Facebook pages API: "Page Public Content Access" review screencast

Asked 21/5, 2018 at 20:12 Answered 8/12, 2022 at 21:54

Solved facebook facebook-opengraph facebook-page

My website uses Facebook Page API to pull public content from a Facebook page, published by the page owner, to create a dynamic blog with a clear link to the Facebook page.

You can see it here in action: https://kc-hrubeho.cz (ctrl+F "Facebook"). Yellow button "Načíst další" works as an AJAX pagination. Sorry for the Czech language, this website unfortunately does not have an English version.

I'm using this URL to get JSON object of the page content: https://graph.facebook.com/<PAGE-ID>/feed?access_token=<TOKEN>&limit=10&fields=message,link,attachments,created_time,full_picture,picture,timeline_visibility

Right now it works, but App review FAQ states this:

My app used to access public content on pages, am I affected by the v3.0 changes?

Yes. Apps that access content of public pages need to request Page Public Content Access feature and require review by Facebook.

Also, there is this notice:

In order to maintain your current API access, your app will need to be submitted for review by August 1, 2018.

I've filled out the form for review. One of the required items is "the screencast".

We need to see your app using Page Public Content Access so we can see that it doesn't violate our policies. Upload a video screencast walkthrough using any method, (even recording with your phone). You must show:

How a person logs in with Facebook

How a person sees this feature used in your app

More detailed instructions about the screencast state this however:

You do not need to submit your app if it will only be used by you or by a reduced number of people. Any account listed in the Roles tab in your App Dashboard, such as admins, developers and testers, can access all permissions and generate a user or page access token.

You can use any of these accounts to test your app and create a screencast.

This is incredibly confusing. My questions are:

If my code access the Pages API and shows the result on my website, is it "used by reduced number of people"?
If I do not need to create a screencast, how can I apply for a review? Do I even need it (meaning "will my token work after 1st August")?
If I do need a review with a screencast, what exactly should I record in my case? Should I just stitch a few screencasts of my code and the website to a single video? That, imho, sounds just bonkers. :)
Is there a different endpoint all together (which would not require a review or the screencast) that I should use, if I only need to read the data of my own page?
My old applications are working right now (not sure about August 1, see above). For applications with the same purpose (just to read public content of FB page owned by the owner of application) created after all the fuss with reviews, will there be the same rulset as is for the old ones?

Thanks in advance!

Edit

This is what I've heard from the group moderator of official FB support group Facebook Developer Community:

You can use an app in dev mode to retrieve the feed for pages you are admin of. [...] I don't know if August 1 will change the current behavior or if the current behavior is even the intended behavior. [...] Actually I never met a person that was able to predict what will happen in 90+ days ... most experts even fail to predict tomorrow's weather ;) Seriously, I don't know ...

Very frustrating, but so far the most specific answer I got.

Gelhar answered 21/5, 2018 at 20:12 Comment(10)

You need to submit for review and you need to submit a screencast. The screencast should not show code. It should show how the permission is used – Beslobber 21/5, 2018 at 20:56

I don't understand what that means. How should my screencast show, that my code sends request to URL, cache the results and show them on my website? Can you explain please, what should the screencast include in my case? The documentation and examples provided are not very helpful. – Gelhar 22/5, 2018 at 5:18

If you only need to read content from a page you have admin access to, then you can leave your app in dev mode, and don’t need to submit for review. Your app admin account can grant all necessary permissions without review. – Empyreal 22/5, 2018 at 6:52

I only need to read the data. Are you absolutely sure that my applications will be working without review after August 1? Also, will new applications work under same rules? (this one was created before all the review fuss) The documentation is extremely confusing. :( – Gelhar 22/5, 2018 at 8:14

@Empyreal That currently doesn't work. I'm even using Page Access token on the page's endpoint, and - if granted by my app - that does not let me access my own page. If I grant the same (manage_pages) to Graph API Explorer app, then it works. – Famulus 22/5, 2018 at 14:5

Works absolutely fine for me, with other apps than the GAE one, and even one that was created after API v3.0 was announced. – Empyreal 22/5, 2018 at 14:8

It began working for me too, really weird. I don't even need to use a Page Access token, just my person's token (not the app token). – Famulus 22/5, 2018 at 15:25

