I've never used Facebook's Graph API, or OAuth. I'm simply trying to get a public Facebook page's feed using the Graph API, but it requires an access token. I don't want to hassle the users to login and allow access to get their token. A Facebook app access token could be used to get a public feed, but I'm trying to do this entirely in Javascript, so I can't use the app secret to do so. I read somewhere that a Facebook app access token doesn't ever expire or change unless I manually reset the secret. Is this true? Would it be safe to just hard code in the Access Token? If not, is there some way I could authenticate an app to get the token without having to involve a user? Is there some type of generic app token I could use?
Asked
Active
Viewed 6.8k times
36
-
if you could pull that trick then FB wouldn't be secure, would it ? ;) – Nir Alfasi Feb 21 '12 at 07:25
-
5I'm just trying to read information that's public to begin with. No posts, just read only. I heard it was possible with the old system. edit: 'it' being api access to public page feed's without a token – xtkoeller Feb 21 '12 at 07:34
-
A Page token can be used to do that but I can't say how secure it is to expose it to frontend. – Alexander Nenkov Feb 21 '12 at 07:38
-
2I need the same functionality: I want to request the public feed of a business page in order to parse it into posts on our "news" page, but I'm not about to bug every user to log into Facebook just for some pointless access token! It's a public feed! – wersimmon Mar 14 '12 at 21:21
-
1you can feed public posts with no issue using any valid access token. example https://developers.facebook.com/tools/explorer?method=GET&path=anotherfeed%2Ffeed – ShawnDaGeek Jun 13 '12 at 16:25
-
what i would suggest in javascript is create a new array with your feed array and pull from it with java or do DOM changes. i would not build a public wall with token in pure javascript. – ShawnDaGeek Jun 13 '12 at 16:29
6 Answers
79
If you're anything like me your clients won't want a standard Facebook likebox plugin, they'll want it all styled and customised their own way.
You don't need to spend all day going round the official documentation wondering if any of it applies to you for something simple like this, it's quite easy. The confusion arises because you'd assume that with all these keys and secret ids you'd have to get permission or authentication from the Facebook page you wanted to pull the feed from - you don't. All you need is a valid app and you can get the feed for any public page.
Set your app up in Facebook and it will give you an app id and an API key. Get the profile id for the public page feed you want, and that's all you need. You can then use the following code to retrieve the auth token and then then use that to return the feed data as a JSON object.
<?php
function fetchUrl($url){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
// You may need to add the line below
// curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
$feedData = curl_exec($ch);
curl_close($ch);
return $feedData;
}
$profile_id = "the_profile_id_of_the_page_you_want";
//App Info, needed for Auth
$app_id = "your_app_id_in_here";
$app_secret = "your_app_secret_in_here";
//Retrieve auth token
$authToken = fetchUrl("https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id={$app_id}&client_secret={$app_secret}");
$json_object = fetchUrl("https://graph.facebook.com/{$profile_id}/feed?{$authToken}");
Thanks to an edit someone suggested I reckon this code came from here (looks familiar anyway :) ) and there's some more info in the comments there that might help.
You can then parse the object, here's some code to do it in PHP based on this thread;
Handling data in a PHP JSON Object
$feedarray = json_decode($json_object);
foreach ( $feedarray->data as $feed_data )
{
echo "<h2>{$feed_data->name}</h2><br />";
echo "{$feed_data->message}<br /><br />";
}
To find out what's available to you in the json object you can output the url in a browser and copy/paste it into this useful json visualisation tool;
-
When I attempt to retrieve the $authToken I receive the response: "Missing redirect_uri parameter." Any ideas? – Adam Nuttall Jun 13 '12 at 14:31
-
Is that what gets returned when you just put the url for the authToken part (minus curly braces, replacing variable names with your keys) straight into the browser address bar? – McNab Jun 13 '12 at 15:16
-
Sorry, figured this out... I c&p'd your example and the URL is missing the '?' between access_token & type. – Adam Nuttall Jun 13 '12 at 15:21
-
Good to know! You had me panicking there, checking my sites out and thinking 'Please tell me they've not changed it AGAIN already!!!'. :) – McNab Jun 13 '12 at 15:24
-
-
Thanks and well spotted re the ? - don't know how that happened, have amended it. Cheers – McNab Jun 13 '12 at 16:17
-
Annoyingly I ran through the exact same steps to retrieve a second Facebook page feed and receive an empty JSON data object. – Adam Nuttall Jun 14 '12 at 11:27
-
-
4Trying to run - `https://graph.facebook.com/oauth/access_token?type=client_cred&client_id=<1234>&client_secret=<1qw2e3e>` Getting as a response `access_token=123456|123456` then running `https://graph.facebook.com/espn/feed?access_token=123456|123456` and getting `An access token is required...` error. What am I doing wrong, should I enable something on my app page ? – Efi MK Jul 01 '12 at 13:07
-
You need to wrap the client_id and client_secret in braces {} as per the code example, you have used <>. – McNab Jul 01 '12 at 21:19
-
are they not changed it AGAIN already? I cannot figure out what is wrong with my try... – enguerran Jan 14 '13 at 16:05
-
@enguerran - If you can't get this working can you try changing `client_credentials` to `client_cred` . This answer was edited recently and I haven't had a chance to verify it. If the edit is wrong I will roll it back, let me know if this works. Thanks. – McNab Jan 14 '13 at 16:15
