I have a Facebook application on my website. This application publish on behalf of the registered user on his time line one post daily or weekly. The users IDs are stored in a database and using cron jobs the publish is occurred. My application uses PHP SDK.
Everything was going fine, till 30 April 2015 the date at which Facebook upgraded their API.
Currently the application's publish action returns this error:
OAuthException: (#200) The user hasn't authorized the application to
perform this action
In addition, during my login in the Facebook and from the same browser (I'm the admin of the app) the application's publish action works fine.
The developer's announcement and suggestions for apps is confusing, and I could not determine whether I have to change my application's source code? Or there is something easier?
Special note: the PHP SDK that I use is one file included as vendor in my website application, which is based on CakePHP 1.3.
Supplemental Edit
This is a screen shot of quickly reply from the Facebook, it has just taken less than 24 hr. to reply from the Facebook. In which detailed answer why they are not grant my app publish permissions. It is supported with screen shots to show my app in action and other demo screen shots about how should it going to be.
Supplemental 2
After the second review try, it becomes clear that Facebook prevented any automated publish on the behalf of the user to his/her timeline. The question here: Is there any other way? such as automated private message to the user?
Yes, if your application started breaking, you'll need to make modifications. What those modifications depend on what triggered that error. Your users will also need to go through a flow to authorize your application (probably for the publish_actions permission, from the sounds of that message).
Note that this permission now requires Facebook review your app, and if you're auto-posting for the user you're probably violating the policy at https://developers.facebook.com/docs/apps/review/prefill.
Incidentally, you should've been receiving emails about this for the last few months. Expect delays with review for the next few weeks as everyone else who didn't upgrade in preparation files tickets/review requests.
Related
I used to get all the network updates of a logged user but now this API is not working and giving the response "Network Access denied".
What do I have to do to access this API again? Or is it totally eliminated from Linkedin REST API?
According to their documentation;
[...] take affect and will be rolled out to the entire LinkedIn application base between May 12th - May 19th, 2015.
[...] Note that users with existing OAuth grants will have to re-authenticate due to the change in requested permissions.
Please take a look at their May Transition FAQ which states a few things;
OAuth 1.0a support is gone
Tokens expire after 60 days (this is unchanged, but thought I'd note it)
The upcoming changes will not affect how any of the APIs work (with one exception noted in point #2 below), only whether you will be able to call them any longer.
And you can find more resources here
My app allows to a signed user to post a custom message on his wall.
The app only works with the account which holds the app and the users marked as testers, but for regular users it seems that the APP can't get publish_actions permission. For tester users when the guy logs in first it asks for regular permissions and the second windows is the message that the app wants to publish on the wall, this second message never happens for regular users.
I've submited my app for review (although the website is not on a public server) and it got rejected for not explaining well how the user use this right. Does the app have to be approved here to work... or is this just for showing up on the facebook searcher and stuff...??
Thanks
In order for permissions to be approved, you must:
Make sure the website or application is accessible to the public (so Facebook can test). The app can be on a private / unpublished page.
Provide detailed instructions and screenshots on how the permission is used. This is so that Facebook can check to see if it complies with the Platform Policies and that the app is not spammy
Make sure your app complies with the Platform Policies before submitting for review.
For the purpose of review, you should make the application available to the public. Once the permission is approved, you can then remove public access to the application.
i developed a sync option for a CRM system with google calendar. the system is installed in a certain domain.
i get a refresh token and access token for each user in the system and store it in the user profile.
it works great.
now a friend of mine wants that deveopment for his CRM system too (in a different URL).
Does that mean i need to open a new project for him too? or can i take refresh tokens and acess tokens extracted using the first project and copy them to the users in the other CRM system?
in short:
1. Do i need to open a new project in the developer Console for every CRM system hosted in different URL?
2. Is there a limitation to the number of projects i can open ( in case i install this CRM system in tens of businesses with different URLs)?
3. i read that i can only get 25 refresh tokens per project, what happens if the CRM system has more than 25 users? didn't find any information... do i pay Google for more? how much?
This is going to end up being more of a clarification then an answer but its to long for a comment.
