2

What is the right way of making graph api calls with appsecret_proof parameter in python? Is there any library that allows such thing?

I was trying to use 'python for facebook' library but the documentation is literally nonexistent so I can't figure it out.

gus27
  • 2,616
  • 1
  • 21
  • 25
Tony Babarino
  • 3,355
  • 4
  • 32
  • 44

3 Answers3

15

Here's how you could do that using the facebook-sdk:

import facebook
import hashlib
import hmac

def genAppSecretProof(app_secret, access_token):
    h = hmac.new (
        app_secret.encode('utf-8'),
        msg=access_token.encode('utf-8'),
        digestmod=hashlib.sha256
    )
    return h.hexdigest()

app_secret = "xxxxxxxxx"
access_token = "xxxxxxxxx"
api = facebook.GraphAPI(access_token)
msg = "Hello, world!"
postargs = {"appsecret_proof": genAppSecretProof(app_secret, access_token)}
status = api.put_wall_post(msg, postargs)

Tested with Python 2.7.9 and facebook-sdk 1.0.0-alpha.

gus27
  • 2,616
  • 1
  • 21
  • 25
  • 2
    I tried to follow your example but it didn't work. I fixed it by replacing: `status = api.put_wall_post(msg, postargs)` with: `status = api.put_wall_post(msg, appsecret_proof=genAppSecretProof(access_token))` – haeger Apr 23 '15 at 15:37
  • @haeger: If I paste your code in my example I get a `TypeError: genAppSecretProof() takes exactly 2 arguments (1 given)`. If I add the missing parameter it results in a `TypeError: put_wall_post() got an unexpected keyword argument 'appsecret_proof'`. What python and facebook-sdk versions do you use? – gus27 Apr 23 '15 at 20:39
2

Doing this without the facebook SDK quite simple... the key is that your facebook_app_token is a concatenation if your app_id and app_secret combined with a |.

import hmac,hashlib
facebook_app_id     = '<YOUR_APP_ID>'
facebook_app_secret = '<YOUR_APP_SECRET>'
facebook_app_token  = '{}|{}'.format(facebook_app_id,facebook_app_secret)
app_secret_proof    = hmac.new(facebook_app_secret.encode('utf-8'),
                           msg=facebook_app_token.encode('utf-8'),
                           digestmod=hashlib.sha256).hexdigest()

Then you can include the app_secret_proof in whatever API you're calling... e.g.,

import requests
base_url = 'https://graph.facebook.com/v2.10/<USER_ID>/ids_for_pages?access_token={}&appsecret_proof={}'
url = base_url.format(facebook_app_token,app_secret_proof)
result = requests.get(url)
result.json()
Mike N
  • 6,395
  • 4
  • 24
  • 21
1

This question is too old, but I found other way to generate app_secret_proof using this python SDK.

    from facebook_business import session
    fb_session = session.FacebookSession(app_id, app_secret, access_token)
    app_secret_proof = fb_session.appsecret_proof
Neo-coder
  • 7,715
  • 4
  • 33
  • 52