Skip to main content
Skip table of contents

Getting Credentials for Facebook

Facebook API authentication is based on the OAuth workflow. The Data Virtuality platform is based on the manual login flow defined in Facebook’s documentation. You can easily follow the same steps should you opt to receive the credentials for the connector manually.

Application Credentials

As a prerequisite, you need the App ID and the App Secret available from your developer dashboard. To obtain them, navigate to https://developers.facebook.com/apps and select the app you need.

You can find the App ID in one of these places:

  • In the address bar of your browser:

  • At the top of the dashboard on each page. The App ID is clickable, and is copied to the clipboard upon click:

  • In the basic settings of your application:

As for the App Secret, you can find it in the basic settings of your application next to the App ID. Please note that in order to retrieve the App Secret, you might be prompted for your Facebook password:

App Secret is confidential and should not be made available to the public.

Authentication Concept

In order to use the connector, the application should be linked to the particular user. When used together, the application is accessing the Page or Ad Account on behalf of the user.

  • The application is identified and authorized by the pair of App ID and App Secret;

  • The user is authorized by Facebook login and password;

  • When authentication steps are complete, Facebook issues the authentication token, which contains information on both the application and the user, inheriting permissions from both. 

Setting Redirect URIs

The token workflow requires the Redirect URI which should be defined in Facebook Login settings:

To set up a Redirect URI, type the Redirect URI in Valid OAuth Redirect URIs section. This URI will receive the short-lived token. For desktop applications, the Redirect URI should be set to https://www.facebook.com/connect/login_success.html;

The used Redirect URI should be specified, otherwise, authentication will result in the following error:

Getting a Short-lived Token

1. Use the App ID and the Redirect URI to receive the short-lived access token by generating the URL in the following format: https://www.facebook.com/vX.Y/dialog/oauth?client_id=APP_ID&redirect_uri=REDIRECT_URI&response_type=token&scope=SCOPES

  • vX.Y should be replaced with the current active Facebook API version;

  • APP_ID corresponds to your App ID;

  • REDIRECT_URI corresponds to the Redirect URI defined in the previous step;

  • SCOPES define the data scopes, which will be available to the application. Depending on the scenarios, this list can be extensive and provide access to many parts of the API, or restricted.

In our example below, we are using v5.0 of Facebook API, the new App ID 2227831663984970, desktop workflow with the redirect URI https://www.facebook.com/connect/login_success.html, and the scope to read Ads information.

Note that email and public_profile scopes will always be appended, as this information is always made available to the authorized application.

2. Follow the generated URL and authenticate with your Facebook account:
https://www.facebook.com/v5.0/dialog/oauth?client_id=2227831663984970&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token&scope=ads_read

3. Upon successful authentication, you will be redirected to a simple page. Act fast! The short-lived token will be in the address bar for just a few seconds. Copy it to the clipboard immediately.

4. The token is valid for two hours and should be exchanged for the long-lived token within the validity period for long-running integrations as described below.

Getting a Long-lived Token

This step assumes you have the App ID, App Secret and the valid short-lived token.

Generate the URL following this pattern:
https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=APP_ID&client_secret=APP_SECRET&fb_exchange_token=SHORT_LIVED_TOKEN

  • APP_ID corresponds to your App ID

  • APP_SECRET corresponds to your App Secret

  • SHORT_LIVED_TOKEN corresponds to the valid short-lived token received in the previous step. After the 2 hours of token validity expire, it can no longer be exchanged for the long-lived token and will have to be obtained again.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close