To make a PHP script which can publish posts on your Facebook page, you need to call a Graph API endpoint with a page access token. To ensure that user interaction is not required on the frontend the token should not expire.
After reading a lot of documentation on the Facebook developers web pages I figured out how to do it in the following steps.
- Create user access token in the Graph API Explorer
- Get long-lived access token from the user access token
- Use long-lived access token to get a page access token which will never expire
Explanation
These are the quotes I picked up from the facebook articles.
A page access token with publish_pages permission can be used to publish new posts on behalf of that page. Posts will appear in the voice of the page. link
To get the Page access token for a single page call the API endpoint /{page-id} using an user access token and asking for the field access_token. You need the permission pages_show_list or manage_pages to successfully execute this call. link
If the user access token used to retrieve the page access token is short-lived, the page access token will also be short-lived. To get a longer-lived page access token, exchange the User access token for a long-lived one, as above, and then request the Page access token. The resulting page access token will not have any expiry time. link
You don't have to build a app which will require those permissions if you are admin of the page and have access to the Graph API Explorer for developers.
You can get access token from Graph API Explorer but it is short lived. It lasts for an hour link
So you need to immediately exchange it for a long-lived access token, and then for a page access token which will last indefinitely.
Getting required parameters
Go to the Facebook for Developers and chose your app.
Save the App ID and App Secret
Click on Tools and Support, and on that page choose Graph API Explorer
And, get the user access token
Implementation
Get a PHP Graph SDK with composer require facebook/graph-sdk.
Example script which you will use for initial fetching a long-lived page access token.
$appId = 'YOUR_APP_ID';
$appSecret = 'YOUR_APP_SECRET';
$pageId = 'PAGE_ID';
$userAccessToken = 'USER_TOKEN_FROM_GRAPH_API_EXPLORER';
Pull this parameters shouldn't be hardcoded in the way presented above. Pull it from the config file or environment variables.
$fb = new Facebook([
'app_id' => $appId,
'app_secret' => $appSecret,
'default_graph_version' => 'v2.5'
]);
$longLivedToken = $fb->getOAuth2Client()->getLongLivedAccessToken($userAccessToken);
$fb->setDefaultAccessToken($longLivedToken);
$response = $fb->sendRequest('GET', $pageId, ['fields' => 'access_token'])
->getDecodedBody();
$foreverPageAccessToken = $response['access_token'];
Then store $foreverPageAccessToken and use it for posting on your Facebook Page.
Example of posting on Facebook Page:
$fb = new Facebook([
'app_id' => $appId,
'app_secret' => $appSecret,
'default_graph_version' => 'v2.5'
]);
$fb->setDefaultAccessToken($foreverPageAccessToken);
$fb->sendRequest('POST', "$pageId/feed", [
'message' => 'I Like French Fries.',
'link' => 'http://blog.damirmiladinov.com',
]);
You can debug your token with this api call:
var_dump($fb->sendRequest('GET', '/debug_token', ['input_token' => $foreverPageAccessToken])->getDecodedBody());
This code is for reference, please clean it up in the real project.
To Think About
Afterwards, my thought are, maybe you could do whole thing from the Graph API Explorer. Even the part when you pull the page access token. No need for the php script to do exchange of tokens. Then you could just pass the long lived token in to the config.
However, this part have an advantage of being able to automate it with