According to the instruction given here searching public information (as https://graph.facebook.com/search?q=QUERY&type=OBJECT_TYPE) needs to have a valid access token. As I know access token is when a user authorized an apps to access his information; but this is searing the public information. How to get an apps access token to search public information?
In that page, facebook automatically add my access token to the link as
https://graph.facebook.com/search?q=watermelon&type=post&access_token=MY_ACCESS_TOKEN
I created an access token by my apps as https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=SECRET_ID&grant_type=client_credentials
When I use the generated access token in url https://graph.facebook.com/search?q=watermelon&type=post&access_token=GENERATED_ACCESS_TOKEN, it gives an error
{
"error": {
"message": "A user access token is required to request this resource.",
"type": "OAuthException"
}
}
How can I generate access token by my apps?
Or do I need to generate access token by own user account? if yes, how?
Since it is searching public profile, facebook should not need authorization on every search, can I generate a permanent access token to perform different searches?
The Graph API Search interface has changes pending with the Q3 2013 migration.
The following change will go into effect on July 10, 2013:
Graph API search changes
App access tokens will be required for all search Graph API calls except Places and Pages. Search for application will no longer be supported.
https://developers.facebook.com/blog/post/2013/04/03/platform-updates--operation-developer-love/
For searching the facebook graph API using
http://graph.facebook.com/search?q=watermelon&type=post
you need a valid user access token. A user access token is different from App Access token. A user access token is created when a user authenticates your app with different access permissions which is generally close to 212 letters long.
A changes was made in the graph API in July,2013 whereby you will need to have a valid user access token to search for users and posts. The user access token could be generated by you yourself authenticating your app and generating an user access token for your app.
But the question remains, How should we generate a user app token for our apps without making other users to authenticate our apps?
The access token you are requesting looks like an 'application' access token. This token differs from a 'user' or 'page' access token and is used for different things.
https://developers.facebook.com/docs/howtos/login/login-as-app/
This can be used to modify the parameters of your App, create and
manage test users, or read your application's insights for example.
App access tokens can also be used to publish content to Facebook on
behalf of a person who has granted a publishing permission to your
application.
Depending on what you are trying to actually do, an application token might be the wrong form of OAuth. Your example (searching for public posts with the term watermelon) doesn't require an OAuth token, so you're obviously trying a different type of graph search. Without saying what you're actually trying to access, it's impossible to actually advise you correctly.
However, I'm going to guess that you're trying to get access to graph objects that require permissions from a specific user. If that's the case, then you need to get permissions from that user first, by requesting the scope of permissions that you require.
Process of gaining user OAuth Access Token (https://developers.facebook.com/docs/reference/dialogs/oauth/)
Possible Permissions (scope) that can be requested (https://developers.facebook.com/docs/reference/login/)
This will give you a short term access token for that user, which will allow you to anything within the scope of permissions for which you've requested permission.
This token will only last for a short period after the user has logged into your app. It can also be promoted to a longer term access token
https://developers.facebook.com/docs/howtos/login/extending-tokens/
You don't need to pass any token to search in public information (unless you want to search in user's context). Just make a call to the following url and see the URL. Please mark that I have used http instead of https.
http://graph.facebook.com/search?q=watermelon&type=post
But to make my answer more clear - with properly granted access_token I can make a call to the https version of the above url (https version requires an access token) and it just works fine without any problem.
If you are searching programatically and the search URL will never be visible to the end user you can use this instead:
&access_token=app_id|app_secret
More about this here: https://developers.facebook.com/docs/facebook-login/access-tokens/
Related
I'd like to use the Facebook graph API to search for Facebook groups by keyword. I've used
search?q=keyword&type=group
in the graph API explorer and it works well, however it requires I generate a user access token. I've also read the below on the facebook API documentation
"There is another method to make calls to the Graph API that doesn't require using a generated app token. You can just pass your app id and app secret as the access_token parameter when you make a call:
http://graph.facebook.com/endpoint?key=value&access_token=app_id|app_secret"
However when I try this method it errors out with
"{"error":{"message":"(#200) Must have a valid access_token to access this endpoint","type":"OAuthException","code":200}}"
I cant understand why this needs a user access token. The search I want to perform has nothing to do with any users I just want a list of matching groups.
How can I perform this search as my facebook app from my server?
According to the specific search documentation, you need a User Access Token.
https://developers.facebook.com/docs/graph-api/using-graph-api/v2.2#search
All Graph API search queries require an access token included in the request. The type of access token you need depends on the type of search you're executing.
Searches across Page and Place objects requires an app access token.
All other endpoints require a user access token.
Firstly I am aware that there are a million questions similar to this, but they are all either out of date (Facebook has changed and the instructions no longer work) or don't explain how to do specifically what I am asking.
I'm trying to register an app on Facebook so that I can autopost to the company Facebook page, of which I am an admin.
I'm trying to do this via PHP, with which I have considerable experience (PHP, not Facebook API.)
