App settings to access the Facebook Graph API

Facebook App settings to access its Graph API
Published: by
Last updated:
Categories
Website Development

The Facebook Graph API is a platform that allows permitted data into and out of the Facebook platform. “It’s a low-level HTTP-based API that Apps can use to programmatically query data, post new stories, manage ads, upload photos, and perform a wide variety of other tasks.”

This is an ongoing post. Please suggest corrections, explanations, etc. in the comment section at the bottom of this page.

Assumptions and requirements

This process will get an access token to be used by yourself (the admin of the App). Apps that are to be used by the public will need to be activated and will need approval from Facebook in some cases.

During the Facebook Apps setup process, a web address and privacy policy URL will be needed. You might get away with using the same URL for both these fields. If you don’t have at least an unique website address one of many free online website services can be used.

Introduction

An API (application programming interface) is the interface (I) between a programmed request (P) and, in this case, Facebook (A). By using the Facebook API, various programming languages can be used query (send/receive) data to Facebook pages. Facebook processes these queries through its Apps infrastructure. To be able to make these queries, an Access Token will be required.

Identification and authorisation to the Facebook Graph API is done through the Facebook App infrastructure. By using an App, the type of permissions can be authorised. Facebook has many different permission, e.g, permissions for posting to a page is but one of them.

After setting up a Facebook App the following basic information will be obtained:

  • App ID (auto generated by creating the App, serving as an unique identifier of the Application that will handle and process the request – in the form of a numbered string)
  • App Secret (auto generated by the App, serving as the Application’s ‘password’ – in the form of a string)
  • Access Token (generated code that will contain information about who is accessing the App and what privileges they have – in the form of a long string) – this post will show how to get a permanent ‘non-expiry’ access token.

After obtaining the App ID, App Secret and API version from the created App, the Facebook Graph API explorer will be used to generate the Access Token.

Creating a Facebook App

The first step is to create a Facebook App. While logged in your Facebook user account, go to the Facebook Apps dashboard. If you are not yet registered as a developer, click the blue Register button and follow the instructions.

Create Facebook App

A Facebook developer can create multiple Apps. To create an App, click on the green +Add a New App button and supply all the required details before clicking on the blue Create App ID button. Although this can be changed later on, the Display name will be used as the publisher for posting to Facebook. Complete the security check.

There is no need to add any products yet. From the new App’s Apps dashboardgo to Settings -> Basic. This page will give you a self populated App ID and App secret. Copy or write them down in a safe place. Continue by supplying the following basic requirements:

  • Contact Email and Privacy Policy URL (required to make the App public)
  • Upload an image to identify the App visually

Facebook Apps dashboard

Click on +Add Platform (at the bottom). Multiple platforms can be added per App. Python related calls from Raspbian doesn’t seem to need a platform, but the Web or Server-to-Server platform is mostly used. After adding certain platforms, additional fields might be required. When adding a Website, the App Domains also needs to be completed.

After the form has been completed, click on the blue Save Changes button on the bottom.

All Facebook Apps are in ‘Development’ mode by default. In order to make the App available to the public, it needs to be activated. If the App is only to be used by yourself (the administrator of the App), then activation is not always necessary.

To activate the App, go to App Review in the new App’s Apps dashboard and toggle the Make Your App Public button from No to Yes. Choose a category and press the blue Confirm button. Depending on the permissions required, you might need to have your App reviewed for approval.

Make Facebook App public

Now that the App is live and available to the public a Facebook access token needs to be created. Before this is done, the App version also need to be noted down. The App version can be seen under the Advanced settings section (Settings -> Advanced).

Upgrade API version

Different API versions have different functionalities. Facebook might update their API version from time to time to add functionality, but also occasionally to remove abilities. The App Contact Email address will be used by Facebook to communicate significant changes to developers. As Facebook will very likely deprecate older versions over time, it is probably better to use the latest API version available. This section can also be used to upgrade the App’s API version in the future.

No other advanced settings are required.

There should now be a green dot next to the new App’s name. Copy and paste these values somewhere. You don’t have to submit the app for review.

