How to Get Facebook App Secret Keys And Access Token?

To display Facebook stream feeds, you need a Facebook App secret key and Access Token. To get Facebook App Secret key and Access Token, Firstly you need to create Facebook Application as showing in below:

1. Go to https://developers.facebook.com and log in.
2. Register as a developer. After register as a developer, you can create your app.
3. If you’re already registered before choose on the navigation bar My Apps -> Add a New App.
   
4. Select ‘More options’ app type. and click on Continue button. After that Select ‘Something Else’ and click on Continue button. 
5. Enter the App Display name, your email and click Create App. 
6. IMPORTANT! Leave your app in Development mode.
   
7. Copy App ID at the top of the page. And paste your App ID on Social Streams Designer Plugin’s page in the admin panel. 

How to Get App Secret?

1. On Facebook Developers navigate to Settings -> Basic.
   
2. Click on Show in the field App Secret and confirm your Facebook password.
   
3. Copy revealed key and paste it on your Social Streams Designer Plugin’s page in the admin panel. 

How to Generating Token?

1. For streaming public pages please go to Explorer Tool https://developers.facebook.com/tools/explorer.
2. Expand Get Token dropdown and choose Get Page Access Token. Approve access, ignore the warning, it’s not needed for getting your page feed.
   
3. Choose the page you want to stream for the plugin in the same Get Token dropdown.
   
4. Before generating the access token, you should give the permissions which you needed for your page access token or user access token. Select the permissions which you want from Permissions section after the selection of page or user access token.
   For Page access token, these permissions should be there to get the proper data: page_events, pages_manage_ads, pages_manage_cta, pages_manage_engagement, pages_manage_instant_articles, pages_manage_metadata, pages_manage_posts, pages_messaging, pages_read_engagement, pages_read_user_content, pages_show_list, user_events & user_managed_groups
   For others usage, these permissions should be there to get the proper data: instagram_basic, instagram_content_publish, instagram_manage_comments, instagram_manage_insights, instagram_manage_messages & publish_video
   
5. Once you select the page, It will generate the new access token. This is short-lived access token. A short-lived token vaild upto 1 hour.
   

Create Long-lived Access token

A long-lived User access token you can generate one from a short-lived User access token. A long-lived token generally lasts about 60 days.

https://graph.facebook.com/v7.0/oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={your-access-token}

Replace {app-id} , {app-secret} and {your-access-token} with your Facebook app id, your Facebook app secret and your short-lived access token. Open a new browser window and load the Authorization Window URL.The API will return a JSON encoded object containing a Long-lived Facebook User Access Token,

{
“access_token”:”{long-lived-user-access-token}”,
“token_type”: “bearer”,
“expires_in”: 5183944
}

Just copy the newly generated Page Access Token from the token field and paste it on your Social Streams Designer Plugin’s page in the admin panel.

Token Expiration

Facebook want their user accounts to be safe, and for that, they have set certain safety boundaries. On finding any suspicious activity happening around or within your account, your credential/token might expire.

The possible reasons behind your credential/token expirations are:

• You may haven’t logged in even once in the last 2 months (the most usual reason).
• You’ve recently changed your Facebook password.
• You’ve recently logged out of Facebook.
• Logging in and out of multiple Facebook accounts from your device.
• Facebook has detected a security issue on your account.
• Facebook suspects spammy behavior on your account (like posting too frequently or repetitive content).
• Suspicious (Login attempts from a new location) and later not having the full permissions required. In case if you initially grant the permissions and decide to stop using our authentication, we do not have access without your permission.