When I try to get a page_access token with 'manage_pages' permission, i get following warning
The following permissions have not been approved for use: manage_pages. If you make your app public, they will not be shown to people using your app. Submit them for review or learn more.
I am the admin of this facebook page.
Trying to retrieve My Fanpage's reviews in my website, through php sdk v4.
From v2.0 onwards, the permissions other than public_profile, email and the user_friends need to the submitted for review before you can make your app live; else you wont be able to use them. Only the testers/admin/developers of the app will be able to test with those permissions until the permissions are reviewed.
If you want to skip the review process, you can keep your app in the dev mode and use the page access token that will never expire. To generate such token , see the steps mentioned here.
Related
I'm trying to update my code to work with the FB Graph 3.0.
The login flow works fine, and I request my permissions and the user grants them. The later bit of PHP code that uses the PHP SDK is meant to post to the user's timeline.
$r = $this->facebook->get('/me/permissions');
$result = $this->facebook->post('/me/feed/', $fbpost);
If I examine $r, I can see that I have the permissions required:
manage_pages: granted
publish_pages: granted
public profile: granted
pages_show_list: granted
Yet when it makes the actual request, it fails with an error: (#200) Requires either publish_actions permission, or manage_pages and publish_pages as an admin with sufficient administrative permission
When I attempt to add the publish_actions grant to my login (using the javascript library) I get an error that it's invalid: Invalid Scopes: publish_actions. despite FB's own documentation showing this exact scope in several example.
Can anyone point out what I'm doing wrong?
EDIT: I'm not all that concerned with the publish_actions scope having changed, though I understand that may be a new change that isn't in the docs-- but I do have the manage_pages and publish_pages permissions, yet I still can't post to my timeline, and the error code seems to say that those permissions are not set.
As explained in the FB v3.0 API /me/feed endpoint documentation you need the user_posts permission (which isn't listed in your granted permissions) to read and publish on this endpoint. Publish_x permissions are only related to pages and group, not personnal feed.
Also check the board of your FB App if there are no review alerts, with the recent changes in legislation (GDPR ...) and Facebook issues (Cambridge Analytica etc...) a lot of changes has been made in the API.
I'm not a FB API expert, however, Twitter recently removed the ability to post automatically to FB-- my assumption is that this automated posting to a user's timeline is no longer possible in the latest FB graph API. At least, it takes a lot more hoops to jump through than a 3rd party developer can expect a non-technical customer to handle.
https://help.twitter.com/en/managing-your-account/link-twitter-to-facebook
I'm trying to build a dashboard using Google Analytics Reporting API, in order to create reports for my company's clients.
The problem is that I need to create reports using a cronjob, but this requires an authentication. I tried the following approaches :
1. Using the API for web applications :
I managed to make this work, but the OAuth2 process forces me to authenticate into Google by redirecting me to the Google login page. Once logged in, the token is created and my report is generated. But I couldn't find a way to authenticate automatically without a user intervention (i.e. filling the Google login form)
2. Using the API for service accounts :
With this solution, I am able to create reports without manually logging into Google, which is awesome. But this method requires me to add the service account to the Google Analytics account, by adding the newly created user XXXXXXXX#PROJECT-ID.iam.gserviceaccount.com to each of the Google Analytics view I wish to access. I can't do that, as some of the views I'm trying to access are managed by my company's clients and I can't ask each of them to add yet another Analytics user.
I need to be able to access the Analytics views using the user e-mail already configured. I tried to add this address as the owner of my service account in the Service Accounts Manager, but no luck (see screenshots hereafter).
Is there any way I can either use the API for web applications with a static token (i.e. without having to manually log into Google), or use the API for service accounts without having to add the Google-created user in each of my Analytics views ?
I'm at a loss here, so any advice will help.
Due to the fact that you don't have control of all of the accounts as you said you wont be able to use a service account.
There for you will have to use Oauth2. Someone will have to authenticate your application the first time. Once access has been granted the first time you will be given an access token to access the API and a refresh token. If you store this refresh token you will then be able to request a new access token from your cron job when ever you like in order to run your reports.
The trick is saving the refresh token associated with each users account. Your clients will have to authenticate the application to grant you access. You store the refresh token. The refresh token shouldn't expire (there are a few reasons why one might) you will be able to gain access when ever needed.
