Facebook API Question posted in
The official documentation for the Facebook APIs can be found here.

Facebook pages API: "Page Public Content Access" review screencast

My website uses Facebook Page API to pull public content from a Facebook page, published by the page owner, to create a dynamic blog with a clear link to the Facebook page.

You can see it here in action: https://kc-hrubeho.cz (ctrl+F “Facebook”). Yellow button “Načíst další” works as an AJAX pagination. Sorry for the Czech language, this website unfortunately does not have an English version.

I’m using this URL to get JSON object of the page content: https://graph.facebook.com/<PAGE-ID>/feed?access_token=<TOKEN>&limit=10&fields=message,link,attachments,created_time,full_picture,picture,timeline_visibility

Right now it works, but App review FAQ states this:

My app used to access public content on pages, am I affected by the v3.0 changes?

Yes. Apps that access content of public pages need to request Page
Public Content Access feature and require review by Facebook.

Also, there is this notice:

In order to maintain your current API access, your app will need to be
submitted for review by August 1, 2018.

I’ve filled out the form for review. One of the required items is “the screencast”.

We need to see your app using Page Public Content Access so we can see
that it doesn’t violate our policies. Upload a video screencast
walkthrough using any method, (even recording with your phone). You
must show:

  1. How a person logs in with Facebook
  2. How a person sees this feature used in your app

More detailed instructions about the screencast state this however:

You do not need to submit your app if it will only be used by you or
by a reduced number of people. Any account listed in the Roles tab in
your App Dashboard, such as admins, developers and testers, can access
all permissions and generate a user or page access token.

You can use any of these accounts to test your app and create a
screencast.

This is incredibly confusing. My questions are:

  1. If my code access the Pages API and shows the result on my website, is it “used by reduced number of people”?

  2. If I do not need to create a screencast, how can I apply for a review? Do I even need it (meaning “will my token work after 1st August”)?

  3. If I do need a review with a screencast, what exactly should I record in my case? Should I just stitch a few screencasts of my code and the website to a single video? That, imho, sounds just bonkers. 🙂

  4. Is there a different endpoint all together (which would not require a review or the screencast) that I should use, if I only need to read the data of my own page?

  5. My old applications are working right now (not sure about August 1, see above). For applications with the same purpose (just to read public content of FB page owned by the owner of application) created after all the fuss with reviews, will there be the same rulset as is for the old ones?

Thanks in advance!

Edit

This is what I’ve heard from the group moderator of official FB support group Facebook Developer Community:

You can use an app in dev mode to retrieve the feed for pages you are
admin of. […] I don’t know if August 1 will change the current
behavior or if the current behavior is even the intended behavior.
[…] Actually I never met a person that was able to predict what will
happen in 90+ days … most experts even fail to predict tomorrow’s
weather 😉 Seriously, I don’t know …

Very frustrating, but so far the most specific answer I got.

Tags:

6

Answers


  1. 0

    If my code access the Pages API and shows the result on my website, is it “used by [a] reduced number of people”?

    You are most likely the only consumer of the API in your application. Since it’s an AJAX call in the background and not a login based application, the “reduced number” situation should apply.

    If I do not need to create a screencast, how can I apply for a review? Do I even need it (meaning “will my token work after 1st August”)?

    As long as the app developer and page admin roles are shared, switching the app to development mode will ensure it will keep working.

    “If your app is in dev mode you should be able to get page access tokens with any permission for anybody who has a role on your app. If you just want to manage posts on your own page or the pages of users who have roles on your app, you’ll be able to do so in development mode without submitting for app review.” – Response from Facebook Developer Support at https://developers.facebook.com/support/bugs/2029233277148530/ (private report by me)

    If I do need a review with a screencast, what exactly should I record in my case? Should I just stitch a few screencasts of my code and the website to a single video? That, imho, sounds just bonkers. 🙂

    See previous.

    Is there a different endpoint all together (which would not require a review or the screencast) that I should use, if I only need to read the data of my own page?

    Using the page feed endpoint (/PAGE_ID/feed), while having a user who both is a developer on the app and has a role on the page should work, as long as the app is in development mode.

    My old applications are working right now (not sure about August 1, see above). For applications with the same purpose (just to read public content of FB page owned by the owner of application) created after all the fuss with reviews, will there be the same rul[e]set as is for the old ones?

    The August 1st deadline is for a specific set of permissions

    • user_friends
    • user_link
    • user_gender
    • user_age_range

    It should work the same since these aren’t needed to show the page posts.

    Use a user or page token with manage_pages access, since the app token cannot identify whether you have a role on the page.

    Yes, this will mean you will have to implement a way to either refresh the user token or ensure the extended page token doesn’t invalidate in the background.

    HTTP GET /page__id_owned/feed?access_token=APP|TOKEN

Response
#10) To use 'Page Public Content Access'...

HTTP GET /page__id_owned/feed?access_token=access_token_no_manage_pages

Response
#10) To use 'Page Public Content Access'...

HTTP GET /page__id_owned/feed?access_token=access_token_manage_pages

Response
{
  "data": [
    {
      "created_time": "2018...

HTTP GET /page__id_NOT_owned/feed?access_token=access_token_manage_pages

 #10) To use 'Page Public Content Access'...

    Public Page Content is not directly related to your use case, that is, you do not use “Public Page Content”. This is for a scenario where you are analyzing public content as a data firehose, see the common usage section at https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS.

