I’m looking over this Facebook API documentation and it can’t be true that in order to read in a page’s public photos, you need to ask the user for permission to connect with THEIR Facebook account?
Something like this fails.
/* make the API call */
FB.api(
"/{album-id}",
function (response) {
if (response && !response.error) {
/* handle the result */
}
}
);
Error says:
"An access token is required to request this resource."
So then now I can’t find a way (that isn’t out of date) to have an API call get an access token without prompting the visitor to accept anything.
What am I overlooking?
Update: this works. And I know not to store the app secret on the client side.
FB.api(
'/{album-id}',
'GET',
{'access_token':'{app-id}|{app-secret}'},
function(response) {
/* handle the result */
}
);
2
Answers
If it’s a “public” photo/album, you may use an app access token (
<APP_ID>|<APP_SECRET>
can be used as the app access token but you should never expose an app secret on the client side, its like a password to your application) to query for the same.If the Page is not restricted by age or location, you can use an App Access Token (App-ID|App-Secret). If the Page is restricted, you can authorize a Page Admin with the
manage_pages
permission and request an Extended Page Token – it is valid forever, as the App Access Token.More information about Tokens:
Important: You should not use those Tokens on the client, the are always meant to be kept secret. You should use the Token on the server and implement some caching, or you will hit API limits if you get a lot users/hits.