Facebook - How can i make API calls on behalf of a user? - facebook

Okay.. i got the offline access session key
Can some please tell me how can i update my FB status using the offline access session key i have ?
Looked in the Graph API and PHP SDK but nothing helps

I assume when you say 'offline access session key' you mean the oauth access token.
Take a look at the 'Publishing to Facebook' section here: http://developers.facebook.com/docs/api#publishing
There is even a short example using curl:
curl -F 'access_token=...' \
-F 'body=Hello, Arjun. I like this new API.' \
https://graph.facebook.com/arjun/feed

Related

Facebook API call insufficient privileges

I'm testing Facebook Ad Manager API from commandline curl.
To get the access token, I did this API call:
curl \
-F "client_id=$APP_ID" \
-F "client_secret=$APP_SECRET" \
-F "grant_type=client_credentials" \
https://graph.facebook.com/$API_VERSION/oauth/access_token
It returned successfully.
But then, when making this call to create a new campaign:
curl "https://graph.facebook.com/$API_VERSION/act_$ACCOUNT_ID/campaigns?name=$CAMPAIGN_NAME&objective=VIDEO_VIEWS&status=PAUSED&access_token=$ACCESS_TOKEN"
I always get an error:
(#10) You do not have sufficient permissions to perform this action
I guess that it must be caused because I did not granted the right permissions to the App. It is just a test app and I cannot find how to grant these permissions.
Thankyou very much for your help.
You ask for permissions with the scope parameter. It is a comma separated list of permissions: https://developers.facebook.com/docs/facebook-login/permissions
Permissions for ads are ads_read and ads_management.
HereĀ“s more information about building a manual login flow: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow

Facebook Graph API does not verify appsecret_proof correctly

I have a server application that receives a user access token from the client and generates an appsecret_proof. I would like to make a graph API call in order to verify that the received access token is valid:
curl \
-F 'access_token=<my access token>' \
-F 'appsecret_proof=<my appsecret_proof>' \
https://graph.facebook.com/me
However, when I omit the appsecret_proof field the request is still verified. In both cases the response is:
{"success":true}
If I intentionally pass an invalid appsecre_proof it works as expected:
{"error":{"message":"Invalid appsecret_proof provided in the API argument","type":"GraphMethodException","code":100}}
I have made the neccessary changes in the Advanced settings:
According to the Facebook documentation: "When this is enabled, we will only allow API calls that either include appsecret_proof or are made from the same device the token was issued to."
"Once you've changed that setting, an attacker will not be able to use stolen access tokens without access to your app secret."
What am I missing here?
appsecret_proof is not same as the APP SECRET KEY.
Based on FB documentation, this is how it needs to be obtained:
go to http://www.freeformatter.com/hmac-generator.html#ad-output
in the message area, put the access token
in the secret key, put the APP secret key
Choose SHA256 as the digest algorithm
Generate the HMAC
You can use this generated HMAC as the my appsecret_proof in (for example):-
curl \
-F 'access_token=<my access token>' \
-F 'appsecret_proof=<my appsecret_proof>' \
-F 'batch=[{"method":"GET", "relative_url":"me"},{"method":"GET", "relative_url":"me/friends"}]'
https://graph.facebook.com/me
Omitting the appsecret_proof field might help but in certain regions, FB API demands for it and this is how you need to provide it

How to use basic authentication to create oAuth2 token for github api?

I am working on an iPhone app in which I am using github api.
To access github I am using Oauth with web application flow. Means First It opens login screen then I give username & password.
But now I want to use OAuth with password grant type. It means I want to access directly with providing username & password in request URL, (No separate login screen).
How its possible? Can anybody help me ?
As described on github developer documentation for Non-Web Application Flow you will need to create a new authorization.
Example:
curl https://api.github.com/authorizations \
--user "put_username_here" \
--data '{"scopes":["user"], "client_id":"your_client_id", "client_secret":"your_client_secret}'
This will prompt you for github password and return oAuth token as a response.
For information on how to do HTTP basic authentication on iPhone, check this link.

How to programmatically publish to a facebook feed for a liked webpage?

I'm trying to get this to work: https://developers.facebook.com/blog/post/465/
Step 1: I'm getting an access token:
https://graph.facebook.com/oauth/access_token?type=client_cred&client_id=myAppIdclient_secret=myAppSecret
Step 2: I'm posting via curl
curl -F 'access_token=myAccessToken' -F 'message=Hello World!' -F 'id=http://example.com' https://graph.facebook.com/feed
Where myUrl is say http://example.com
I am getting this error, does not resolve to a valid user ID:
{"error":{"message":"(#100) http:\/\/example does not resolve to a valid user ID","type":"OAuthException","code":100}}
Step 3: If I first post my url to the linter, and get its ID:
https://developers.facebook.com/tools/debug/og/object?q=http%3A%2F%2Fexample.com
https://graph.facebook.com/10150096126766188
curl -F 'access_token=myAccessToken' -F 'message=Hello World!' -F 'id=10150096126766188' https://graph.facebook.com/feed
Then I get 'The user hasn't authorized the application to perform this action' error:
{"error":{"message":"(#200) The user hasn't authorized the application to perform this action","type":"OAuthException","code":200}}
From the Facebook Graph API docs:
Most write operations require extended permissions[1] for the active user.
See the authentication guide[2] for details on how you can request extended
permissions from the user during the authentication step.
1 https://developers.facebook.com/docs/authentication/permissions
2 https://developers.facebook.com/docs/authentication/
Going by the blog post this is done via an app, for this to work the app needs the extended permissions 'publish_actions' and 'publish_stream' in order to make posts/comments/likes/links

daily post to application users wall

i want to post daily note to facebook user profile which using my facebook application via it's own. how can i do it?
Since you didn't provide what language or what you've tried so far, these are quick tips to get you started:
Ask for the publish_stream permission
Then using your SDK or the technology you are using (source):
curl -F 'access_token=...' \
-F 'subject=This is a note' \
-F 'message=Test note.' \
https://graph.facebook.com/PROFILE_ID/notes
No need for the access_token parameter.