The point of developer console is to identify YOUR application. Each application should have its own project on developer console. If your friend wants to develop his own application then he should have is own project on developer console.
Copying refresh token
If your friend is using your application then he should could use your project id. Basically if the code is the same you can keep it as the same project. If your friend does take a copy of your program for his use technically speaking you could copy the users refresh tokens, as long as he has them and your client id and client secret they will work.
But I think you may want to consider how wise that is. Users are giving you access to there data, they have not given your friend access to there data. I am not sure if this is against some privacy policy, I will have to check but IMO it should be. You should not be sharing authentication granted to you by a user to someone else.
If it was me even if he was copying your code he should still have his own project and get his own users.
Quota
The main problem with sharing a project is that you will also be sharing the quota. I am not sure what api you are accessing but you are aloud a limited number of requests per day. If you are both using it your both eating away at the quota.
25 refreshtoken
That part of the documentation is a little unclear. Its 25 refresh tokens per user per client. Example: So I could authenticate your application 25 times all 25 refresh tokens will work when I authenticate you again the 26th time the oldest one will then stop working.
Your application can have an unlimited number of users.
my company have about a hundred of facebook app and more than 200 facebook pages.
My job is to get via FQL insights all statistics about applications, pages, and domains.
After many tries it seems my code don't work because my app need to have "manage_pages" permission from all facebook pages administrators, because my apps need to impersonate them.
Even if I can contact directly my administrator they need to authorize all my applications for every page one by one.
So I think I have to write a php page able to automatically get authorization from administrators for all pages under their responsibility.
Please consider, I'm able to have a list of all pages id and app id.
Does anyone please suggest me how automatically let applications to get manage_pages permissions in a straightforward way?
Do you know if there are PHP examples?
Thank you for your time
You could do it by automating curling through the login screen. When you go after an authorization token the user is required to enter credentials via a login screen. If you have user/pass words you can curl through it I suppose. While your getting permissions make sure to get the offline access permission too, so that you receive a persistent token that can be used when the account is not logged in. Good luck.
Edit: The last time I did this, I kept notes on the whole authentication process if you want a copy PM me and I'll email them to you. They are step-by-step getting authorization tokens to write to a fan page.
Use the JS SDK to login the admins into your app, with the offline_access and read_insights permission.
The read_insights permission will allow you to access the insights for each page and application.
The offline_access will give you a permanent access_token that you can use to update the insights without having to wait for the admins of the pages and apps to log-in again.
Store the insights in a database, so you can keep the insights in memory without having to query the APIs all the time (it's time consumming)
It's basically what Social-Insights is doing (http://insights.social-insights.net/) and it's workign pretty good.
A site I manage uses the my_twitter.php class simply to receive tweets from one certain account. As of a few hours ago this has stopped working, it displays a wrong username / password message while the credentials are correct.
On various websites I am reading about API problems but I'm not sure if the my_twitter class needs to be replaced with another one that uses OAuth, or will the problems be resolved and my_twitter start working again? That class is still listed as an official library by Twitter.
EDIT: turns out I do not need OAuth to just receive the latest tweet. http://dev.twitter.com/doc/get/users/show This link explains things well
This is from an email I received from Twitter this morning, titled 'Update: Twitter Apps and You':
Update 1: New authorization rules for
applications
Starting August 31, all applications
will be required to use “OAuth” to
access your Twitter account.
What's OAuth?
OAuth is a technology that enables
applications to access Twitter on your
behalf with your approval without
asking you directly for your password.
Desktop and mobile applications may
still ask for your password once, but
after that request, they are required
to use OAuth in order to access your
timeline or allow you to tweet.What
does this mean for me?
Applications are no longer allowed to
store your password.If you change
your password, the applications will
continue to work.Some applications
you have been using may require you to
reauthorize them or may stop
functioning at the time of this
change.All applications you have
authorized will be listed at
http://twitter.com/settings/connections.
You can revoke access to any
application at any time from the list.application at any time from the list.
So it does look like you need to find another library, that uses OAuth.
Quote from twitter received email:
Some applications you have been using
may require you to reauthorize them or
may stop functioning at the time of
this change.