What are the Steps to getting a Long Lasting Token For Posting To a Facebook Fan Page from a Server

Question

I have a Business Page in Facebook (known as a Fan Page in Facebook vernacular).

I want to post to that Page whenever a user takes a certain action on my app. I want to post as the Page itself rather than a user (i.e. from my personal account). The post will come from my outside server (I am using restFB).

I have gone through the steps of authorizing my personal account with appropriate manage_pages permissions for the Page. I have also gotten an access token for the page. I have even been able to post to that page as the page as I wanted to. The problem is that the token that I get (through their developer tools graph explorer) has an expiration of an hour. I need it to last much longer than that, preferably forever.

I've looked around the internet, including SO for the answer and most posts point back to the horrid FB docs or make vague references to hooking my outside application to a facebook application and posting through that. I've tried to make that work but I am confused by the whole process, quite frankly (what is a callback address, for example?).

Anyway, I'd love to see step by step instructions in plain English on getting a long lasting access token that I can use to post from one application to a facebook Fan Page.

Please do not refer to the FB documentation. It is terrible. I've been through it a dozen times at least.

Thank you.

Answer 1

Here are some steps you can follow to get a never expiring token for your fan page:

1. Firstly, you need to get the long lived user access token (that expires in 2 months). To get this, make the following call:

   GET /oauth/access_token? grant_type=fb_exchange_token& client_id={app-id}& client_secret={app-secret}& fb_exchange_token={short-lived-token}
   

   More details here. Let me know if you had any difficulty with this.

2. Get the never expiring access token for your page using the token you obtained in the above step (not the normal token, that's the main difference here):

   $facebook->api("/PAGE_ID?fields=access_token");
   

So the concept is, to get the long lived page token you should use the long lived user token while making the call.

Answer 2

@Shadowfax is complety right. Just to complete the workflow:

1. Get the short term user access_token with the facebook login, and with the manage_pages permission.
2. Send this short term user access_token to your server

3. From the server, make the @Shadowfax request:

   GET /oauth/access_token? grant_type=fb_exchange_token&client_id={your-app-id}& client_secret={your-app-secret}&fb_exchange_token={short-lived-user-access_token}

   with host graph.facebook.com and port 443.

   You have to make this request from the server because it contains your app secret key.

4. From the server, you now are able to query facebook by replacing the user access_token by this long-live version

5. From the server, obtain the page access_token by using your long-live user access_token, either by querying the user account:

   GET /{user-id}/accounts?access_token={long-live-token}

   You will obtain all the user's pages with their id and access_token.

   Or you can querying directly the specific page if you already know its page_id

   GET /{page-id}/?fields=access_token&access_token={long-live-token}

As @Shadowfax said, this page long-live token will last forever, as long as the user (you) doesn't revoke your app permission.