2

I am currently working on a messenger bot and am trying to log additional events using facebook's app analytics platform.

Relevant documentations:

Example request (app information censored):

curl -F 'event=CUSTOM_APP_EVENTS' \
 -F 'custom_events=[{"_app_user_id": "1", "_eventName": "my-test-event"}]' \
 -F 'advertiser_tracking_enabled=0' \
 -F 'application_tracking_enabled=0' \
 -F 'extinfo=["mb1"]' \
 -F 'page_id=xxx' \
 -F 'page_scoped_user_id=xxx' \
 -F 'access_token=xxx' \
 https://graph.facebook.com/xxx/activities

Problem:

When issuing the request above, the event will appear on my analytics overview (https://www.facebook.com/analytics/xxx/?section=AppEvents) but without the actual event being recorded. The amount of events received stays at zero and the event debugger won't show any activity.

If I send the event without an access token (same request as above, just without the token) the event will get processed correctly.

While I can get it to work this way, I really don't think posting events without an access token should be working at all.. couldn't just everybody post them for my application?

The application is currently still in sandbox mode, so the issue might be related to that. Does anybody have experience with that?

Quick edit: Facebook themselves appear to be sending the request using an access token as seen int he facebook sdk for android.

Birne94
  • 636
  • 8
  • 21
  • Their "Purchase Event Example" on the first documentation page doesn’t use an access token either. I guess since the page_scoped_user_id is obligatory, that might be enough for Facebook to tell if the request is genuine, because no one without access to the page would know the page-scoped id. – CBroe Feb 16 '17 at 15:08
  • @CBroe interesting, when playing with the user ids I get mixed results. For some ids I get `Code 1: An unknown error has occurred.` while others get submitted successfully. Of those submitted successfully some appear in my event log, others are simply ignored. There appears to be no common pattern, though. – Birne94 Feb 16 '17 at 15:18

2 Answers2

0

Access token is not required for this Graph API call to submit messenger bot events. Did you get errors while sending "valid" page_scoped_user_ids? If so, could you please reach out to support with more info? (App Id, page scoped user ids that gave the error)?

Sridharan
  • 11
  • I did not receive any errors except when trying purposely wrong user ids. The only difference when using an access token was the events not showing up in the event debugger. Is there any way to prevent somebody from posting events to my application? – Birne94 Feb 16 '17 at 20:20
0

Writing the events is limited by your ability to identify a valid appId, pageId, page scope user id triplet - no protection is afforded. I think drop the access token - you can use it to read event data but not write it.

The page_scoped_user_id must be a Facebook page scoped user id and the page_id similarly valid. Are you using invalid ones as part of testing? That might be why they don't all get through.

Ram
  • 327
  • 2
  • 20