Extended Page Access Tokens with CURL

This is a follow up to my article about Access Tokens for Facebook. It is quite easy to generate an Extended Page Access Token with the PHP SDK, but being a big fan of the Facebook JavaScript SDK i try to avoid using the PHP SDK. So this is how you create an Extended Page Access Token with CURL only. Just in case you don´t know about those Tokens: They can be used to post to a Page (as the Page, not a User) or get the Page Insights – but the most important thing is that they don´t have an expiration date! You generate it once, store it in your database and use it forever.

First you have to authorize the user with the “manage_pages” permission:

Notes about the JavaScript Code:

  • Of course you need to include the JavaScript SDK correctly, as explained on Facebook: Facebook JavaScript SDK Quickstart.
  • Feel free to put the AJAX Request in a function and add some fancy callbacks or Promises if you feel like a pro. I´ve only included it in the login callback for the sake of simplicity. I am also using my own AJAX call instead of the easy jQuery solution, because i am a big fan of Vanilla JavaScript :).
  • If you want to release your App to other users so they can manage their own Facebook Pages, use /me/accounts to get their Pages, let them select one and use my code with the selected ID.

Alright, it is time for the PHP code now, it´s pretty straightforward:

The script takes the Page ID and the Access Token you got through the JavaScript SDK login process.

I am using the same parameters for CURL as the PHP SDK, but this should stay the same even if they update the PHP SDK – which is the beauty of the JavaScript SDK, you don´t have to update on your own as it gets loaded from the Facebook servers. Also, you don´t need to redirect the user to an authorization page for login. +1 for usability 🙂

You may wonder about the appsecrect_proof parameter: That one is very important to secure your Graph API calls in case someone gets access to your precious Access Token. You can read more about it here: Securing Graph API Requests

Anyway, this should be future-proof…unless Facebook changes it.

Tip: Make sure to only use the Extended Page Token on the server for security reasons!

(Open Graph picture by oskay/everystockphoto)

11 thoughts on “Extended Page Access Tokens with CURL

  1. Luis says:

    Hello! I would like to know if this is still working. Also, I’ve been having trouble implementing the PHP part. My website runs on Django and I don’t know how to run the PHP code. Should I add it to a .html file under the JavaScript?

    Thanks in advance 🙂

    • that´s up to you, but i prefer to separate frontend and backend code – i am usually using html files with js, and php only for interfaces to a database (or the file system). i am more into node.js right now though.

  2. Saili Jaguste says:

    This code is not working anymore. I have used it in one of the applications. But not the access token that I used to get as permanent access token shows error(“type”:”OAuthException”,”code”:190,”error_subcode”:463)

Leave a Reply to Graeme Cancel reply

Your email address will not be published. Required fields are marked *