Facebook Access tokens and how to get them

Facebook Access tokens and how to get them

A short discussion on what the purpose is of the different Facebook Access tokens, how long they are valid for, how to get hold of them and how to check them for validity.

The general perception is that Facebook is interacted with by people either directly on the Facebook website or via the Facebook App installed on one or more of your mobile devices. However, Facebook is way more than that.

I am sure everyone heard about the recent issues with a private company that got hold of tens of 1000’s of peoples information. That despite the Facebook users setting their privacy to protect their information. How was that even possible and why is Facebook blaming the company?

The answer is simpler than you would imagine. You gave the company access to your information.

The question is when and how.

What is a Facebook Access Token and Why do I need one?

Facebook allows developers (developers) to write programs (apps) that can be installed on your mobile device to do whatever the app does, play games inside Facebook or “pull” content into a website from Facebook. To be able to interact with your Facebook information/posts, the app needs to get special access from Facebook to be able to do this. This special access comes in the form of a unique “token” issued by Facebook. This token is linked to a specific app and approved “permissions” that the app will ask from you to gain access to. 

Different Tokens

  1. Short-Term Tokens
    These tokens are issued when you log in and usually expires after 1 hour.
  2. Extended Tokens
    These tokens are “Short-Term” tokens that have their life extended to 2 months. You might have noticed that Facebook on your mobile device would from time to time request you to re-login. This is due to the “Extended Token” expiring.
  3. Never Expire Tokens (Permanent Tokens)
    As the name indicates, this token will never expire and give the app permanent access to the permissions requested from the user. That is why it is a good idea to, from time to time, check your facebook security settings and make sure there are no apps hanging around that does not need access to your personal information.

Normally, before an app can go “live” the developer will submit the app for approval to Facebook. This approval process is rather strict and all sorts of information need to be supplied and usually needs to include a video explaining why certain permissions are needed.

In some cases, Facebook will reach agreements with “select companies” and allow more than the usual freedom to get user information. The requirements are very strict and very few companies are able to gain that status of “partnership” with Facebook.

In the case of XMS Systems, we will only require the website to post content to the related Facebook page and possibly pull in the photo galleries. No general Facebook user information will be accessed so, therefore, our app will not be submitted for approval and never go live to the general public.

How to get these Facebook Access tokens?

First, you will need to set up your app as described in this article.

  1. Open the Facebook Graph API Explorer. This tutorial will be based on the new version that is currently a BETA version.
    Facebook Graph API Explorer BETA
  2. Under “Access Token”, select your “Facebook App” from the list. (if you have more than one app)
    Select Facebook App
  3. Select the “type” of Facebook Access Token you require. In our case a “Page Access Token”
    Select User or Page Token
  4. Select the “Page” you want to access from the list.
  5. Select the permissions you require
    Select Facebook Access Permissions
  6. Copy your generated “Short Term” facebook access code.
    Short Term Facebook Access Token​​​​​​
  7. Extend this “short Term” token and
  8. then generate the “Never Expire” token using the “Never Expire Access Token Generator” available from XMS Systems to do both at same time with a single click.
Written by:  - 23 Dec, 2018  
comments powered by Disqus