Facebook pages API: “Page Public Content Access” r

2020-02-02 04:28发布

问题:

My website uses Facebook Page API to pull public content from a Facebook page, published by the page owner, to create a dynamic blog with a clear link to the Facebook page.

You can see it here in action: https://kc-hrubeho.cz (ctrl+F "Facebook"). Yellow button "Načíst další" works as an AJAX pagination. Sorry for the Czech language, this website unfortunately does not have an English version.

I'm using this URL to get JSON object of the page content: https://graph.facebook.com/<PAGE-ID>/feed?access_token=<TOKEN>&limit=10&fields=message,link,attachments,created_time,full_picture,picture,timeline_visibility

Right now it works, but App review FAQ states this:

My app used to access public content on pages, am I affected by the v3.0 changes?

Yes. Apps that access content of public pages need to request Page Public Content Access feature and require review by Facebook.

Also, there is this notice:

In order to maintain your current API access, your app will need to be submitted for review by August 1, 2018.

I've filled out the form for review. One of the required items is "the screencast".

We need to see your app using Page Public Content Access so we can see that it doesn't violate our policies. Upload a video screencast walkthrough using any method, (even recording with your phone). You must show:

  1. How a person logs in with Facebook
  2. How a person sees this feature used in your app

More detailed instructions about the screencast state this however:

You do not need to submit your app if it will only be used by you or by a reduced number of people. Any account listed in the Roles tab in your App Dashboard, such as admins, developers and testers, can access all permissions and generate a user or page access token.

You can use any of these accounts to test your app and create a screencast.

This is incredibly confusing. My questions are:

  1. If my code access the Pages API and shows the result on my website, is it "used by reduced number of people"?

  2. If I do not need to create a screencast, how can I apply for a review? Do I even need it (meaning "will my token work after 1st August")?

  3. If I do need a review with a screencast, what exactly should I record in my case? Should I just stitch a few screencasts of my code and the website to a single video? That, imho, sounds just bonkers. :)

  4. Is there a different endpoint all together (which would not require a review or the screencast) that I should use, if I only need to read the data of my own page?

  5. My old applications are working right now (not sure about August 1, see above). For applications with the same purpose (just to read public content of FB page owned by the owner of application) created after all the fuss with reviews, will there be the same rulset as is for the old ones?

Thanks in advance!

Edit

This is what I've heard from the group moderator of official FB support group Facebook Developer Community:

You can use an app in dev mode to retrieve the feed for pages you are admin of. [...] I don't know if August 1 will change the current behavior or if the current behavior is even the intended behavior. [...] Actually I never met a person that was able to predict what will happen in 90+ days ... most experts even fail to predict tomorrow's weather ;) Seriously, I don't know ...

Very frustrating, but so far the most specific answer I got.

回答1:

If my code access the Pages API and shows the result on my website, is it "used by [a] reduced number of people"?

You are most likely the only consumer of the API in your application. Since it's an AJAX call in the background and not a login based application, the "reduced number" situation should apply.

If I do not need to create a screencast, how can I apply for a review? Do I even need it (meaning "will my token work after 1st August")?

As long as the app developer and page admin roles are shared, switching the app to development mode will ensure it will keep working.


"If your app is in dev mode you should be able to get page access tokens with any permission for anybody who has a role on your app. If you just want to manage posts on your own page or the pages of users who have roles on your app, you'll be able to do so in development mode without submitting for app review." - Response from Facebook Developer Support at https://developers.facebook.com/support/bugs/2029233277148530/ (private report by me)


If I do need a review with a screencast, what exactly should I record in my case? Should I just stitch a few screencasts of my code and the website to a single video? That, imho, sounds just bonkers. :)

See previous.

Is there a different endpoint all together (which would not require a review or the screencast) that I should use, if I only need to read the data of my own page?

Using the page feed endpoint (/PAGE_ID/feed), while having a user who both is a developer on the app and has a role on the page should work, as long as the app is in development mode.