So far I have registered as a Facebook developer, made a Facebook app, got the appID and secret word, and downloaded the facebook-php-sdk from Github. I have attempted to follow a couple of tutorials but the Facebook developer/app pages have all changed and so the intructions are now invalid.
All I want to do is to be able to post automatically to my page's wall from the server via PHP, as if I posted the status update myself as the page admin. I don't understand how or why this is so difficult.
The Facebook app page has a million settings that I've never heard of and don't seem to be related, then there is no information that gives any direction to do what I want to do.
This is about as far as I've got and I've hit a wall. No idea what to do next. Facebook keeps asking me "Select how your app integrates with Facebook" but their options don't appear to include what I want, which is just to post on my own page. I don't appear to actually be able to use the app yet, as there are various settings its insisting on, like "Canvas URL", which I do not understand, etc. and then I obviously need to set permissions, yet I see no way to do this either.
What do I do?
Setting up an app
You are going to need to authenticate the user who has at least content creator rights on your page. So you need to choose 'Website with Facebook Login' and enter your website url.
You'll also have to enter the domain (website url without protocol)
Keep it in sandbox mode while you test it you can edit that later.
You don't really have to worry about other settings as the permissions to ask can be added directly in your php code.
"Online" Access
To logging and post directly to facebook you'll need to retreive an access token
Getting an access token
Here is a basic run down:
Get user to login and allow app with appropriate permissions (manage_pages, publish_stream) if he hasn't
Retreive user access token
Query /me/accounts with user access token to get the page id & access token
Then all you have to do is make your API call with id & access token to post on facebook
"Offline" Access
In order to post without having to logging (usefull if you aren't the only one posting) you need a permanent extended token. So you basically should have a separate script that you'll run once to retrieve that extended token and store it.
Getting an extended access token
To be able to post without the user being logged in you need a permanent access token for your page.
Here is a basic run down:
Get user to allow app with appropriate permissions (manage_pages, publish_stream)
Retreive user access token
Change user access token for extended user access token
Here is how I do this step (you could also use curl)
$token_url = "https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUT_APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=OLD_TOKEN";
$accessToken = #file_get_contents($token_url);
Then
Query /me/accounts with user extended access token to get the page
Change page access token for extended access token (same code as
above)
(The last step shouldn't be necessary according to the doc as you should get an extended page token when you query /me/accounts with an extended user token but in my case it didn't work)
And you get a permanent access token that only expires if the user changes password or disallows the app. All you have to do is store it with the page's id and retreive it wherever you need an API call to post to facebook.
The php sdk is pretty well documented so you shouldn't run into any problem a google search can't fix. Look for post september 2012 threads the flow hasn't changed since neither did the php sdk much.
My goal is to search all users matching a specified name without the need for the user to be logged in with facebook. To accomplish this I did the following:
I created a Facebook App.
By using PHP I obtained the App access
token.
The problem is when I execute the api call:
"search?q=$name&type=user&access_token=$app_access_token";
I get the following result: "(#200) Must have a valid access_token to access this endpoint"
The question is, can I search users matching a specified name with my App Access Token or do I need a User Access Token?
You need a user access token (can be you as a user).
I've been trying to get Google's Calendar API working in a PHP web application, but I'm having a hard time getting authenticated.
What I want to do is to allow users to interact with calendars of a single account known by the server.
Each type of scenario covered in the OAuth 2.0 docs talks about "user consent" which involves a login form and the individual user logging in, but I want the server itself to authenticate directly and obtain an access token for itself.
Is there some part of OAuth or some alternative mechanism I can use to do this?
In order to do this, you must go through the steps for user consent and then copy the access tokens it gives you into the PHP code.
The usual procedure for OAuth is like this:
Send user to authentication page.
User comes back with $_GET['code']
Send $_GET['code'] to OAuth server for a token
Store token in database for the user (or session, if it's very short lived)
But when doing it with a single calendar like this, you modify step 4. Instead, you dump the token to screen and copy it into your PHP file as variables, instead of putting it in the database. Then when you go to pass the access token to the server, you just pass the known, static token rather than a dynamic token from the database / session.
See mathewh's answer here:
How to automate login to Google API to get OAuth 2.0 token to access known user account
The lightbulb for me is when you get the access token you get a refresh_token as well... you use this token to "refresh" your access token once it expires.
There is no way around a manual authorization step the first time.
is it possible to store the id of a user who grants permission to accept the app and then post a "share" when the user completes an action but they are not logged into linkedin? i have done this with facebook but currently struggling to get my head around the oauth/linked in libraries.
Yes, once the user has authorized your application, you can store the user's oauth tokens and use those to update LinkedIn via the API when a user trigers a share/update, etc.
The only trick is to cover yourself in the case that the user rejects your application's access rights; filter all responses from the LinkedIn API looking for an error indicating that the access token is no longer valid (you should be doing this filtering anyways for throttling issues).
LINKEDIN API has no proper documentation..as to how i can use it..sample code which is provided SKuS