- Community
- Question
I am using Facebook ads API to show some data from my customers Facebook ads account to my website .Here is the list of scopes I am using
a) ads_management b) ads_read
My query is regarding Facebook API long lived access token. My long lived access token expires after 60 days and after that user need to login by using his/her credentials. Is there a way I can manage to refresh this long lived access token without user need to login.
If I use page access token will I able to get all this information? I am looking for information like ads_management and ads_read
+++1. I recall documentation a while back about how to refresh a long-lived user access token. I no longer see it.
Thank you David for your reply. Is there any way I can get these scopes information using page access token?
Hey Avery, have you found any solution for this? we are facing the same challenge
If we try to refresh the long-lived token with /oauth/access_token?..., then we get a new token, but with the same expiry date as the old one!
Has anyone found anything yet? Is it really not possible to refresh the long-lived token on behalf of the customer?
How is facebook now helping us find a solution for this??!
not*
Is there some solution for this question? I have the same flow in my SaaS and need to solve this asap! 😣
I'm facing the same issue with my webApp, and I need refresh page token, https://developers.facebook.com/docs/pages/access-tokens “ If you used a short-lived User access token, the Page access token is valid for 1 hour. If you used a long-lived User access token, the Page access token has no expiration date. ” means don't need refresh_token?
You don't need to refresh a long-lived Page Access Token (unless it is invalidated for some reason, usually does not happen if you work according to Facebook API rules). The problem is with the User Token
Push ...
Did you guys figure out how to deal with this? We're facing the same issue and are about to embark a trial and error journey regarding the handling of the long-lived tokens / renewal of the token.
Not yet unfortunately, let's share findings
Hello mates, any news on that? Have you guys tried to implement a routine that refreshes users' access_tokens? In fact, is this actually possible? Thanks in advance.
Has anyone found if is possible to refresh the token without user intervention?
"The SDK will automatically refresh tokens if the person has used your app within the last 90 days" is completely misleading, unfortunately.
Hi Carlos, have you tried reusing the long-lived token after the 60 day expiration date? (Assuming it has been used a few times since the initial token generation). Are you sure it did not refresh every time it was used, pushing the expiration date forward?
Hi Rannie, did you try it? I am wondering the same thing...
The token expires even if you use it (just call the API) within the 60-days
I have been struggling with this for a while and the breakthrough came from a comment on this post from
"Eddy" at Jul 22, 2022 at 1:45 PM
You need to create a "System User" and assign your app as asset. There are some other things you need to click through - as well as you perhaps need to get more permissions from your admins in order to create the "System User" in the first place - but it was relatively easy to search how to do this. Once you set this up - indeed you get an access token that is "eternal".
Thank you Eddy for posting your find, hope we can surface that answer as the correct one because I see a lot of other people have the same troubles here.
Could you please share all the steps with me? My business admin assigned my user as asset in the app. Now I try to get the token and then long lived version through the graph api explorer but all are temporary token.
This doc might be relevant: https://developers.facebook.com/docs/facebook-login/access-tokens/refreshing . It says that if you're using the iOS, Android, or JavaScript SDK, the SDK will automatically refresh tokens. But I think the only way to get a long-lived user token is from a short-lived user token generated by login.
Avery, I think you need a system user or long-lived user token for Marketing API calls: https://developers.facebook.com/docs/marketing-apis/get-started
I'm facing the same issue, I read https://developers.facebook.com/docs/facebook-login/access-tokens/refreshing but it is not clear to me what "the SDK will automatically refresh tokens if the person has used your app within the last 90 days" means.
More specifically: the person has used your app. What does FB means with app? I suppose the FB app, the one that gone through the review process. But how could the person use the app? What shoud they do? I mean, the person use my web app bot the FB app.
My web app swaps the short-lived with a long-lived User access token and then, basically everyday, it calls (server side, during the night, when the person/user is not even connected) the marketing API using this long-lived User access token to update some custom audiences.
How can my web app continue to do this after 60 days? It sounds strange to me that we have to ask the user/person to get back to our web app and re-authorize us.
Your description fits my and many system's use case. There must be a solution since there are many SaaS with this flow exactly (User logs in and approves your FB app with requested permissions... Then the SaaS/App pulls data on your behalf forever, without you needing to log in to FB again to refresh your token)
Did you find a solution for this matter? I am facing the same problem.
Did all of you find a solution to refresh long-lived user access token. I am having the same issue. Thanks in advance.
Anybody find a solution?
Hi everyone! Any news on this?
People with use cases longer than 60 days ago, are access_tokens still valid, thus refreshed automatically?
Or did you have to ask permission again?
I believe the solution is to keep a record of your access token and date you got it, then use the following call to get a new access token. Once you receive this, you'll need to remove the original access token and do the same call with this. If you did this every 2 weeks, you'd technically never expire
```
curl -i -X GET "https://graph.facebook.com/{graph-api-version}/oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={your-access-token}"
Actually may have found a better solution. If you have access to 'Ads Manager', create a 'System User' and assign them your app as an asset. You can then generate an access token that never expires
posting here as well for visibility ^^^ this is indeed the best way. Thanks Eddy.
Can confirm. This is the solution. A system user will generate a never expiring token and you can load them with all the permissions you need
Eddy, you mention have access to Ads Manager and create a system User. I have created an App and have a System User in the business account associated with that app. (e.g Business 1, App 1)
However, if another business, Business 2: User 2, performs the OAuth and grants access to the app, the access_token is for User 2 of Business 2. They have granted App1 access to retrieve the data.
The access token (for User 2, Business 2) has expiration. I'm not sure how I would associate the system user from Business 1 to the Business 2
Joe, unfortunately what was posted up there is the extent of my businesses needs so I haven't extended access to our system to a 3rd party as yet. I assume if you are allowing a user/business to oauth to your system, you would be provided with a refresh token or something similar in which to allow continued access? The reason I needed a permanent access token is due to our system being server-to-server only and facebook having no server oauth generation path.
Hi Ed, I could successfully generate the never-expired token but it doesn't include the scope that I need. How can I load the token with all the permissions I need?