    “Page Public Content Access, on the other hand, is an app-level feature for read-only access to anonymized public data including business metadata, public comments, posts and reviews for a public page (not owned by any developer on your app).
    https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS” – Response from Facebook Developer Support at https://developers.facebook.com/support/bugs/2029233277148530/ (private report by me)

    Login or Signup to reply.
  2. 0

    FYI if you make it past screencast blocker you still need to go through business verification. Should you get past this I don’t know what else you have to defeat to clear app review gauntlet.

    App Review Step 2 – Business verification required
    The permissions and features review is complete. Next, we’ll verify your business.

    To do this, you may need to provide documentation like a business
    license or utility bill.

    Login or Signup to reply.
  3. 0

    After a lot of struggle with FB direct support and FB Dev Community Group I found a way to get my FB Page public posts without having the infamous Page Public Content Access for which I had to create a screencasts with some comparisons of two different pages (?!).

    So, in few simple steps:

    1. Get your User Access Token for desired app from this nice FB tool
    2. Create Page Access Token like described in Page Acces Tokens Documentation. But be sure to not skip the part ... using the access token .... That means that your request should look like GET /{page-id}?fields=access_token&access_token=USER_ACCESS_TOKEN_FROM_STEP_1
    3. Then use Access Token Debugger to debug your brand new Page Access Token that will expire in an hour. At the bottom you will see the blue button saying Extend Access Token. Hit that and there you go – the never expire Page Access Token
    4. Use it to get the Facebook Page public posts on FB GRAPH /page-id/posts?access_token=PAGE_ACCESS_TOKEN

    UPDATE

    If you have trouble with step 2 (I had with some older apps) try using this tool https://developers.facebook.com/tools/explorer

    Login or Signup to reply.
  4. 0

    Having gone through this process recently with a successful outcome, here’s what worked for me, hopefully it’s useful to some:

    1. Business Verification

    This process was fairly straightforward, I provided all required information and supporting documents. After being declined once for insufficient prove of the company address I’ve uploaded a couple other documents and got the verification (there was no obvious reason why the first one wasn’t sufficient but the others were).

    2. Screencast

    This is obviously the tricky part, but this is what worked for me:
    I’m gathering data using a webservice and storing it in a database. This data is then visible in a mobile app, so I’ve provided them with login credentials to my app.
    To mock the behavior of my webservice getting public data from Facebook, I’ve created a fake Facebook page, to the data of which I have access without the PPCA, in developer mode.
    In the recording I somewhat follow their Server to Server example. I show my database with a sample entry and then my fake Facebook page holding the data I want to gather. Then I run my webservice and show that the data from my page is now in my database. Finally I explained how to navigate to this exact dataset in my app. That’s it.

    This was rejected once when I didn’t include access to my app (I only showed the data in my database).

    As a final note, even though the events edge is listed in the pages API to which you get access with the PPCA, you still can’t access it (i.e. /pageID/events). So if you’re looking to get event data, no need to bother with PPCA.

    Login or Signup to reply.
  5. 0

    If the page is not yours or if you are not the admin of the page, Facebook doesn’t allow you to access the data. I had asked them and this was their response:

    "Ok. If the news is retrieved from your own Facebook page, rather than
    a public page that you don’t own, you can use the pages_manage_post
    and pages_read_user_content permissions.

    Unfortunately, I’m afraid there isn’t a permission that can allow you
    to give your users public pages news. You can only give news from your
    own Facebook page."

    Initially i had applied for Page Public Content Access permission.

    Login or Signup to reply.
  6. 0

    some of these steps metioned here doesn’t work anymore in 2022. If you are struggling to get public posts from your public FB page using server-side API access, this helped me to get Page Access token, that never expires: https://medium.com/@blienart/get-a-permanent-facebook-page-access-token-a96470dc03ca

    Step-by-step tutorial:

    1. You need FB developer account and you have to be admin of your FB page you want to read feed from. Create Facebook app with ‘pages_read_engagement’ and ‘pages_show_list’ permissions (no need to review the app).

    2. On https://developers.facebook.com/tools/explorer/ select your FB app name and "User Token" value on the right. Below select ‘pages_show_list’ and ‘pages_read_engagement’ permissions and click "Generate Access Token". Copy the generated token.

    3. On https://bnjis.github.io/Facebook-permanent-token-generator/ fill in your FB app ID, FB app secret key, your copied User Access Token and click submit. This will generate token, which should not expire.

    You can use the final token in you server-side app along with FB app id and FB app secret to access your public FB page posts. In my case, the PHP implementation looked like this:

    $appId = 'xxx'; // Your FB App ID, you have to be it's admin
$appSecret = 'xxx'; // Secret key of your FB app
$accessToken = 'xxx'; // Access token generated in step 3
$fbPageId = 'xxx'; // ID of your Facebook page, you have to be it's admin

// This is an official PHP SDK: `composer require facebook/graph-sdk`
$fb = new FacebookFacebook([
    'app_id' => $appId,
    'app_secret' => $appSecret,
    'default_graph_version' => 'v15.0'
]);

try {
    $response = $fb->get('/' . $fbPageId . '/feed?fields=permalink_url,created_time,message,full_picture&limit=20', $accessToken);
    if ($response instanceof FacebookResponse) {
        $data = $response->getDecodedBody(); // Array of your FB page posts
        // further processing
    }
} catch (Exception $e) {
    // Exception handling
}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search