Note: You can also place the service account email at the account level will give you access to everything. But this wont help you with clients you don't have access to.
Update:
Refresh tokens will not expire except under:
A refresh token not used for 6 months will also expire.
users can go to App settings on there google account and revoke your access at anytime.
A user can re-authenticate your application (same client id) 26 times giving you 26 different refresh tokens, after number 26 the first refresh token will expire. You can only have 26 working refresh tokens for a single user. Make sure you always save the newest refresh token.
As far as I know, the intended method for cron jobs is to use API for service accounts, just as you have described. However, it seems to be an expected and appropriate behavior, that you cannot access a random view just by providing its ID with your service account, without prior authorization from the owner of the view. Without this settings, Analytics will not know about your relationship to your client, and therefore refuse access to data.
I'm not sure, if it is supported, but you could try to add your service account on property or Analytics account level, so that all connected views inherit this setting.
How to I revoke the access token? I unset and destroy the session, which works fine to remove the data, but when I log in again, I'd like to be able to log in with a different Facebook account (it automatically logs me in to the account I had previously logged in with).
I've read over the docs but clearly I am missing something. Can anyone help me out on this?
You have 2 options:
Log into to your Facebook account and in your settings find a list of authorized apps. Then delete the app's access to your account. This should disable futher autologins.
Do it through REST API. You need to send DELETE to PROFILE-ID/permissions as it is described in the docs.
Note: You can also use me instead of your id:
# Revoke access of currently logged in user
DELETE /me/permissions
# Or if you want to revoke access for a specific user
DELETE /{user-id}/permissions
my company have about a hundred of facebook app and more than 200 facebook pages.
My job is to get via FQL insights all statistics about applications, pages, and domains.
After many tries it seems my code don't work because my app need to have "manage_pages" permission from all facebook pages administrators, because my apps need to impersonate them.
Even if I can contact directly my administrator they need to authorize all my applications for every page one by one.
So I think I have to write a php page able to automatically get authorization from administrators for all pages under their responsibility.
Please consider, I'm able to have a list of all pages id and app id.
Does anyone please suggest me how automatically let applications to get manage_pages permissions in a straightforward way?
Do you know if there are PHP examples?
Thank you for your time
You could do it by automating curling through the login screen. When you go after an authorization token the user is required to enter credentials via a login screen. If you have user/pass words you can curl through it I suppose. While your getting permissions make sure to get the offline access permission too, so that you receive a persistent token that can be used when the account is not logged in. Good luck.
Edit: The last time I did this, I kept notes on the whole authentication process if you want a copy PM me and I'll email them to you. They are step-by-step getting authorization tokens to write to a fan page.
Use the JS SDK to login the admins into your app, with the offline_access and read_insights permission.
The read_insights permission will allow you to access the insights for each page and application.
The offline_access will give you a permanent access_token that you can use to update the insights without having to wait for the admins of the pages and apps to log-in again.
Store the insights in a database, so you can keep the insights in memory without having to query the APIs all the time (it's time consumming)
It's basically what Social-Insights is doing (http://insights.social-insights.net/) and it's workign pretty good.
I'm currently working on adding Facebook integration into a website of mine via the PHP SDK. I'm requesting and planning to use the offline_access permission so I'm storing the access_token in a database. However, I'm giving the user the option to remove the integration with Facebook after they add it and therefore then removing this access_token from the database. This is where the issue comes in:
The first time they add the integration, my app redirects to Facebook correctly and asks for the permissions, etc. Then, however, if they remove the integration and then re-add it, it doesn't ask for the permissions again (which makes sense since those permissions are still technically given to my app on that user's profile unless they went into Facebook and manually deleted them).
My question is if theres a way to tell Facebook to remove my app and its permissions from that user's Facebook profile so that if they go to re-add the integration, they are once again prompted to accept the permissions.
Perhaps something like $facebook->expireAllAppPermissions() I guess.
You can issue an HTTP DELETE request to /PROFILE_ID/permissions to revoke authorization for an app.
this is because you are just deleting access token from your data base , it will not remove your app from user profile. user is still authenticated with your app. he has to remove the app manually.