ads_read.Both Graph API and Marketing API calls require an access token to be passed as a parameter in each API call. In this guide, we teach you how to get access tokens for testing purposes.
To learn more about authentication, see our main documentation:
You can get a test user access token with Graph API Explorer. To learn how to use the explorer, see Graph API Explorer Guide.
ads_read.To get more information in the token you just generated, click on the i button shown before the token. After the click, a pop-up screen opens and displays some basic information about the token. Click on Open in Access Token Tool to be redirected to the Access Token Debugger.
You can also directly access the Access Token Debugger and paste the token you generated in the text box.
While debugging, check:
Check your new token’s properties using the Access Token Debugger. It should have a longer expiration time, such as 60 days, or Never under Expires. See Long-Lived Access Token.
If the user clicks the Allow button when you prompt for the extended permissions, the user is redirected to a URL that contains the value of the redirect_uri parameter and an authorization code:
http://YOUR_URL?code=<AUTHORIZATION_CODE>
Build a URL that includes the endpoint for getting a token, your app ID, your site URL, your app secret, and the authorization code you just received. The URL will be similar to the following:
https://graph.facebook.com/<API_VERSION>/oauth/access_token? client_id=<YOUR_APP_ID> &redirect_uri=<YOUR_URL> &client_secret=<YOUR_APP_SECRET> &code=<AUTHORIZATION_CODE>
The response should contain the access token for the user:
If the API is to be invoked by a System User of a business, you can use a System User Access Token.
You can debug the access token, check for expiration, and validate the permissions granted using the access token debugger or the programmatic validation API.
The token should be stored in your database for subsequent API calls. You should regularly check for validity of the token, and if necessary prompt the user for permission. Even a persistent token can become invalid in a few cases including the following:
As access tokens can be invalidated or revoked anytime, your app should expect to have a flow to re-request permission from the user.
When a user starts your web app, check the validity of the token you have for that user. If necessary, send them through the authentication flow to get an updated token.
If this is not possible for your app, you may need a different way to prompt the user. This can happen in cases where the API calls are not directly triggered by a user interface, or are made by periodically run scripts. A possible solutions is to send users an email with instructions.
Default User and Page access tokens are short-lived, expiring in hours, however, you can exchange a short-lived token for a long-lived token.
When you use the iOS, Android, or JavaScript SDK, the SDK will automatically refresh tokens if the person has used your app within the last 90 days. Native mobile apps using Facebook's SDKs get long-lived User access tokens, good for about 60 days. These tokens are refreshed once per day, when the person using your app makes a request to Facebook's servers.
If no requests are made, the token will expire after about 60 days and the person will have to go through the login flow again to get a new token.
Latest Graph API Version: v15.0
If you need a long-lived User access token you can generate one from a short-lived User access token. A long-lived token generally lasts about 60 days.
You will need the following:
Query the GET oauth/access_token endpoint.
curl -i -X GET "https://graph.facebook.com/{graph-api-version}/oauth/access_token? grant_type=fb_exchange_token& client_id={app-id}& client_secret={app-secret}& fb_exchange_token={your-access-token}" { "access_token":"{long-lived-user-access-token}", "token_type": "bearer", "expires_in": 5183944 //The number of seconds until the token expires }The workflow for generating a long-lived User access token is as follows:
Once you have retrieved the long-lived token, you can use it from your server or send it back to the client to use there.
You can not use an expired token to request a long-lived token. If the token has expired, your app must send the user through the login flow again to regenerate a new short-lived access token.
Make this call from your server, not a client. Your app secret is included in this API call, so you should never make the request client-side. Instead implement server-side code that makes the request, then pass the response containing the long-lived token back to your client-side code. This will be a different string than the original token, so if you're storing these tokens, replace the old one.
Do not use the same long-lived tokens on more than one web client (i.e. if the person logs in from more than one computer). Instead, you should use the long-lived tokens on your server to generate a code and then use that to get a long-lived token on the client. Please see below for information Generating long-lived tokens from server-side long-lived tokens.
If you need a long-lived Page access token, you can generate one from a long-lived User access token. Long-lived Page access token do not have an expiration date and only expire or are invalidated under certain conditions.
You will need the following:
Query the GET {app-scoped-user-id}?accounts endpoint.
curl -i -X GET "https://graph.facebook.com/{graph-api-version}/{app-scoped-user-id}/accounts? access_token={long-lived-user-access-token}"{ "data":[ { "access_token":"{long-lived-page-access-token}", "category":"Brand", "category_list":[ { "id":"1605186416478696", "name":"Brand" } ], "name":"Cute Kitten Page", "id":"{page-id}", "tasks":[ "ANALYZE", "ADVERTISE", "MODERATE", "CREATE_CONTENT", "MANAGE" ] } ], "paging":{ "cursors":{ "before":"MTM1MzI2OTg2NDcyODg3OQZDZD", "after":"MTM1MzI2OTg2NDcyODg3OQZDZD" } } }Facebook has an option for getting long-lived access tokens for apps to avoid triggering Facebook's automated spam systems.
