Facebook Pages API

Access Tokens

This guide explains how to get User and Page access tokens.

Get a Short-lived User Access Token

Use one of the following methods to get a short-lived User access token:

These methods create a short-lived User access token that is valid for 1 hour.

Get a Long-lived User Access Token

Before You Start

You will need the following:

To get a long-lived User access token, send a GET request to the /oauth/access_token endpoint. Replace APP-ID, APP-SECRET, and SHORT-LIVED-USER-ACCESS-TOKEN with your information.

curl -i -X GET "https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&
  client_id=APP-ID&
  client_secret=APP-SECRET&
  fb_exchange_token=SHORT-LIVED-USER-ACCESS-TOKEN"

On success, your app gets this response:

{
  "access_token": "LONG-LIVED-USER-ACCESS-TOKEN",
  "token_type": "bearer",
  "expires_in": SECONDS-UNTIL-TOKEN-EXPIRES
}

This token is valid for 60 days.

Get a Page Access Token

Before You Start

  • A User access token requested by a person who can perform the action on the Page. For example, to moderate comments the person generating the token must be able to perform the MODERATE task the Page.
  • The Facebook ID of the Page you want to access

To get a Page access token, send a GET request to the /PAGE-ID endpoint using your User access token. Replace PAGE-ID and USER-ACCESS-TOKEN with your information.

curl -i -X GET "https://graph.facebook.com/PAGE-ID?
  fields=access_token&
  access_token=USER-ACCESS-TOKEN"

On success, your app receives this response:

{
  "access_token":"PAGE-ACCESS-TOKEN",
  "id":"PAGE-ID"              
}
  • If you used a short-lived User access token, the Page access token is valid for 1 hour.
  • If you used a long-lived User access token, the Page access token has no expiration date.

Get Access Tokens of Pages You Manage

Before You Start

You will need:

To get list of Pages and their corresponding Page access tokens, send a GET request to the /USER-ID/accounts endpoint. Replace USER-ID and USER-ACCESS-TOKEN with your information.

curl -i -X GET "https://graph.facebook.com/USER-ID/accounts?
  fields=name,access_token&
  access_token=USER-ACCESS-TOKEN"

On success, your app receives the following response:

{
  "data": [
    {
      "name": "Facebook Page 1",
      "access_token": "PAGE-1-ACCESS-TOKEN",
      "id": "PAGE-1-ID"
    },
    {
      "name": "Facebook Page 2",
      "access_token": "PAGE-2-ACCESS-TOKEN",
      "id": "PAGE-2-ID"
    },
    {
      "name": "Facebook Page 3",
      "access_token": "PAGE-3-ACCESS-TOKEN",
      "id": "PAGE-3-ID"
    },
...

Limitations

  • Short-lived User access tokens are valid for one hour.
  • Long-lived User access tokens are valid for 60 days.
  • Short-lived Page access tokens are valid for one hour.
  • Long-lived Page access tokens are have no expiration date.

All long-lived access tokens may be invalidated before they expire, even non-expiring Page access tokens under certain circumstances. An access token is invalidated if the user ends their session with the app, if the user who requested the token no longer has a role on the app or Page, or when a security issue has been detected.

Invalidate a Token

To invalidate a Page or User access token, the person that created the token will need to remove and then re-add the App. This will invalidate all access tokens created by that person for the App. The following help articles describe how to remove an app from a user or business.

The App can then be re-added by getting a User Access Token, or logging into the App.

Learn More

Guides

  • Facebook Login – Learn more about using Facebook Login to request permissions used to access the Graph API.
  • User Node Reference - Learm more about the fields, edges, and methods of the User Node.
  • Page Node Reference – Learm more about the fields, edges, and methods of the Page Node.
  • Access Tokens - Learm more about the fields, edges, and methods of the User Node.

Tools