Facebook Access Tokens

The Facebook Pages Managed Source implementation follows the requirements for Facebook access tokens and will use any type of valid access token.

Which Facebook Access Token Is Right For You?

The Facebook API supports three types of access token; User, App and Page.

Each type of token has different properties. It is important to consider which type of token you will use each time you create a Managed Source to ensure the DataSift platform can fetch all of the data you require.

You need author information for interactions

Changes introduced in v2.11 of the Facebook API mean that author details for interactions (such as comments) are only available when using Page Access Tokens. On the 5th February 2018 this change will be applied to all Facebook API versions.

As a result of Facebook's API change, if you need author details for interactions you will need to use Page Access Tokens. Details on how to generate Page Access tokens can be found in the Facebook documentation.

Page Access tokens only allow access to the one page they are generated for. Therefore if you want to monitor multiple Facebook pages you will need to create a Managed Source for each page, associating a Page Access token for the relevant page.

tip icon

Note that you are charged for the number of Facebook pages you monitor, not the number of Managed Sources you run. Running two Managed Sources each monitoring one page costs the same as running one Managed Source monitoring two pages.

You do not need author information for interactions

For most use cases, author details are not important. If this is the case for you we recommend User or App Access Tokens as these tokens allow you to monitor many pages with one Managed Source.

For most use cases we recommend User Access Tokens as although the tokens expire after two months they allow access to interactions that are subject to location and age restrictions. App Tokens never expire but cannot access interactions restricted by location or age.

Note that the type of localization and the age restrictions applied by Facebook will depend on the location and the age of the user who creates the User Access Token. For example, when a User Access Token is created by a US-based user of legal age she or he will be able to receive interactions related to Facebook Pages that promote alcoholic beverages in the USA.

Instagram permission requirements

Facebook have an Application Review process when creating an Application or requesting new permissions. Therefore, you will need your application approved for all the Facebook application permissions listed below for each of the Instagram resource types you’d like to access. You may have some of these approved already.

Permissions

Our API has been updated to support the following new Instagram "resource types" on the Facebook Pages Managed Source:

  1. instagram: Receive posts, comments and mentions for an Instagram Business Account.
    Facebook app permissions: manage_pages, instagram_basic, instagram_manage_comments

  2. instagram_user: Receive posts for an Instagram Business Account that you do not manage/own
    Facebook app permissions: manage_pages, instagram_basic, instagram_manage_insights

  3. instagram_tag: Receive anonymised posts for an Instagram Account (both Business and non-business accounts) that match a specific hashtag
    Facebook app permissions: manage_pages, instagram_basic, instagram_manage_insights, Instagram Public Content Access

Obtaining access tokens

Using the DataSift dashboard

You can use the DataSift dashboard to set up a Facebook Pages Managed Source obtaining a user token in the process.

The process is explained in our Activate Facebook Pages Managed Source guide.

DataSift does not store your password or email address, but will store the User Access Token returned by Facebook. The token can be later obtained via a call to /source/get and reused in requests sent to /source/create and /source/update.

Using the Facebook API

Obtaining a Facebook User Access Token

You can use the Facebook API yourself to obtain a user access token. Facebook provides their own information about that process and there is more than one way of doing it.

If you obtain a token from the Facebook API, make sure you obtain a 2 month access token.

One way to obtain an access token is as follows:

  1. Log in to Facebook.
  2. Go to the Facebook Developer App.
  3. Click on the Add a New App button.
  4. Type the name of your new app into the Display Name text field. Enter a contact email address and select a Category for your app.
  5. Click on the Create App ID button.
  6. Perform any security checks that are requested.
  7. Open Facebook Graph API Explorer in a new window.
  8. Select the name of your App from the Application drop-down menu.
  9. Click on the Get Token drop down, and select Get User Access Token.
  10. Click Get User Access Token on the next dialog.
  11. Copy the string of text shown in the Access token text field.

    This User Access Token expires in an hour, which makes it of limited use for our purposes. Fortunately, you can extend it.

  12. Replace the 1-hour token with a 2-month token:

    The token extension request can be made using a web browser or a command like curl. For example, if your App ID is 012345678901234 and you App Secret is 01234567890abcdef01234567890abcdef and the 1-hour token is ABC the URL you need to send your request to would be:

    https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token& client_id=012345678901234&client_secret=01234567890abcdef01234567890abcdef&fb_exchange_token=ABC

    The access token you receive now will be valid for two months.

Obtaining a Facebook App Access Token

If you'd like to use an app access token, you will need to obtain a time-unlimited App Access Token.

Facebook provides their own information about that process and there is more than one way of doing it.

One way to obtain an access token is as follows:

  1. Log in to Facebook.
  2. Go to the Facebook Developer App.
  3. Click on the Add a New App button.
  4. Type the name of your new app into the Display Name text field. Enter a contact email address and select a Category for your app.
  5. Click on the Create App ID button.
  6. Perform any security checks that are requested.
  7. Copy the value of the App ID and App Secret settings for your new app.
  8. Make a request to the Facebook Graph API using the App ID and App Secret in the request.

    The request can be made using a web browser or a command like curl. For example, if your App ID is 012345678901234 and you App Secret is 01234567890abcdef01234567890abcdef the URL you need to type into your browser would be:

    https://graph.facebook.com/oauth/access_token?client_id=012345678901234&client_secret=01234567890abcdef01234567890abcdef&grant_type=client_credentials

Obtaining a Facebook Page Access Token

Please see the Facebook documentation.

Notes On Facebook Access Tokens

  1. If you already have a Facebook Pages Managed Source that uses an App Access Token you would like to reuse, call /source/get to retrieve it as you would retrieve a User Access Token.
  2. You can always check if your token is valid using the Facebook Graph API Explorer. Paste your key into the field next to the Debug button and click on the Debug button.
  3. Facebook Graph API Explorer can be used to verify token expiry time.