My old applications are working right now (not sure about August 1, see above). For applications with the same purpose (just to read public content of FB page owned by the owner of application) created after all the fuss with reviews, will there be the same rul[e]set as is for the old ones?

The August 1st deadline is for a specific set of permissions

  • user_friends
  • user_link
  • user_gender
  • user_age_range

It should work the same since these aren't needed to show the page posts.

Use a user or page token with manage_pages access, since the app token cannot identify whether you have a role on the page.

Yes, this will mean you will have to implement a way to either refresh the user token or ensure the extended page token doesn't invalidate in the background.

HTTP GET /page__id_owned/feed?access_token=APP|TOKEN

Response
#10) To use 'Page Public Content Access'...

HTTP GET /page__id_owned/feed?access_token=access_token_no_manage_pages

Response
#10) To use 'Page Public Content Access'...

HTTP GET /page__id_owned/feed?access_token=access_token_manage_pages

Response
{
  "data": [
    {
      "created_time": "2018...

HTTP GET /page__id_NOT_owned/feed?access_token=access_token_manage_pages

 #10) To use 'Page Public Content Access'...

Public Page Content is not directly related to your use case, that is, you do not use "Public Page Content". This is for a scenario where you are analyzing public content as a data firehose, see the common usage section at https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS.


"Page Public Content Access, on the other hand, is an app-level feature for read-only access to anonymized public data including business metadata, public comments, posts and reviews for a public page (not owned by any developer on your app). https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS" - Response from Facebook Developer Support at https://developers.facebook.com/support/bugs/2029233277148530/ (private report by me)




回答2:

After a lot of struggle with FB direct support and FB Dev Community Group I found a way to get my FB Page public posts without having the infamous Page Public Content Access for which I had to create a screencasts with some comparisons of two different pages (?!).

So, in few simple steps:

  1. Get your User Access Token for desired app from this nice FB tool
  2. Create Page Access Token like described in Page Acces Tokens Documentation. But be sure to not skip the part ... using the access token .... That means that your request should look like GET /{page-id}?fields=access_token&access_token=USER_ACCESS_TOKEN_FROM_STEP_1
  3. Then use Access Token Debugger to debug your brand new Page Access Token that will expire in an hour. At the bottom you will see the blue button saying Extend Access Token. Hit that and there you go - the never expire Page Access Token
  4. Use it to get the Facebook Page public posts on FB GRAPH /page-id/posts?access_token=PAGE_ACCESS_TOKEN

UPDATE

If you have trouble with step 2 (I had with some older apps) try using this tool https://developers.facebook.com/tools/explorer



回答3:

Having gone through this process recently with a successful outcome, here's what worked for me, hopefully it's useful to some:

1. Business Verification

This process was fairly straightforward, I provided all required information and supporting documents. After being declined once for insufficient prove of the company address I've uploaded a couple other documents and got the verification (there was no obvious reason why the first one wasn't sufficient but the others were).

2. Screencast

This is obviously the tricky part, but this is what worked for me: I'm gathering data using a webservice and storing it in a database. This data is then visible in a mobile app, so I've provided them with login credentials to my app. To mock the behavior of my webservice getting public data from Facebook, I've created a fake Facebook page, to the data of which I have access without the PPCA, in developer mode. In the recording I somewhat follow their Server to Server example. I show my database with a sample entry and then my fake Facebook page holding the data I want to gather. Then I run my webservice and show that the data from my page is now in my database. Finally I explained how to navigate to this exact dataset in my app. That's it.

This was rejected once when I didn't include access to my app (I only showed the data in my database).

As a final note, even though the events edge is listed in the pages API to which you get access with the PPCA, you still can't access it (i.e. /pageID/events). So if you're looking to get event data, no need to bother with PPCA.



回答4:

FYI if you make it past screencast blocker you still need to go through business verification. Should you get past this I don't know what else you have to defeat to clear app review gauntlet.

App Review Step 2 - Business verification required The permissions and features review is complete. Next, we'll verify your business.

To do this, you may need to provide documentation like a business license or utility bill.