Access Tokens

This guide explains how to get User and Page access tokens.

Get a Short-lived User Access Token

Use one of the following methods to get a short-lived User access token:

These methods will create a short-lived User access token that is valid for only 1 hour.

Get a Long-lived User Access Token

To get a long-lived User access token you will first create a short-lived User access token. Next, you will exchange the short-lived User access token for a long-lived User access token. This token is valid for 60 days.

Send a GET request to the /oauth/access_token endpoint. Replace {app-id}, {app-secret}, and {access-token} with your information.

curl -i -X GET "https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&
  client_id={app-id}&
  client_secret={app-secret}&
  fb_exchange_token={short-lived-user-access-token}"

On success, your app gets this response:

{
  "access_token": "{long-lived-user-access-token}",
  "token_type": "bearer",
  "expires_in": {seconds-until-token-expires}
}

This token is valid for 60 days.

Get a Page Access Token

To get a Page access token, you will need a User access token. This User access token must be generated by a person who can perform the action on the Page. For example, to moderate comments the person must be able to MODERATE the Page.

Send a GET request to the /{page-id} endpoint using your User access token. For example:

curl -i -X GET "https://graph.facebook.com/{page-id}?
  fields=access_token&
  access_token={user-access-token}"

On success, your app gets this response:

{
  "access_token":"{page-access-token}",
  "id":"{page-id}"              
}
  • If you used a short-lived User access token, the Page access token is valid for only 1 hour.
  • If you used a long-lived User access token, the Page access token has no expiration date.

Get Access Tokens of Pages You Manage

To get list of Pages and their corresponding Page access tokens, you will need a User access token and pages_show_list or manage_pages.

Only Pages that the person generating the User access token can MANAGE will be returned.

Send a GET request to the /{user-id}/accounts endpoint:

curl -i -X GET "https://graph.facebook.com/{user-id}/accounts?
  fields=name,access_token&
  access_token={user-accesss-token}"

On success your app will receive the following response:

{
  "data": [
    {
      "name": "Facebook Page 1",
      "access_token": "{page-access-token-for-Page-1}",
      "id": "{page-1-id}"
    },
    {
      "name": "Facebook Page 2",
      "access_token": "{page-access-token-for-Page-2}",
      "id": "{page-2-id}"
    },
    {
      "name": "Facebook Page 3",
      "access_token": "{page-access-token-for-Page-3}",
      "id": "{page-3-id}"
    },
...

Limitations

  • Short-lived User access tokens are valid for one hour.
  • Long-lived User access tokens are valid for 60 days.
  • Short-lived Page access tokens are valid for one hour.
  • Long-lived Page access tokens are have no expiration date.

All access tokens may become invalid before they expire even non-expiring Page access tokens under certain circumstances. If a password changes, if the user who requested the token no longer has a role on the app or Page, or when a security issue has been detected, an access token will become invalid.

Learn More