Page Access Tokens, Permissions and Roles

Before your app can make calls to read, update, or post to Pages you need to get a page access token. With this token you can view Page settings, make updates to page information and manage a Page.

- Permissions for Pages

- Getting Page Access Tokens

- Permissions and App Review

- Page Roles

Permissions for Pages

When interacting with Pages via the Graph API you need to ask for permissions using Facebook Login. Based on the feature you want to build, you need to ask for a different set of permissions. See the table below to learn about each permissions' abilities.

Permission Abilities

manage_pages

Enables your app to retrieve Page Access Tokens for the Pages and Apps that the person administrates.

publish_pages

Gives your app the ability to post, comment and like as any of the Pages managed by a person using your app.

read_page_mailboxes

Provides the ability to read from the Page Inboxes of the Pages managed by a person.

pages_show_list

Provides the access to show the list of the Pages that you manage.

pages_manage_cta

Provides the access to manage call to actions of the Pages that you manage.

pages_manage_instant_articles

Enables your app to manage Instant Articles on behalf of a Facebook Page that the person administers.

Getting Page Access Tokens

Graph API requires Page access tokens to manage Facebook Pages. They are unique to each Page, admin and app and have an expiration time.

People using your app need to have the one of the Page roles described below.

For a Single Page

To get the Page access token for a single page call the API endpoint /{page-id} using an user access token and asking for the field access_token. You need the permission pages_show_list or manage_pages to successfully execute this call.

GET /{page-id}?fields=access_token

The response will look like this:

{
  "access_token": "{your-page-access-token}",
  "id": "{page-id}"
}

For Multiple Pages

You can get a list of all pages you manage including their page access tokens. You need to ask for the permission pages_show_list or manage_pages to access this API endpoint. Using an user access token call the path:

GET /me/accounts

A list of pages, that the current user has access to will be returned. Access is defined by having at least one of the roles listed below. In the field perms you can see which Page roles you own for each page.

{
  "data": [
    {
      "category": "Product/service",
      "name": "Sample Page",
      "access_token": "{page-access-token}",
      "id": "1234567890",
      "perms": [
        "ADMINISTER",
        "EDIT_PROFILE",
        "CREATE_CONTENT",
        "MODERATE_CONTENT",
        "CREATE_ADS",
        "BASIC_ADMIN"
      ]
    }, 
}

Permissions and App Review

Your app needs manage_pages and publish_pages permissions from the person who wants to post or message as a page. If your app request these permissions, then your app needs to go through Login Review.

Your app might not need to request these permissions because people posting are already set up with a role in your app's dashboard. If this is the case you do not need to submit your app for review. See the Roles tab in App Dashboard.

Page Roles

Facebook Pages have six different roles to access settings, publish content as a page, or perform operations with the Pages API. Depending on your Page role you may be able to execute a particular set of actions like posting as page or getting insights data.

When making API calls to the endpoint /{user-id}/accounts the current user's roles are listed in the key perms.

Role Description Roles this Applies To

ADMINISTER

Manage admins

Full Admin

EDIT_PROFILE

Edit the Page and add apps

Full Admin, Content Creator

CREATE_CONTENT

Create posts as the Page

Full Admin, Content Creator

MODERATE_CONTENT

Respond to and delete comments, send messages as the Page

Full Admin, Content Creator, Moderator

CREATE_ADS

Create ads and unpublished page posts

Full Admin, Content Creator, Moderator, Ads Creator

BASIC_ADMIN

View Insights

Full Admin, Content Creator, Moderator, Ads Creator, Insights Manager

For information on all Page roles and capabilities, see Facebook Help Center, Page Roles.

Expiration

Page Access tokens have expirations; your app can continue to use a Page Access token for an hour after you originally get it.

If your app makes multiple requests to a node, the initial request gets a token and subsequent requests may get new tokens. The initial token will continue working as long as it is not expired.

If your all of your app's Page tokens expire, you should request a new one.