-
-
@McNab - Could you tell me how fetchUrl() has to work? It doesn't on my web page copied/pasted from your answer. [EDIT] It seems fetchUrl need this instruction: `curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);` – enguerran Jan 15 '13 at 08:54
-
@enguerran - thanks for that tip, I've added it to the edit. I'm assuming that's based on PHP version on the server as it looks like it was added in cURL 7.10 - http://php.net/manual/en/function.curl-setopt.php – McNab Jan 15 '13 at 09:57
-
2Thank you thank you thank you! If only the Facebook API documentation were as straightforward as this! – And Finally Jun 12 '15 at 11:04
-
You're welcome @AndFinally - I'm just glad this still works after 2 years! Cheers :) – McNab Jun 12 '15 at 12:08
-
@McNab, Is this still a valid method of grabbing the access_token? When I try `https://graph.facebook.com/oauth/access_token?type=client_cred&client_id={id}&client_secret={secret}`, I get the error `Invalid Client ID`. Or do I just need to go further in setting the app up in Facebook? – craned Oct 27 '15 at 18:04
-
@craned - yes it's still valid, it's still working on live sites, I've just checked. Something else must be amiss. Good luck with it! – McNab Oct 27 '15 at 18:30
-
@McNab, Good to know. How far do I need to go in setting up the app on Facebook for it to work? – craned Oct 27 '15 at 19:50
-
1@McNab, Did you have to submit your app to Facebook for review to view the posts? Nothing I do is letting my request for an access token work. – craned Oct 27 '15 at 20:08
-
@craned - No, there was no review of the app or anything when I did it. I haven't done one for a while though. Sorry, I'm not sure what the problem is I'm afraid. – McNab Oct 27 '15 at 20:23
-
2I finally figured out what I was doing wrong. 2 things: 1) I wasn't using the full `access_token` returned by FB. 2) I had to take out the curly braces. They were giving me an 'Invalid Token' error. – craned Oct 28 '15 at 18:11
-
-
@twan - In the example above it's `{$feed_data->picture}` - you would just `var_dump($feed_data);` to find out what's available to you. – McNab May 27 '16 at 08:43
-
@McNab I got the answer on how to do this here: http://stackoverflow.com/questions/37478053/getting-an-image-from-a-facebook-post-on-a-public-page/37478157 You can just add the fields in the url. – twan May 27 '16 at 09:15
-
2It looks like this no longer works with the tightening of permissions - existing apps may continue to work, but new apps require approval. – Mark May 07 '18 at 00:15
7
Facebook app access token doesn't ever expire or change unless I manually reset the secret
That's correct.
App tokens do not expire unless the App Secret is reset. App access tokens are unique to each app.
Since public feeds take any valid access token, application tokens can be used.
Go to https://developers.facebook.com/tools/access_token and you would not require a flow. Then you can just hard code it in. The moment you reset the secret this method is void.
$access_token = '1111111111|2Cha_1-n5'
$graph_url = "https://graph.facebook.com/Boo/posts?access_token="
. $access_token;
$page_posts = json_decode(file_get_contents($graph_url), true);
Then iterate through the pages
foreach($page_posts['data'] as $post){
$post_link = $post['actions'][0]['link'];
$page_id = $post['from']['id'];
$page_name = $post['from']['name'];
$message = ($post['message']) ? $post['message'] : " ";
$name = ($post['name']) ? $post['name'] : " ";
$story = ($post['story']) ? $post['story'] : " ";
$post_time = $post['updated_time'];
}
phwd
- 19,975
- 5
- 50
- 78
1
In response to the message of @Psyked and @James_David_Low, it is not recommended to use FQL because is deprecated.
"...There are two low-level HTTP APIs that are also used at Facebook to access the graph: FQL and the Legacy REST API. These APIs contain similar and overlapping functionality, but are deprecated."
New features are generally only available in the Graph API. To future-proof your app you should be using the Graph API in your app if you can.
Diego Palomar
- 6,958
- 2
- 31
- 42
-
1That's not true, FQL itself is not deprecated. Using it via the RestAPI and some other older ways is deprecated - but _making_ FQL queries _using_ the Graph API endpoint is __absolutely not deprecated.__ – CBroe Dec 18 '12 at 14:15
-
1Diego's Right, CBroe's wrong: The FQL and REST APIs are no longer available in v2.1: Previously announced with v2.0, apps must migrate to versioned Graph API calls starting with v2.1. https://developers.facebook.com/docs/apps/changelog – Jacek Pietal Jun 26 '15 at 14:44
1
The accepted answer does not provide a dynamic way of retrieving the profileId/pageId or even explain how to retrieve it. Check out my answer/question. From my experience, the accepted answer is also wrong in requiring the curly braces around the app-id and app-secret. I got an error when I included those and it worked with them out.
It doesn't get any simpler than this.
0
I think in order to do this you have to use FQL not simply the Graph API. This is what I'm doing (replace PAGE_ID with the ID of your page, keep the quotes):
SELECT post_id, created_time, type, message, attachment
FROM stream
WHERE source_id = 'PAGE_ID'
AND actor_id = source_id
James Ford
- 1,543
- 2
- 15
- 31
J Low
- 49
- 1
-
https://s3.amazonaws.com/f.cl.ly/items/2G0q0y3Z2s32311U1s40/Screen%20Shot%202015-03-16%20at%2010.11.50.png – Andrew Lazarus Mar 16 '15 at 10:13
0
If you want to use page feed (like your own page feed) in an app for showing it to others. Just use your own access_token to get it.
BUT! as it's not considered as a good practice you can also login with the Page or Application and use their access_token.
For more information please read the official documentation on authentication
Henrik Peinar
- 2,181
- 18
- 22