From what I understand if I need to make request to facebook API I need to pass access token with it.
However, I just had a look at the Facebook official example - they did not provide include access token to make request?
$user_profile = $facebook->api('/me');
Where and When do I need to use access token for?
The example you've provided is using the PHP-SDK. It automatically appends an access_token as required.
You only need to worry about tokens in the context of permissions, depending on what you're doing. The docs will let you know if/when you need a permission/token an example is the user doc. You don't need permission to access the first 7 fields, but in order to see what languages the user has listed, you would need to request the user_likes permission.
If you're making cURL calls directly to graph, then you'll need to remember to append tokens to the URL.
I don't know exact use of graph API in PHP (I use C#) - but I expect you do need the access token when creating object stored in $facebook variable.
In the documentation, you set your app token information when initializing the $facebook.
require_once("facebook.php");
$config = array();
$config[‘appId’] = 'YOUR_APP_ID';
$config[‘secret’] = 'YOUR_APP_SECRET';
$config[‘fileUpload’] = false; // optional
$facebook = new Facebook($config);
Here's a link to the details: PHP SDK Overview
If you need permission to certain parts of their Facebook account, that doesn't come with the default, say you want to look at their friends for example or post on their wall, you can request that permission through the login.
$params = array(
scope => 'read_stream, friends_likes',
redirect_uri => 'https://www.myapp.com/post_login_page'
);
$loginUrl = $facebook->getLoginUrl($params);
The scope comes from the permissions page. This is just a comma delimited list of permissions your app would like. The redirect_uri is a url on your page that Facebook will return to so you can capture the authenticated tokens and verification.