I am in a struggle for a month now. I got to the direct support with FB. The latest answer I got is: "the Page Public Content Access permission is for comparing results from different pages. An example could be comparing likes of different restaurants across different Facebook pages. In your screencast, you scroll through posts and this is now a valid use case for the Page Public Content Access Permission. In your next screencast, please show a valid use case of the Page Public Content Access Permission." And I don't even use other pages, just mine Page and it's public posts. Wierd – Gluteus 16/11, 2018 at 13:1

i give up. i will write a javascript bot to collect the comments. the whole facebook review team is terrible and their review process absolutely demented – Vincent 17/6, 2019 at 20:47

I am in the same situation. I just need to create automatic posts to MY OWN page, and they are not approving the manage_post api, I really do not know why, they just give generic motivation. I ended up creating a puppeteer based script to do the same – Maleki 23/4, 2022 at 10:57

If my code access the Pages API and shows the result on my website, is it "used by [a] reduced number of people"?

You are most likely the only consumer of the API in your application. Since it's an AJAX call in the background and not a login based application, the "reduced number" situation should apply.

If I do not need to create a screencast, how can I apply for a review? Do I even need it (meaning "will my token work after 1st August")?

As long as the app developer and page admin roles are shared, switching the app to development mode will ensure it will keep working.

"If your app is in dev mode you should be able to get page access tokens with any permission for anybody who has a role on your app. If you just want to manage posts on your own page or the pages of users who have roles on your app, you'll be able to do so in development mode without submitting for app review." - Response from Facebook Developer Support at https://developers.facebook.com/support/bugs/2029233277148530/ (private report by me)

If I do need a review with a screencast, what exactly should I record in my case? Should I just stitch a few screencasts of my code and the website to a single video? That, imho, sounds just bonkers. :)

See previous.

Is there a different endpoint all together (which would not require a review or the screencast) that I should use, if I only need to read the data of my own page?

Using the page feed endpoint (/PAGE_ID/feed), while having a user who both is a developer on the app and has a role on the page should work, as long as the app is in development mode.

My old applications are working right now (not sure about August 1, see above). For applications with the same purpose (just to read public content of FB page owned by the owner of application) created after all the fuss with reviews, will there be the same rul[e]set as is for the old ones?

The August 1st deadline is for a specific set of permissions

user_friends
user_link
user_gender
user_age_range

It should work the same since these aren't needed to show the page posts.

Use a user or page token with manage_pages access, since the app token cannot identify whether you have a role on the page.

Yes, this will mean you will have to implement a way to either refresh the user token or ensure the extended page token doesn't invalidate in the background.

HTTP GET /page__id_owned/feed?access_token=APP|TOKEN

Response
#10) To use 'Page Public Content Access'...

HTTP GET /page__id_owned/feed?access_token=access_token_no_manage_pages

Response
#10) To use 'Page Public Content Access'...

HTTP GET /page__id_owned/feed?access_token=access_token_manage_pages

Response
{
  "data": [
    {
      "created_time": "2018...

HTTP GET /page__id_NOT_owned/feed?access_token=access_token_manage_pages

 #10) To use 'Page Public Content Access'...

Public Page Content is not directly related to your use case, that is, you do not use "Public Page Content". This is for a scenario where you are analyzing public content as a data firehose, see the common usage section at https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS.

"Page Public Content Access, on the other hand, is an app-level feature for read-only access to anonymized public data including business metadata, public comments, posts and reviews for a public page (not owned by any developer on your app). https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS" - Response from Facebook Developer Support at https://developers.facebook.com/support/bugs/2029233277148530/ (private report by me)

Crowbar answered 30/5, 2018 at 15:29 Comment(6)

Thank you, this is exactly the answer I was looking for. One more question - will my current token stay valid? Under Token debugger, fields Expires says Never. Will I need to refresh it? Also, am I free to create new apps for new clients, with the same requirements, under new terms? Thanks again! – Gelhar 30/5, 2018 at 15:40

As long as the extended flow was used developers.facebook.com/docs/facebook-login/access-tokens/… it should not be a problem. However, there are cases when the token might be invalidated (changed password, roadblock, security session compromised) so your code logic should accommodate for that. A new app should work under the same settings I haven't seen anything that prevents it. – Crowbar 30/5, 2018 at 15:51

Since this is the most comprehensive answer I have found on the topic, I'll ask a follow up question to which I have found no answer. I have a similar aggregation website under development and I need to pool information from a few dozen pages (of which I am not an admin). I presume there is no way to do this right now with the current API? I am pretty sure there is no screencast I could make to convince Facebook to approve my shell "application". – Monometallism 12/6, 2018 at 3:48

metoo @peteykun, it sounds complicated - seems like we have to get app review, for what used to be fetching of public data. (I'm after events, no longins, no user data, I don't care who went).. Events arent listed on the Page Public Content Access doc tho :( – Sheree 6/8, 2018 at 16:22

Which permission is needed to fetch post from own (!) facebook page and import it to a new Drupal content type? – Chromatin 5/12, 2018 at 12:4

@Monometallism did you get the app review approved? – Vouge 10/6, 2019 at 20:28

After a lot of struggle with FB direct support and FB Dev Community Group I found a way to get my FB Page public posts without having the infamous Page Public Content Access for which I had to create a screencasts with some comparisons of two different pages (?!).