Apps that:
At a high level, you obtain a long-lived token for the client by:
Query the GET oauth/client_code endpoint. The redirect URI must be the exact value you set in your app dashboard under the Facebook Login > Settings Client > OAuth Settings card.
curl -i -X GET "https://graph.facebook.com/{graph-api-version}/oauth/client_code? client_id={app-id}& client_secret={app-secret}& redirect_uri={app-redirect-uri}& access_token={long-lived-user-access-token}"
{ "code":"{code-for-your-client}" }Once you've retrieved the code from Facebook's server you then need to ship it to the client via a secure channel. Once that's done, you need to make a request from the client to the /oauth/access_token endpoint:
curl -i -X GET "https://graph.facebook.com/{graph-api-version}/oauth/access_token? code={code-for-your-client}& client_id={app-id}& redirect_uri={app-redirect-uri}& machine_id= {your-client-machine-id}"The machine_id is an optional parameter that identifies and tracks clients and is used for security and spam prevention. It is a per client not per user value.
If you have previously made calls to get a code and been provided a machine_id you should include in your code request.
{ "access_token":"{long-lived-access-token}", "expires_in":5183944, //The number of seconds until the token expires "machine_id":"{your-client-machine-id}" }The workflow for generating a long-lived token is as follows:
A token is a mandatory element of any ICO project. The token is one of the cornerstones of crowdfunding and is essential to attract additional investment to the project. Facebook has something similar. The company has issued a Page Access Token. To get it, you need to perform a number of certain actions.
We will also tell you where to get the longest option. nineOl000 : features
Access Token is translated into Russian as an access token. Login through Facebook is carried out when the user has entered a personal login and password.
The system then grants the requested permissions. nine0003
The application receives a special access token. And this ultimately secures the Facebook API. The published Facebook app has the given number of IDs:
An access token (token) is required to maximize the functionality of the application.
Access tokens (AM) are software objects of the operating system of the Microsoft Windows segment. Objects contain session security information that securely identifies a group of users. Tokens are needed to obtain certain user privileges. There are several varieties of access tokens:
Code example
Sample code
{app-id}|{client-token}
Example:
access_token=1234|5678
Tokens are also divided into short-term and long-term.
The duration of short-term tokens in most cases ranges from 60 to 120 minutes. Long-term tokens are usually valid for up to two months. However, users should also take into account the factor of a possible technical failure, as a result of which the process of the marker may end earlier, moreover, the disappearance will occur without warning. However, it is worth noting that the developers are actively working to eliminate this shortcoming. nine0003
If the Facebook token is used for parsing, then for the success of this process, you need to master several different techniques. This process supports various functions:
Sample code
Sample code
Sample code
Read more here: https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens. nine0003
Users can also transfer access tokens. With the help of identifiers, you can send calls to Facebook servers.
Personal servers, mobile clients, and browsers are suitable for this process.
First you need to get a token. The algorithm for getting it on Facebook is very simple. The procedure will not take much time. And the sequence of actions is as follows:
This whole process usually takes no more than three minutes.
So how do you renew your token? The order of related actions is as follows:
How to check the correctness? The best way to check this is in the "Debug" function. Or go to Debug, which contains detailed information about a specialized accounting unit.
For the page, the mechanism for obtaining full authorization is also very simple. Access token primarily provides the ability to parse information from Facebook pages. nine0003
The sequence of actions is as follows:
Checkout Continue Shopping
x
Aladdin RD Antivirus Authentication authentication video surveillance video surveillance for home video surveillance for office videos GIS housing and communal services GOST EGAIS ESIA Information protection Instruction Taxpayer cabinet Kontur.Focus CryptoAPM CryptoARM CryptoPRO CryptoPRO CSP CryptoPro CSP CEP Notariat Personal data Submission of documents to the court Rosreestr Rutoken Certificate of signature time tracking system Download CryptoARM for free skud Insurance card reader Tokens smart intercom UEC FSRAR Time stamp Electronic signature electronic signature Electronic document management electronic key Facebook has announced the launch of a new feature for a higher level of protection for personal accounts.
Now social network users can authenticate on the site using a special physical drive that works according to the Universal 2nd Factor (U2F) standard and acts as an electronic key.
To log in to their Facebook page, the user needs to insert their unique U2F token into the USB port to unambiguously confirm that they are the owner of the account. nine0003
This authentication method is not only considered more reliable, but also more promising than SMS authentication. It is also important to note that signing in with a U2F token is faster than other account security methods.
Currently, U2F tokens are already used to protect accounts in services such as Google, Dropbox, GitHub, Salesforce, etc.
Earlier on our site we already wrote about the Universal 2nd Factor (U2F) standard. You can read the articles by the #U2F tag. nine0003
Purchase a JaCarta U2F token from a domestic manufacturer of CJSC "Aladdin R.
