How to manage facebook pages on your website properly

Long lived Token ? Why that ?

A regular token will live for just 1 hour, you then refresh it … Mobile applications use sdk that directly give you a long lived token.

But if you want to manage a page, you don’t want to call people to connect to your application each time you want to post he scheduled no ?

So you have to call for a better solutions : A long lived token. This process is described well in doc but I will explain here how to use it with your application from A to Z.

How to step by step ?

1. Client side : Connect user on Facebook for short lived token and app-id
2. Client side : Send short lived token to server
3. Server side : ask Facebook for a long lived token
4. Save this token associated to user
5. Client side : retrieve user pages
6. Send to server the pages the user wants to admin
7. Server side : retrieve for each page new token with Long lived token

So lets get started, in this article all request on client side will use Typescript / Angular 4. But this doesn’t matter, you can do it with what you want.

Lets explain some steps

1 — connect user

This exemple use typescript

let scope = ‘public_profile, manage_pages, publish_pages, pages_show_list, publish_actions’;

```if (typeof FB === ‘undefined’)

return;

return FB.login((result:any) => {

if(!result)

return;

console.log(“Connected ==> “ + JSON.stringify(result));

let token = result.authResponse;

this.localStorageService.setFbToken(token.accessToken);

}, {scope: scope});

}```

3 — Ask long lived token

Why do that on server side ??

Just because you send private keys to Facebook, never do it from a client side.

First ask this long lived token from user short lived token to get a long lived token.

Then -> ask for user pages token, this new token will not have expires date

The request should look like this :

GET /oauth/access_token?

grant_type=fb_exchange_token&

client_id={app-id}&

client_secret={app-secret}&

fb_exchange_token={short-lived-token}

Do it with what you want, just manage to keep the result on your database safely…

I personnally love to use Retrofit2 to do my http calls… plenty of solutions, your choice, this is not the aim here.

5 — Retrieve user pages

```FB.api(“/me/accounts”,

function (response) {

if (response && !response.error) {/* Do what you want*/}});

}```

7 — Retrieve Facebook page Long lived token

Now we got to get the pages the users wants to let us manage with a long lived token

To do that just call the end points for page, with the long lived token (important !)

You can now save for each page :

• Page id
• Page token (will be a long lived one if you properly called… )
• Page cover url
• Page name
• … all the things of the page

Now you can enjoy Use Facebook page Publishing on your backend. Remember, always ask people which page they wants to let you manage for them, never use to do things user don’t wants as you gonna lose there trust.

This is my point of view for that, good luck guys.