art & design by sambaneko

Follow @
  • DeviantART
  • Tumblr
  • Twitter
  • Facebook

Setting up Permissions and Obtaining a Page Access Token for Facebook API Usage

6/1/2021 Update: This is obsolete content! Please see my updated post on the subject.

8/4/2016 Update: I've noticed this page is getting some traffic. Since writing this, Facebook has updated their Graph API version, and changed the layout on some of the pages I've referenced below. The access token I obtained by going through these steps is still working for me, but I cannot say with certainty if this method is still accurate. In the event that my access token stops working, I'll likely make a full update on whatever the new procedure is, but until then you're welcome to try what's below.

I'm writing this mainly for self-reference, but it may be useful for others who want to build simple PHP API functionality to connect to your own Facebook (Fan) Pages for publishing updates and content. The SDK package is straightforward, but figuring out how to set up permissions and obtain the right access token is not.


  1. Your app needs to have (at least) two permissions from you: "manage_pages" and "publish_pages". To grant these permissions to your app, go to the Facebook Login Button page and click the "Get Code" button.

    In the pop-up that appears, make sure your App is selected in the "App ID" field (this field will only be visible if you're logged in to your account).

    Now copy both code blocks from the pop-up and paste them into an empty HTML file (no other markup is needed). On the div element which you copied from the second code box, add the attribute data-scope, with a value of "manage_pages,publish_pages". Save your HTML file and put it on a server, then open it in a browser. Click on the Facebook Login button, and you'll be prompted to grant permissions to your app. You may see a warning that certain permissions (like "manage_pages") can't be granted without submitting your app to Facebook for review and approval, but this does not apply if you are the Admin of your Fan Page.

    Once you've approved the permissions, you can remove the HTML page from your server; you won't need it again unless you want to grant more permissions (in which case, just add the new permissions to data-scope, and click the Login button again).

  2. Now you need a Page Access Token. The PHP SDK requires 4 pieces of data to successfully interact with your Fan Page through the API:

    • App ID
    • App Secret
    • Fan Page ID
    • Access Token

    The first two can be found in your App's Dashboard from the Facebook App Developer page. Your Fan Page ID is located at the bottom of the "About" tab on your Page. To get a proper Access Token, go to Facebook's Graph API Explorer tool. The "Application" field on this page will initially display "Graph API Explorer," but click it to select your App instead.

    There will be an Access Token in the "Access Token" field (if not, click the "Get Token" button to generate one), but this is not the one you want for the SDK - you can test this by clicking the "Debug" button next to the field: you'll get a page with details about the token, and in the "Expires" field, there's an expiration timestamp.

    Instead, in the lower input field, enter the API endpoint "/v2.3/me/accounts", then click "Submit". In the box below, you'll get a block of JSON which contains an "access_token":

    Copy the access_token value and paste it into the "Access Token" field, then hit the "Debug" button. If you see that the "Expires" field now says "Never," then you've got the right token now. Paste it into your SDK code where you establish a FacebookSession. You should now be able to POST to API endpoints with your Fan Page ID. If you receive an error regarding the "App Secret Proof," add the following line to your code prior to making a request:

May 22, 2015

Web Development PHP Facebook API

CakePHP 3 Upgrade

AngularJS Initial Impressions

Return to Top