Get Asset IDs and Access Token

After the user installs the Facebook Business Extension, and you have their user access token (which is used to make API calls for the user), you need to get the pixel ID, Instagram Business ID, Page ID, Business Manager ID, Ad Account ID, Catalog ID (optional) or access token from the user to configure the relevant features. These IDs will be used for API endpoints and business configurations.

With the OBO solution, the client can get the access token, using the partner Business Manager's admin system user's access token as well, instead of only the client Business Manager's admin's access token.

Gather IDs for API Endpoints and Business Configurations

Here's how you get that information:

Webhook—Required for all platform partners that want to be listed in the App Store
FBE Installs API endpoint—Recommended for self-hosted businesses

System User Creation

After a user installs FBE, the extension generates an employee system user on the client's Business Manager. Naming for this new system user follows the schema {App Name} System User (FBE).

System users represent servers or software that make API calls to assets owned or managed by a Business Manager.

This system user has permissions to all associated FBE assets with the following task permissions:

Page: 'MANAGE'
Ad Account: 'MANAGE'
Catalog: 'MANAGE'
Pixel: 'EDIT'

Get System User Token via API

If you receive a user access token through a Webhook or the Business Login after a FBE install, you can use that same token to get the Business Manager's system user access token. To do that, make the following API call:

curl -X POST \
  -F 'app_id={app_id}' \
  -F 'scope={permissions}' \ 
  -F 'access_token={access_token}' \
  -F 'fbe_external_business_id={fbe_external_business_id}' \
  https://graph.facebook.com/<API_VERSION>/<client_business_manager_id>/access_token

For the scope field, use the manage_business_extension permission, but depending of your use case, also ads_management or catalog_management might be needed.

For the access_token field, you can pass a user access token (user_access_token) or a Partner Business Manager's Admin System User Access Token (partner_bm_admin_system_user_token). Learn more about Business Access Token.

token_type field from Webhook indicates whether the access_token received is user access token or a system user access token.

If the user is installing FBE via Instagram, the Webhook will return the system user's token that was generated on the client Business Manager, so you don't need to call this API.

Webhook

To receive prompt updates about installations, uninstallations, and reconfigurations of FBE, we fire Webhook events each time one of your businesses installs, modifies, or uninstalls FBE.

Each time a user installs or modifies FBE, your app should inspect the Webhook configuration to understand what assets the user has modified, added, or removed from their connection with your app. Your app's behavior should update based on the most current connected assets.

Setup Requirements

Create an endpoint on a secure server that can process requests from Facebook: Verification Requests (GET) and Event Notifications (POST).
Configure the FBE webhooks subscription in the App Dashboard:
- In the Facebook Business Extension section of the App Dashboard, go to the Setup tab, scroll down to the Webhooks card, then click Edit Callback URL.
- Enter your endpoint's URL in the Callback URL field and enter a string in the Verify Token field. We will include this string in all Verification Requests.
- Once you click Verify and Save, we'll send your endpoint a verification request which you must validate.
- The fbe_install webhook will be automatically subscribed. The card also features a toggle switch which can be used to deactivate the subscription if the need arises.

Parsing Webhook events

Each time an install webhook is received, your app needs to perform the following actions.

For new installations

Store the access token and token type, and record the assets that your app has been granted access to.
Enable the set of features based on which assets have been granted.
If an asset required for a specific feature is missing, disable only that feature. For example, if your app has been granted access to a catalog, but not a pixel, only implement the catalog-powered feature, not the pixel-powered feature.
Inform the user with an update on how your app is behaving based on which assets they have access to.

For existing installations

Update the access token, token type, and your record of assets that your app has been granted access to.
Update the set of features your app will implement for this business based on which assets have been granted.
Inform the user with an update on how your app is behaving based on which assets they have access to.

Parsing Webhook at uninstall

Perform the following steps at uninstall:

Disable features that your app implements for this business.
Inform the business about the change to their configuration.

