Keywords: Facebook access token | permanent page token | Graph API
Abstract: This article details how to acquire permanent access tokens for Facebook pages, suitable for server-side applications requiring long-term access to non-public page data. Based on Facebook's official documentation and best practices, it provides a step-by-step process from app creation to token generation, with code examples and considerations.
Introduction
When developing server-side applications that need to periodically import non-public data from Facebook pages, obtaining a long-lasting access token is crucial. Traditional user access tokens expire, and Facebook has deprecated the offline_access permission, necessitating new methods for generating permanent page access tokens. This guide, based on Facebook's official documentation and community best practices, offers a complete technical walkthrough.
Preparation: Creating a Facebook App
First, you need to create a Facebook app as the foundation for token management. Even if your project lacks a user interface, this step is essential because token generation and validation rely on app credentials. Visit the Facebook Developer Platform, click "+ Add a New App," and select the "Website" type for setup. After creation, no additional permissions are required, but ensure the app ID and secret are securely stored for later use.
Step 1: Obtaining a User Short-Lived Access Token
Use the Graph API Explorer tool, select your app, and click "Get Token" > "Get User Access Token." In the pop-up, switch to the "Extended Permissions" tab, check the manage_pages permission, and authorize a Facebook account with management rights to the target page. The generated token is a short-lived access token, typically valid for 1-2 hours, used for subsequent exchanges.
Step 2: Generating a Long-Lived Access Token
According to Facebook's documentation, exchange the short-lived token for a long-lived one via a GET request. The URL format is: https://graph.facebook.com/v2.10/oauth/access_token?grant_type=fb_exchange_token&client_id={app_id}&client_secret={app_secret}&fb_exchange_token={short_lived_token}. Note that Graph API Explorer may not handle this request; it's recommended to access it directly in a browser or use command-line tools. Response example: {"access_token":"ABC123","token_type":"bearer","expires_in":5183791}, where ABC123 is the long-lived token, valid for about 60 days.
Step 3: Retrieving the User ID
Using the long-lived access token, send a GET request to https://graph.facebook.com/v2.10/me?access_token={long_lived_access_token}. The id field in the response is the user account ID, necessary for generating the page token.
Step 4: Acquiring the Permanent Page Access Token
Finally, request https://graph.facebook.com/v2.10/{account_id}/accounts?access_token={long_lived_access_token}. The data array in the response contains a list of pages accessible to the user; locate the target page and extract the access_token field. Verify with the Access Token Debugger—if "Expires" shows "Never," it confirms a permanent token.
Code Examples and Considerations
Here's a Python example demonstrating API requests to generate a permanent token:
import requests
# Replace with actual values
app_id = "your_app_id"
app_secret = "your_app_secret"
short_token = "short_lived_token"
# Generate long-lived token
long_token_url = f"https://graph.facebook.com/v2.10/oauth/access_token?grant_type=fb_exchange_token&client_id={app_id}&client_secret={app_secret}&fb_exchange_token={short_token}"
response = requests.get(long_token_url)
long_token = response.json().get("access_token")
# Get user ID
user_id_url = f"https://graph.facebook.com/v2.10/me?access_token={long_token}"
user_id = requests.get(user_id_url).json().get("id")
# Get permanent page token
page_token_url = f"https://graph.facebook.com/v2.10/{user_id}/accounts?access_token={long_token}"
pages = requests.get(page_token_url).json().get("data", [])
for page in pages:
if page["name"] == "Your Page Name":
permanent_token = page["access_token"]
breakConsiderations: The security of the permanent token depends on the initial authorized user's management rights; if the user loses page access, the token may become invalid. Regularly monitor token status and adhere to Facebook's data usage policies.
Conclusion
By following these steps, you can reliably generate permanent access tokens for Facebook pages, supporting server-side data retrieval. This method avoids frequent token expiration but requires careful management of app credentials and user authorizations. As API versions update, refer to the latest documentation for adjustments.