I'd like to display a list of public Facebook events that I post on a separate webpage so it's easier to keep updated - just update Facebook and the next call to the graph API shows my current events.
I've got the javascript SDK working on the page, but the graph API seems to always want an access token for me to request any data, even public stuff. I obviously don't want a user to have to log in to my web page just to see some events. Is there a way to request public event data without an access token? Or can I add a hardcoded access token that is only available for use by my Facebook app?
I just checked and, no, you can't access public events without a token.
But yes, you can have an access token just to retrieve this (for instance, if you already have an app, you can use your user token for it).
My suggestion is that you access the graph api only once after you add/update your events, and store the result in a static place (json, db, static file, etc) so that you can easily show it when needed instead of making requests to the graph api every time.
Related
I'm new to programming/development/APIs, so forgive me if I use any terminology incorrectly.
I'm building a simple web app (with JS) that pulls data from a third-party API. The third-party API requires an access token to make all calls.
There are a few different methods to get the token, but according to the API documentation (and what I've been reading about tokens), I should be using the Implicit Grant type to get a token that requires the user to re-authenticate every hour (or the next time they log-in.)
I'm storing the Access Token in Local Storage whenever I obtain it and use it to make calls to the API accordingly.
The web app is, in theory, just supposed to write the authenticated user's data (obtained from the API) to the page. The scope of the token is strictly limited to a property called owner_read. (See specific call with permission in the API Docs here.)
The issue I'm having is that I realized that the access token generated can be used maliciously. The token generated with the scope of owner_read can also be used to make a call to the server and retrieve the data of every customer in the database. (See specific call in the API docs here.)
This is concerning — I don't want a user to be able to take an access token meant to originally just show a single user's information (the person who is in the web app) and make calls to the server and obtain ALL user data.
My question is: since I cannot limit my scope anymore, how can I prevent the token from being used in other calls?
I want to grab the posts from a public Facebook group using the Facebook api. I have been reading the documentation and I haven't found a way to grab that data without logging in. But using the graph explorer I do not need to log in to get the data so there must be a way.
Is there anyway to do this using the javascript Facebook api?
you can use,
https://graph.facebook.com/fbusername/posts?fields=full_picture,message,created_time&date_format=F/d/Y&limit=10&access_token=useapptoken
you can use App token instead user access token.
I have a web application that gets information from different platforms which is working fine. I want to get ratings of a public Facebook page without login and without any access token using javascript. Is there any rest API or open API which can help me get these ratings without all heck of login and access token ?
https://developers.facebook.com/docs/graph-api/reference/page/ratings/
A Page Access Token is required for all methods.
That means, you have to manage the Page if you want to get the ratings with the API. There is no way to get ratings for any public Page if you don´t manage it.
Does anyone knows how to get google refresh and access token for google contacts api v3? I can authenticate, sync my contacts, but dunno what happens when my access token expires, and never get refresh token from google api.
Does anyone have this problem?
How you deal with refresh depends on which "flow" you are using. If it's a Javascript/client flow, just get a new access token the same way you got the first one (probably by calling gapi.authorize).
If you're using server flow, you can use the same approach, or you can request and store a refresh token. To get a refresh token, specify "offline" in your original authorization request.
A general tip when using oauth... deal with the oauth stuff separately from the specific API you're using (contacts in your case). This page https://developers.google.com/accounts/docs/OAuth2 (and the sub-links off it) contains all you need to know.
So I am confused on the new FB requirements for querying public events(for instance getting the start time), and it seems I am not the only one, even Facebook's own examples no longer work.....
Anyway, I would like to be able to query some public events and display the information on my site without requiring the user to be logged into facebook(since the information is public, that should be possible, since if I go directly to the Facebook page while logged out of Facebook, I can see all the information I want to query), but this doesn't seem possible to do(safely) on the client side anymore.
In order to use the graph API to query events an access token, either user, app, or page manager, is required. But if the user is not logged in then obviously I cannot use their access token, and publishing my app or page manager access tokens is a recipe for disaster, so how can I query public event data on the client-side without requiring the user to log in?
From the Facebook Event API page:
Starting July 5th, an access token will be required to access even
public events. To read an Event, you will need one of the following:
a user access token for a user who can see the event an app access
token (for non-public events, must be the app that created the event)
a page access token (for non-public events, must be the page that
created the event)
Bummer, it looks like this policy was just revised a week or two ago. :-/