What's Included with Webhook Payload

Response Fields

Field	Description
`ad_account_id` Type: string	Ad account ID selected by the user within FBE. You can use this ad account to manage ads if your app has `ads_management` permissions. See the connected assets of the `installed_features` list.
`business_manager_id` Type: string	Business Manager ID used for FBE. See the connected assets of the `installed_features` list.
`catalog_id` Type: string	Catalog ID selected by a user with FBE. A user can use this ID to manage their product catalog. See the connected assets of the `installed_features` list.
`fbe_event` Type: string	FBE Event that indicates whether the event notification is an install or uninstall. See the connected assets of the `installed_features` list.
`flow` Type: string	Flow that indicates which flow a user onboarded with (for example `COMMERCE`, `CREATIVE`, and so on). See the connected assets of the `installed_features` list.
`commerce_merchant_settings_id` Type: string	Commerce Merchant Settings ID used to enable partners to read information regarding the selected FBE Commerce Merchant Settings. See the connected assets of the `installed_features` list.
`onsite_eligible` Type: boolean	Commerce onsite eligibility. Indicates whether the selected assets are eligible for onsite commerce. The merchant must still have intent for onsite and select returns/shipping/payments on the partner site. See the connected assets of the `installed_features` list.
`profiles` Type: array	List of profiles (a Facebook Page ID and/or an Instagram Business Profile ID). Use these IDs to create separate Graph API requests for other Facebook integrations you may have. See the connected assets of the `installed_features` list).
`pages` Type: array	List of Facebook Page IDs. Use these IDs to create separate Graph API requests for other Facebook Page integrations you may have. See the connected assets of the `installed_features` list.
`instagram_profiles` Type: array	List of Instagram Business profile IDs. Use these IDs to create separate Graph API requests for other Facebook/Instagram integrations you may have. If the field is not included, this means it's only Instagram-related scope. For example, `instagram_basic` is not included in the access token and/or the business has not connected any Instagram Business profile with FBE. See the connected assets of the `installed_features` list.
`pixel_id` Type: string	Unique pixel ID for this business that you should store and use to fire pixel events. See the connected assets of the `installed_features` list.
`token_type` Type: string	Token type. Indicates whether the `access_token` received is a default User access token or a System user access token.
`installed_features` Type: array	List of features this business has integrated with/installed through the onboarding flows. See the current feature list.
`feature_instance_id` Type: array	ID that uniquely represents each installed feature. Can be used in the future to modify or uninstall a particular instance. It is the same as the `feature_instance_id` referenced in the Feature Configuration API and Webhook.
`feature_type` Type: string	Type of the feature installed. The feature list table has the entire set of features available. You only need to track the features you have enabled.
`connected_assets` Type: array	List of assets that are specific and relevant to each feature. Asset descriptions correspond to the ones mentioned at the top of this table.
`additional_info` Type: array	Additional information about the connected feature.

When you receive a Webhook event for a new installation, you must: 1) maintain a mapping of business_id to its pixel_id since pixel ID is unique for that business and you should use to fire standard pixel events and 2) update the inventory for that business using one of the Catalog PUSH APIs, if enabled.

Example — Payload with boolean `onsite_commerce_eligible` field

{
  "data": [{
    "ad_account_id": "<ad_account_id>",
    "business_manager_id": "<business_manager_id>",
    "catalog_id": "<catalog_id>",
    "commerce_merchant_settings_id": "<commerce_merchant_settings_id>",
    "onsite_eligible": true,
    "profiles": [
      "<page_id>",
      "<instagram_profile_id>"
    ],
    "pages": [
      "<page_id>"
    ],
    "instagram_profiles": [
      "<instagram_profile_id>"
    ],
    "pixel_id": "<pixel_id>",
    "token_type": "<token_type>",
    "installed_features": [
        {
            "feature_instance_id": "<unique_id>",
            "feature_name" : string, 
            "feature_type": enum,
            "connected_assets": {
                "ad_account_id": "<ad_account_id>",
                "business_manager_id": "<business_manager_id>",
                "catalog_id": "<catalog_id>",
                "commerce_merchant_settings_id": "<commerce_merchant_settings_id>",
                "ig_profile_id": "<instagram_profile_id>"               
                "page_id": "<page_id>",
                "pixel_id": "<pixel_id>",
            },
            "additional_info": {
                            "onsite_commerce_eligible": bool
                        },
                        {
                        "shop_status": array
                        },
                        {
                        "shop_status_info": array
                        }
                }
         ]
    }]
}

FBE Installation API

For any business that has installed FBE, you can query for basic installation information (pixel_id and a list of profiles with an IG Business ID and/or Page ID) using the following endpoint:

Example

CURL -X GET 'https://graph.facebook.com/<API_VERSION>/fbe_business/fbe_installs?fbe_external_business_id=<fbe_external_business_id>&access_token=<access_token>'

Response

{
  "data": [{
    "token_type": "<token_type>"
    "installed_features": [
        {
            "feature_instance_id": "<unique_id>",
            “feature_name” : string, 
            "feature_type": enum,
            "connected_assets": {
                “ad_account_id”: "<ad_account_id>",
                “business_manager_id”: "<business_manager_id>",
                “catalog_id”: "<catalog_id>",
                “commerce_merchant_settings_id”: "<commerce_merchant_settings_id>",
                “ig_profile_id”: "<instagram_profile_id>"               
                "page_id": "<page_id>",
                "pixel_id": "<pixel_id>",
            },
            "additional_info": {
                            "onsite_commerce_eligible": bool
                        },
                        {
                        "shop_status": array
                        },
                        {
                        "shop_status_info": array
                        }
                }
         ]
    }]
}

The response includes the following fields. These are now the source of truth in connected assets od “installed_features” list:

Field	Description
`token_type` Type: string	Token type that indicates whether the `access_token` received is a default User access token or a System user access token.
`installed_features` Type: array	List of features this business has integrated with or installed through the onboarding flows.
`feature_instance_id` Type: string	Unique ID that represents each installed feature. Can be used in the future to modify or uninstall a particular instance. This is the same as the `feature_instance_id` referenced in the Feature Configuration API and Webhook.
`feature_name` Type: string	Name of unique feature.
`feature_type` Type: string	Type of feature installed. You only need to track the ones you’ve enabled.
`connected_assets` Type: array	List of assets specific to each feature.
`additional_info` Type: string	Additional information about the connected feature, including `shop_status` and `shop_status_info` that indicate if a Shop will be impacted by upcoming changes. `shop_status` values can be "inactive_other", "inactive_offsite", or "active", or "no_longer_available". "Active" means the shop is visible. "Inactive_offsite" means the shop is not visible because it is not using onsite checkout. "Inactive_other" means the shop is not visible due to some reason unrelated to checkout style. "No_longer_available" means that this shop is not in the US or a key market and is no longer available.

Feature Configuration API Response

The model includes the feature instance ID for each feature and fields that consist of an array of all features of that type installed by the business (example: multiple page CTAs).

For non-customizable features, only a feature instance ID and an enabled flag displays. You can update only the customizable features with a POST request.

This model is different from the FBE Installation API because it provides additional feature information beyond the connected assets, including enabled status and specific feature customizations. After calling the FBE Installation API, use this API if more information is needed about the feature’s enabled status or configurations.

Read

You can read the current feature configuration status of any business with the following request:

CURL -X GET 
'https://graph.facebook.com/<API_VERSION>/fbe_business/?fbe_external_business_id=<fbe_external_business_id>&access_token=<access_token>'

Update

To update all features, use the following POST request:

CURL -i -X POST \   
  -F 'fbe_external_business_id=<fbe_external_business_id>' \
  -F 'business_config={business_config object}' \
  -F 'access_token=<access_token>' 
  "https://graph.facebook.com/<API_VERSION>/fbe_business"

Response

{
  "page_cta": {
     "feature_instance_id": id1,
     "enabled": true,
     "cta_button_text": "Book Now",
     "cta_button_url": "https://partner-site.com/foo-business1",
     "below_button_text": "Powered by FBE Partner"
  },
  "page_ctas": [
    {
        "feature_instance_id": id1,
        "enabled": true,
        "cta_button_text": "Book Now",
        "cta_button_url": "https://partner-site.com/foo-business1",
        "below_button_text": "Powered by FBE Partner"
    },
    {
        "feature_instance_id": id2,
        "enabled": true,
        "cta_button_text": "Book Now",
        "cta_button_url": "https://partner-site.com/foo-business2",
        "below_button_text": "Powered by FBE Partner"
    }
  ],
  “ig_cta”: {...}
  "ig_ctas": [{...}, {...}],
  “ads”: [
    {
      "feature_instance_id": id3,
      “enabled”: true,
    },
    {
      "feature_instance_id": id4,
      “enabled”: true,
    },
  ],
  ...
}