So, in few simple steps:

Get your User Access Token for desired app from this nice FB tool
Create Page Access Token like described in Page Acces Tokens Documentation. But be sure to not skip the part ... using the access token .... That means that your request should look like GET /{page-id}?fields=access_token&access_token=USER_ACCESS_TOKEN_FROM_STEP_1
Then use Access Token Debugger to debug your brand new Page Access Token that will expire in an hour. At the bottom you will see the blue button saying Extend Access Token. Hit that and there you go - the never expire Page Access Token
Use it to get the Facebook Page public posts on FB GRAPH /page-id/posts?access_token=PAGE_ACCESS_TOKEN

UPDATE

If you have trouble with step 2 (I had with some older apps) try using this tool https://developers.facebook.com/tools/explorer

Gluteus answered 16/11, 2018 at 14:11 Comment(6)

I stuck at number 2. It throws the same error (#10) To use 'Page Public Content Access', your use of this endpoint must be reviewed and approved by Facebook. when I send a request to https://graph.facebook.com/v3.2/68793499001?access_token=USER_ACCESS_TOKEN_FROM_STEP_1&fields=access_token – Buckskin 27/11, 2018 at 8:48

@Buckskin Did you use the User Token from step 1? And be sure it's for the page 68793499001 – Gluteus 27/11, 2018 at 12:36

@MladenJanjetovic based on this, it is not possible scrap data from other facebook pages? – Amiens 14/1, 2019 at 14:5

I don't think so. Let us know if you try – Gluteus 14/1, 2019 at 23:25

it says

Object does not exist, cannot be loaded due to missing reviewable feature 'Page Public Content Access', or does not support this operation. To use 'Page Public Content Access', your use of this endpoint must be reviewed and approved by Facebook. To submit this 'Page Public Content Access' feature for review please read our documentation on reviewable features: ...

:( the documentation says you need page_show_list or publish_pages permission to get page access token. however, to get one of these permissions you need an app review. what the hell facebook – Vincent 14/6, 2019 at 14:55

If you have trouble with step 2 (I had with some older apps) try using this tool developers.facebook.com/tools/explorer – Gluteus 4/10, 2019 at 15:33

Having gone through this process recently with a successful outcome, here's what worked for me, hopefully it's useful to some:

1. Business Verification

This process was fairly straightforward, I provided all required information and supporting documents. After being declined once for insufficient prove of the company address I've uploaded a couple other documents and got the verification (there was no obvious reason why the first one wasn't sufficient but the others were).

2. Screencast

This is obviously the tricky part, but this is what worked for me: I'm gathering data using a webservice and storing it in a database. This data is then visible in a mobile app, so I've provided them with login credentials to my app. To mock the behavior of my webservice getting public data from Facebook, I've created a fake Facebook page, to the data of which I have access without the PPCA, in developer mode. In the recording I somewhat follow their Server to Server example. I show my database with a sample entry and then my fake Facebook page holding the data I want to gather. Then I run my webservice and show that the data from my page is now in my database. Finally I explained how to navigate to this exact dataset in my app. That's it.

This was rejected once when I didn't include access to my app (I only showed the data in my database).

As a final note, even though the events edge is listed in the pages API to which you get access with the PPCA, you still can't access it (i.e. /pageID/events). So if you're looking to get event data, no need to bother with PPCA.

