Page Access Tokens, Permissions, and Roles

Before your app can make calls to read, update, or post to Pages you need to get a Page access token. With this token you can view Page settings, make updates to page information, and manage a Page.

Permissions for Pages

When interacting with Pages via the Graph API you need to ask for permissions using Facebook Login. Facebook Login allows your app to retrieve access tokens encoded with the permissions your app needs. Based on the feature you want to build, you need to ask for a different set of permissions. See the table below to learn about each permissions' abilities.

Permission Abilities


Enables your app to retrieve Page Access Tokens for the Pages and Apps that the person administers


Gives your app the ability to post, comment, and like as any of the Pages managed by a person using your app


Provides the ability to read from the Page Inboxes of the Pages managed by a person


Provides the access to show the list of the Pages that you manage


Provides the access to manage call to actions of the Pages that you manage


Enables your app to manage Instant Articles on behalf of a Facebook Page that the person administers

Getting Page Access Tokens

Graph API requires Page access tokens to manage Facebook Pages. They are unique to each Page, admin, and app and have an expiration time.

People using your app need to have one of the Page roles described below.

For a Single Page

To get the Page access token for a single page call the API endpoint /{page-id} using an user access token and asking for the field access_token. You need the permission pages_show_list or manage_pages to successfully execute this call.

GET /{page-id}?fields=access_token

The response will look like this:

  "access_token": "{your-page-access-token}",
  "id": "{page-id}"

For Multiple Pages

You can get a list of all pages you manage including their page access tokens. You need to ask for the permission pages_show_list or manage_pages to access this API endpoint. Using an user access token call the path:

GET /me/accounts

A list of pages that the current user has access to will be returned. Access is defined by having at least one of the roles listed below. In the field perms you can see which Page roles you have for each page.

  "data": [
      "category": "Product/service",
      "name": "Sample Page",
      "access_token": "{page-access-token}",
      "id": "1234567890",
      "perms": [

Permissions and App Review

Your app needs manage_pages and publish_pages permissions from the person who wants to post or message as a page. If your app request these permissions, then your app needs to go through Login Review.

Your app might not need to request these permissions because people posting are already set up with a role in your app's dashboard. If this is the case you do not need to submit your app for review. See the Roles tab in App Dashboard.

Page-Scoped User IDs

When a User visits a Page, an ID is returned for that person for that specific page. The Pages API returns this Page-scoped ID, a PSID, for a User allowing your app to connect a customer's interactions with the Page across both Pages API and Messenger API. This will allow your app to connect public conversations that happen through Messenger for a given User and Page.

Before May 1, 2018, the Pages API returned App-scoped IDs, ASIDs. If your app used the Pages API and ASIDs before this date, you will need to migrate from your ASIDs to Page-scoped IDs within 180 days of your App Review approval at which time your ASIDs will no longer work. Only after you have completed the migration will your app receive PSIDs instead of ASIDs.

To facilitate the ASID to PSID migration process, use the Page Scoped ID API. This API allows you to map an ASID and a page to a PSID. You can then prepare your systems to be able to support PSIDs. Once your migration is complete we can then enable PSIDs to be returned via the Pages API endpoints.

The Page Scoped ID API will be available for 180 days from the date that your app passed App Review. The Pages API Migration section in your app's App Dashboard (Settings > Advanced > Pages API Migration) will display the number of days remaining for your app.

Page Roles

Facebook Pages have six different roles to access settings, publish content as a page, or perform operations with the Pages API. Depending on your Page role you may be able to execute a particular set of actions like posting as page or getting insights data.

When making API calls to the endpoint /{user-id}/accounts the current user's roles are listed in the key perms.

Role Description Roles this Applies To in the UI


Manage admins



Edit the Page and add apps

Admin, Editor


Create posts as the Page

Admin, Editor


Respond to and delete comments, send messages as the Page

Admin, Editor, Moderator


Create ads and unpublished page posts

Admin, Editor, Moderator, Advertiser


View Insights

Admin, Editor, Moderator, Advertiser, Analyst

For information on all Page roles and capabilities, see Facebook Help Center, Page Roles.


Page Access tokens expire. Your app can use a Page Access token for an hour after you originally get it.

If your app makes multiple requests to a node, the initial request gets a token and subsequent requests may get new tokens. The initial token will continue working as long as it has not expired.

If all of your app's Page tokens expire, you will need to request a new one.