29

I am testing Facebook Graph API v2.3 with Postman. While it is possible to get response by putting access token in query string as follow: 

https://graph.facebook.com/v2.3/me?access_token=my_access_token

I am wondering whether it's possible to do the same thing with HTTP request headers, which would be something like this:

GET /v2.3/me HTTP/1.1
Host: graph.facebook.com
Authorization: <my_access_token>
Cache-Control: no-cache
Postman-Token: <postman_token>

Based on this similar question (i.e. How should a client pass a facebook access token to the server?) on Stackoverflow, it seems that this should be possible.

Any thoughts on this?

Edit:

What raised my interest is that, when I used the API Graph Explorer provided by Facebook Developers, it seems that there's no query string in that sandbox either. How does that work?

Facebook API Graph Explorer DO use query string for access token. Thanks to @CBroe's response.

Community
  • 1
  • 1
kavare
  • 1,786
  • 2
  • 17
  • 26
  • Of course Graph API Explorer passes the access token as a query string parameter (for GET requests), you can clearly see that when you look at the request it makes in your browser’s developer tools network panel. – CBroe Apr 26 '15 at 14:05
  • @CBroe I think you are right. After checking the Network panel it's clear that Graph API Explorer passes the access token using query string. Does that mean query string is the only way to pass it? – kavare Apr 26 '15 at 14:24

1 Answers1

54

Yes it is possible

Authorization: Bearer AccessTokenHere

e.g.

curl --header "Authorization: Bearer CAAC...ZD" https://graph.facebook.com/me

This answer previously recommended using "OAuth" instead of "Bearer" as the token type. Both will work, but "Bearer" is the type that shows up in the standard. Also, on completing Facebook's OAuth flow, the token_type in their response is bearer. So all in all "Bearer" makes more sense.

Community
  • 1
  • 1
phwd
  • 19,975
  • 5
  • 50
  • 78