Wholism answered 20/12, 2019 at 7:21 Comment(5)

Why do I need business verification to get the likes of my own page? – Sybarite 4/5, 2021 at 18:4

I don't know I'm not working for facebook, just sharing my experience. Not sure why you would downvote my answer because you don't like facebook's policies. – Wholism 5/5, 2021 at 11:58

You are right, my mistake. I misunderstood your answer. I thought you said business verification is required in order to use the API. – Sybarite 5/5, 2021 at 13:8

Didn't they tell you that you can do the same without PPCA using "pages_read_user_content" or "pages_read_engagement" permission since you showed data from your own page? I'm stuck with getting the PPCA feature enabled because there is no way to actually use it in a demo as far as I know. I've previously successfully completed review process by actually using the permissions with the "standard access" and submitting the application screen-cast. Also in my previous submissions I added the Facebook login with all the requested permissions added to the scope and got approved. – Countryman 7/6, 2023 at 8:15

You mentioned that PPCA will not give access to the events on a page. Then what feature should we use to get public event data from public facebook pages? Our goal is to aggregate Facebook events from a particular genre/category to help our users interested in that genre/category better find all good Facebook events info in one place. – Orpha 3/4, 2024 at 1:41

FYI if you make it past screencast blocker you still need to go through business verification. Should you get past this I don't know what else you have to defeat to clear app review gauntlet.

App Review Step 2 - Business verification required The permissions and features review is complete. Next, we'll verify your business.

To do this, you may need to provide documentation like a business license or utility bill.

Tgroup answered 29/7, 2018 at 22:15 Comment(2)

the review page says may, but not when.. developers.facebook.com/docs/apps/review – Sheree 6/8, 2018 at 16:31

That's insane!! – Disulfiram 29/3, 2019 at 20:46

If the page is not yours or if you are not the admin of the page, Facebook doesn't allow you to access the data. I had asked them and this was their response:

"Ok. If the news is retrieved from your own Facebook page, rather than a public page that you don't own, you can use the pages_manage_post and pages_read_user_content permissions.

Unfortunately, I'm afraid there isn't a permission that can allow you to give your users public pages news. You can only give news from your own Facebook page."

Initially i had applied for Page Public Content Access permission.

Potman answered 30/6, 2020 at 10:28 Comment(3)

Hi, I don't see the Page Public Content Access in the official documentation developers.facebook.com/docs/permissions/reference . Can you clarify? Isn't pages_read_engagement enough? – Devi 30/6, 2020 at 21:51

Oh you referred to public pages. But if you can have them grant permission to your application it might work – Devi 30/6, 2020 at 21:52

well i want to access public pages posts and posts only. Page Public Content Access demands aggregated, anonymized public content for competitive analysis and benchmarking. Simply grabbing the posts won't allow the permission. With read_engagement you can only read pages where you are admin or owner. – Potman 1/7, 2020 at 8:45

some of these steps metioned here doesn't work anymore in 2022. If you are struggling to get public posts from your public FB page using server-side API access, this helped me to get Page Access token, that never expires: https://medium.com/@blienart/get-a-permanent-facebook-page-access-token-a96470dc03ca

Step-by-step tutorial:

You need FB developer account and you have to be admin of your FB page you want to read feed from. Create Facebook app with 'pages_read_engagement' and 'pages_show_list' permissions (no need to review the app).
On https://developers.facebook.com/tools/explorer/ select your FB app name and "User Token" value on the right. Below select 'pages_show_list' and 'pages_read_engagement' permissions and click "Generate Access Token". Copy the generated token.
On https://bnjis.github.io/Facebook-permanent-token-generator/ fill in your FB app ID, FB app secret key, your copied User Access Token and click submit. This will generate token, which should not expire.

You can use the final token in you server-side app along with FB app id and FB app secret to access your public FB page posts. In my case, the PHP implementation looked like this:

$appId = 'xxx'; // Your FB App ID, you have to be it's admin
$appSecret = 'xxx'; // Secret key of your FB app
$accessToken = 'xxx'; // Access token generated in step 3
$fbPageId = 'xxx'; // ID of your Facebook page, you have to be it's admin

// This is an official PHP SDK: `composer require facebook/graph-sdk`
$fb = new \Facebook\Facebook([
    'app_id' => $appId,
    'app_secret' => $appSecret,
    'default_graph_version' => 'v15.0'
]);

try {
    $response = $fb->get('/' . $fbPageId . '/feed?fields=permalink_url,created_time,message,full_picture&limit=20', $accessToken);
    if ($response instanceof FacebookResponse) {
        $data = $response->getDecodedBody(); // Array of your FB page posts
        // further processing
    }
} catch (\Exception $e) {
    // Exception handling
}

Gasify answered 8/12, 2022 at 21:54 Comment(2)

Please include the full solution instead of a link to it. We don't know if and when that article will disappear... – Rear 19/12, 2022 at 16:3

@Rear Sure, I edit my answer and add the step-by-step tutorial. – Gasify 20/12, 2022 at 19:36

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Edit

Recommended topics

Hot tags