Menu
(Disclaimer: The access_tokens and appIds in this post are fake and are just intended to look real)
I'm trying to generate an access_token using the call to the following:
https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=123456789000000&client_secret=03252f2ff1eddffe234a0dc7256abb8c
That gives me an access_token in this format:
access_token=123456789000000|TR528Smvi4AXMM21Zhmi5XmJwmk
If I try to access a fan page that's protected with that token like this I get false back: http://graph.facebook.com/109813019043531?access_token=123456789000000|TR528Smvi4AXMM21Zhmi5XmJwmk
Now, if I use the Graph API Explorer and select the same App as the one I'm using above to generate the access token I get an access token that looks like this:
ABBDSqE43jFSSbrS7ujvyLZClfyKDCZBhAuLXTtr9nwelj4MFwlijzejljEoNItC3lijzm3shemzq3jDFCdAZD
If I use that access token to access the URL (http://graph.facebook.com/109813019043531) it works as expected.
My question is, what is the difference between the two and how can I programmatically generate one that works like the second token?
353
Please click on Facebook Ads Extension, Manage Settings, go to Advanced options and click on Update token.
You can simply request https://graph.facebook.com/me?access_token=xxxxxxxxxxxxxxxxx if you get an error, the token is invalid. If you get a JSON object with an id property then it is valid. Unfortunately this will only tell you if your token is valid, not if it came from your app.
An access token is an opaque string that identifies a user, app, or Page and can be used by the app to make graph API calls. When someone connects with an app using Facebook Login and approves the request for permissions, the app obtains an access token that provides temporary, secure access to Facebook APIs.
The first one you show is an APP access token. The second one from Graph API Explorer is a USER access token. There is a third type called PAGE access token. Each do something different.
APP access tokens are used to get information that your app is privileged to access. And in some cases where publish_stream is granted from an app user, you can use it to post to that user's wall, without needing a USER access token.
USER access tokens are given to your app and they relate to the permissions a specific app user has granted to your application so you app can act on their behalf.
PAGE access tokens are given to page admins so they can act on behalf of the page. To go from a user access token to a page access token, call /me/accounts using the user access token to get a list of pages they admin along with each pages access tokens.
If you have an access token and you want to know more information about it, lint it at https://developers.facebook.com/tools/lint
For more information on access tokens see: https://developers.facebook.com/docs/authentication
98
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
