(Disclaimer: The access_tokens and appIds in this post are fake and are just intended to look real)
I'm trying to generate an access_token using the call to the following:
That gives me an access_token in this format:
access_token=123456789000000|TR528Smvi4AXMM21Zhmi5XmJwmk
If I try to access a fan page that's protected with that token like this I get false back: http://graph.facebook.com/109813019043531?access_token=123456789000000|TR528Smvi4AXMM21Zhmi5XmJwmk
Now, if I use the Graph API Explorer and select the same App as the one I'm using above to generate the access token I get an access token that looks like this:
ABBDSqE43jFSSbrS7ujvyLZClfyKDCZBhAuLXTtr9nwelj4MFwlijzejljEoNItC3lijzm3shemzq3jDFCdAZD
If I use that access token to access the URL (http://graph.facebook.com/109813019043531) it works as expected.
My question is, what is the difference between the two and how can I programmatically generate one that works like the second token?
Best Answer
The first one you show is an APP access token. The second one from Graph API Explorer is a USER access token. There is a third type called PAGE access token. Each do something different.
APP access tokens are used to get information that your app is privileged to access. And in some cases where publish_stream is granted from an app user, you can use it to post to that user's wall, without needing a USER access token.
USER access tokens are given to your app and they relate to the permissions a specific app user has granted to your application so you app can act on their behalf.
PAGE access tokens are given to page admins so they can act on behalf of the page. To go from a user access token to a page access token, call
/me/accountsusing the user access token to get a list of pages they admin along with each pages access tokens.If you have an access token and you want to know more information about it, lint it at https://developers.facebook.com/tools/lint
For more information on access tokens see: https://developers.facebook.com/docs/authentication