own access token and for the rest, you need a page access token.
If you're admin of the page, you can query me/accounts and you'll get the page access token for your page. If not, you'll need to go to business manager and get it from there.
If non of these options are available for you is because you have no access to this FB Page and therefore, you're not allowed to do this.

Public Access Token for Facebook, Permissions

I'm new to the Facebook Graph API!
I want to display the 5 latest news feed items from my public Facebook page. I understand you can do that through https://graph.facebook.com/cocacola/feed/?limit=5, but it requires an access token, however, https://graph.facebook.com/cocacola doesn't.
When these access tokens are generated through Facebook's Graph API Explorer, what permissions are given for the token? Just the information already displayed in the above link?
So would it be safe to use the access token via cURL's PHP? I only need read access. Would it be insecure to display the access token in the source code? I'm confused as to why the latter link doesn't need an access token while the /feed/ does, even though it's a public facebook page.
when you use your app in a website there is a parameter that defines how much access you have from the user, u can set up params like, email, photo_stream, friend_stream, etc. when the user accepts the conditions, the generated AUTH TOKEN has permisions from that scope.

No access token facebook application authentication

I'd like to show my facebook wall posts on my website.
So i don't want to authenticate users with a dialog, to grant them some rights, i just want to show him my wall with comments (no ability to add comment just read only access).
As i know there isn't unexpired tokens now so is it possible to access just my data without requesting token every time it expires?
I'm using asp.net mvc but i think this sultion doesn't depend at platform at all.
You should:
Make your Facebook Posts public
Call the API endpoint: https://graph.facebook.com/{your_id}/feed?access_token={app_access_token} with your user_id and valid application access_token
Show the results on your website.
The App Access Token doesn't expire so you won't have a problem. As long as the posts are public, the API will be able to pick them up. In theory, your posts should be public anyway so anonymous users can see this.
This also gives you the ability to share stuff privately and not have it show up on your website.

When publishing to a user's Timeline (using open graph), can I use the application's access token?

So, Facebook has 2 types of access tokens: Application and User access token.
Is it possible to use the Application access token for open graph?
Facebook has more than two types of access tokens, there are at least 3 since you forgot to mention the Page Access Token.
According to the App Access Token documentation:
Authenticating as an Application allows your application to obtain an
App Access Token. This is useful to make requests to the Graph API to
modify the parameters of your app, create and manage test users, or
read your application's insights for example.
As you can see, it depends what it is you want to ask the fb graph.
If you want for example to get the feed of a public page then an app token will suffice, on the other hand if you want to get the feed of a user then you'll have to use a user token.
When you browser through the Graph API documentation, for every object you get a list of fields and connections, and the 3rd column of the tables is titled as Permissions, in that cell you'll have info of what access token is needed if any.
I.e., if you check out the User object you can see:
id: No access_token required
updated_time: Requires access_token
installed: Requires app access_token
Hope this clarifies things for you.

developers.facebook.com issued access token VS OAuth generated

Interesting problem I'm having right now.
Signing in an App gives a access token looking something like this:
AAACwFsGcSr4BAOGUTwfuZAWuUcwZC0rJ7noZCKMqhBI7ivDCsIGqduGIZCus5PRaS6KuREqxLmhfvZAZAkz5WCpFfANtUpYHgZD
This access token can't access users PUBLIC information, while one issued by Facebook on developers.facebook.com - CAN.
You can easily test this by logging to your facebook and going to this link: http://developers.facebook.com/docs/reference/api/
You'll see that Facebook automatically generates access token on DEMO urls like this one:
https://graph.facebook.com/me/music
?access_token=2227470867|2.AQCvlA_ZaJ2MfRR0.3600.1318266000.0-100001572415177|2FeweU6ZvOQS9OCF5ZBV58_PtPg
If you would change /ME/ to any user which has his MUSIC posted as public, you WILL be able to access that data with Graph API.
Now try to get an access token to your APP and call the same Graph API method with generated access token, the returned data is empty JSON object.
Whats’ the difference between these access tokens? How to obtain access token, that I could get public information using Graph API?
I was thinking that logging in your APP is the highest possible access token and the only higher token is token with specified permissions...
Any guidelines would be great :)
http://developers.facebook.com/docs/reference/api/permissions/
I believe the difference is that you can specify additional permissions in a scope parameter,
so if you wanted to read a user's feed you would have to specify read_stream. I was trying to accomplish this with an access token from a server-side authentication flow in ruby, but the access token only allowed to me to navigate accross a certain portion of graph.facebook.com/user_id/feed? requests. If you get any insights or comes across a solution shoot it my way too, if you can.