Creating a Facebook access token

When a request, together with the Facebook access token (also known as the Facebook OAuth token), is send to the App, the access token will tell the App who is sending the request (either the user account holder or a Facebook page) and what privileges that sender has. By using the App ID, App Secret and API version obtained from setting up the Facebook App itself, the next steps will create a ‘short-lived’ access token. Additional steps will convert this to a ‘long-lived’ one, and ultimately to a ‘non-expiry’ one.

From the Graph API Explorer in the Application drop-down, choose the App for which the access token is for. In this case it will be the new App created above.

Get a Facebook user access token

Click on the Get Token button and choose Get User Access Token.

A permissions section will popup. After choosing the required permissions click on the Get Access Token. A message confirming the actions you just allowed will show. Also confirm permission to post on your behalf. Choose whatever you want, but posting Publically will give maximum visibility. Click Ok.

Posting to a page: To create a User Access Token that allows posting to a page, select manage_pages and publish_pages before clicking on Get Access Token. These permissions will allow the App to publish posts acting as yourself. For more info about permissions, see Facebook’s Permissions Reference page. Sinse the last update, to be able to use manage_pages and publish_pages the App needs to be submitted for review and approval.

The Graph API explorer will generate a ‘short-lived’ access token. These tokens typically only last for about 2 hours. ‘Long-lived’ tokens only lasts about 60 days. To convert a ‘short-lived’ token into a ‘long-lived’ one, copy the following link into the web address section of your favourite web browser and replace the {indicated values}:

https://graph.facebook.com/oauth/access_token?
  client_id={APP_ID}&
  client_secret={APP_SECRET}&
  grant_type=fb_exchange_token&
  fb_exchange_token={SHORT_LIVED_ACCESS_TOKEN}

The web browser will show the following:

access_token={…}&expires={…}

The Graph API Explorer section can be a scary place at first, so if you don’t see the result above or made a mistake somewhere, go to the App Settings page to delete the permission actions you just created. This will not delete your App itself, so you can just start over with token creation process.

This new access_token is the ‘long-lived’ token. Temporarily copy it somewhere and also copy it into the Access Token Debugger to see the Expire field.

In order to get a ‘non-expiry’ access token, you will need your account ID. The account ID can be obtained by copying the following link to a web browser (replace the {indicated values}):

https://graph.facebook.com/v{3.0}/me?access_token={LONG_LIVED_ACCESS_TOKEN}

Lastly, copy the following link to a web browser again (replace the {indicated values}):

https://graph.facebook.com/v{3.0}/{ACCOUNT_ID}/accounts?access_token={LONG_LIVED_ACCESS_TOKEN}

All your Facebook pages will show up on this page. Look for the relevant page using the Name field. This will give a final ‘non-expiry’ access token. It can be tested again with the Access Token Debugger.

Copy this Access Token somewhere together with the App ID and App Secret (and API Version).

To verify the App permissions paste the following link to a browser (replace the {indicated values}):

https://graph.facebook.com/{ACCOUNT_ID}/permissions?access_token={APP_ID}|{APP_SECRET}
About the author
Renier busies himself with improving his English writing, creative web design and his websites, photoshopping, micro-electronics, multiple genres of music, superhero movies and badass series.
Behind the Scenes is a free, informative website. If you find value in any of our content, please consider making a donation to our cause.
Donate via PayPal

Save, share & Disqus

Use the buttons below, on the left or the bottom of this page to share this post. Your comment is important, but don't be a knob. Keep it constructive and polite.

Comment via Disqus

Disqus is a worldwide comment hosting service for web sites and online communities. This secure platform ensures a pleasant commenting environment which is manageable from one account. Use the Login button to sign up.

More social media related posts

Get WP Toolset – for custom WordPress development without programming
Get WP Toolset – for custom WordPress development without programming
12 December 2019
Ad: Extend the functionality of WordPress with regards to its ability to store data and publish it on your website. More…
Creating custom social media share buttons for posts
Creating custom social media share buttons for posts
27 October 2017 | Updated 19 March 2019
Website developers might find it necessary to have custom social share buttons at the top/bottom of their web pages. Custom buttons allow better integration with the rest of a website’s style and create a more unique look. More control over where these buttons appear on pages might also be beneficial. More…