The SMB Integration Playbook
System User Access Token Handling
Assigning permissions to a page from the API requires special permissions. Please reach out to your Facebook rep if you require this feature.
While this is straight forward, ensuring that your system user has access to the customer's page is less so.
You should not need to request access to a user's Facebook Page through business manager under this model.
Adding System User as Advertiser
After receiving the access token, as covered in Understanding Access Tokens, you can ideally store this in session storage, local storage, or a cookie.
From here, you can make API calls to add your system user as an advertiser (role) to the advertiser's page.
curl \ -F "admin_id=<USER_ID>" \ -F "role=Advertiser" \ "https://graph.facebook.com/<API_VERSION>/<PAGE_ID>/roles"
From here, you can make API calls to create ads for this page using the system user's token, which you always have access to.
It is worth noting that if the advertiser revokes the System User's permission on their page, you will no longer have access to the page.