App settings to access the Facebook Graph API

Facebook App settings to access its Graph API

Permitted data can be used programmatically queried or retrieved using the Facebook Graph API platform.

Introduction the Facebook Graph API

The Facebook Graph API is a platform that allows permitted data into and out of the Facebook platform. “It’s a low-level HTTP-based API that Apps can use to programmatically query data, post new stories, manage ads, upload photos, and perform a wide variety of other tasks.”

An API (application programming interface) is the interface (I) between a programmed request (P) and, in this case, Facebook (A). By using the Facebook API, various programming languages can be used to query (send/receive) data to Facebook pages. Facebook processes these queries through its Apps infrastructure. To be able to make these queries, an Access Token will be required.

Identification and authorisation to the Facebook Graph API are done through the Facebook App infrastructure. By using an App, the type of permissions can be authorised. Facebook has many different permission, e.g, permissions for posting to a page is but one of them.

After setting up a Facebook App the following basic information will be obtained:

  • App ID (auto-generated by creating the App, serving as a unique identifier of the Application that will handle and process the request – in the form of a numbered string)
  • App Secret (auto-generated by the App, serving as the Application’s ‘password’ – in the form of a string)
  • Access Token (generated code that will contain information about who is accessing the App and what privileges they have – in the form of a long string) – this post will show how to get a permanent ‘non-expiry’ access token.

After obtaining the App ID, App Secret and API version from the created App, the Facebook Graph API explorer will be used to generate the Access Token.

Assumptions and requirements

This process will get an access token to be used by you (the admin of the App). Apps that are to be used by the public will need to be activated and will need approval from Facebook in some cases.

During the Facebook Apps setup process, a web address and privacy policy URL will be needed. You might get away with using the same URL for both these fields. If you don’t have at least a unique website address one of many free online website services can be used.

Creating a Facebook App

The first step is to create a Facebook App. While logged in to your Facebook user account, go to the Facebook Apps dashboard. If you are not yet registered as a developer, click the blue Register button and follow the instructions.

Create Facebook App

Create Facebook App

A Facebook developer can create multiple Apps. To create an App, click on the green +Add a New App button and supply all the required details before clicking on the blue Create App ID button. Although this can be changed later on, the Display name will be used as the publisher for posting to Facebook. Complete the security check.

There is no need to add any products yet. From the new App’s Apps dashboardgo to Settings -> Basic. This page will give you a self-populated App ID and App secret. Copy or write them down in a safe place. Continue by supplying the following basic requirements:

  • Contact Email and Privacy Policy URL (required to make the App public)
  • Upload an image to identify the App visually
Facebook Apps dashboard

The Facebook Apps dashboard

Click on +Add Platform (at the bottom). Multiple platforms can be added per App. Python-related calls from Raspbian do not seem to need a platform, but the Web or Server-to-Server platform is mostly used. After adding certain platforms, additional fields might be required. When adding a Website, the App Domains also need to be completed.

After the form has been completed, click on the blue Save Changes button at the bottom.

All Facebook Apps are in ‘Development’ mode by default. In order to make the App available to the public, it needs to be activated. If the App is only to be used by yourself (the administrator of the App), then activation is not always necessary.

To activate the App, go to App Review in the new App’s Apps dashboard and toggle the Make Your App Public button from No to Yes. Choose a category and press the blue Confirm button. Depending on the permissions required, you might need to have your App reviewed for approval.

Make Facebook App public

Making the Facebook App public.

Now that the App is live and available to the public a Facebook access token needs to be created. Before this is done, the App version also needs to be noted down. The App version can be seen under the Advanced settings section (Settings -> Advanced).

Upgrade API version

Facebook Advanced Tab.

Different API versions have different functionalities. Facebook might update their API version from time to time to add functionality, but also occasionally to remove abilities. The App Contact Email address will be used by Facebook to communicate significant changes to developers. As Facebook will very likely deprecate older versions over time, it is probably better to use the latest API version available. This section can also be used to upgrade the App’s API version in the future.

No other advanced settings are required.

There should now be a green dot next to the new App’s name. Copy and paste these values somewhere. You don’t have to submit the app for review.

Creating a Facebook access token

When a request, together with the Facebook access token (also known as the Facebook OAuth token), is sent to the App, the access token will tell the App who is sending the request (either the user account holder or a Facebook page) and what privileges that sender has. By using the App ID, App Secret and API version obtained from setting up the Facebook App itself, the next steps will create a ‘short-lived’ access token. Additional steps will convert this to a ‘long-lived’ one, and ultimately to a ‘non-expiry’ one.

From the Graph API Explorer in the Application drop-down, choose the App for which the access token is for. In this case, it will be the new App created above.

Get a Facebook user access token

The Facebook Graph API Explorer

Click on the Get Token button and choose Get User Access Token.

A permissions section will pop up. After choosing the required permissions click on the Get Access Token. A message confirming the actions you just allowed will show. Also, confirm permission to post on your behalf. Choose whatever you want, but posting Publically will give maximum visibility. Click Ok.

Posting to a page: To create a User Access Token that allows posting to a page, select manage_pages and publish_pages before clicking on Get Access Token. These permissions will allow the App to publish posts acting as yourself. For more info about permissions, see Facebook’s Permissions Reference page.

Since the last update, to be able to use manage_pages and publish_pages the App needs to be submitted for review and approval.

The Graph API explorer will generate a ‘short-lived’ access token. These tokens typically only last for about 2 hours. ‘Long-lived’ tokens only last about 60 days. To convert a ‘short-lived’ token into a ‘long-lived’ one, copy the following link into the web address section of your favourite web browser and replace the {indicated values}:

The web browser will show the following:


The Graph API Explorer section can be a scary place at first, so if you don’t see the result above or made a mistake somewhere, go to the App Settings page to delete the permission actions you just created. This will not delete your App itself, so you can just start over with the token creation process.

This new access_token is the ‘long-lived’ token. Temporarily copy it somewhere and also copy it into the Access Token Debugger to see the Expire field.

In order to get a ‘non-expiry’ access token, you will need your account ID. The account ID can be obtained by copying the following link to a web browser (replace the {indicated values}):{3.0}/me?access_token={LONG_LIVED_ACCESS_TOKEN}

Lastly, copy the following link to a web browser again (replace the {indicated values}):{3.0}/{ACCOUNT_ID}/accounts?access_token={LONG_LIVED_ACCESS_TOKEN}

All your Facebook pages will show up on this page. Look for the relevant page using the Name field. This will give a final ‘non-expiry’ access token. It can be tested again with the Access Token Debugger.

Copy this Access Token somewhere together with the App ID and App Secret (and API Version).

To verify the App permissions paste the following link to a browser (replace the {indicated values}):{ACCOUNT_ID}/permissions?access_token={APP_ID}|{APP_SECRET}


The Facebook Graph API is a platform that allows permitted data into and out of the Facebook platform. The HTTP-based API can be used by Facebook Apps to query data, post new stories, manage ads, upload photos, and perform a wide variety of other tasks. This post showed how to configure App settings to access the Facebook Graph API

Leave a Reply

Your email address will not be published. Required fields are marked *