User Access Token Changes by Facebook


#1

On April 10th 2018 Facebook announced the expiration time of User Access Tokens will be changed to 90 days (source: https://developers.facebook.com/blog/post/2018/04/09/user-access-token-changes/).

It is unclear how Facebook’s implementation of tokens is intended to work with 3rd party service providers. Particularly concerning is the long-lived token renewal process since it involves users supplying their “app secret” as well as their “app token” to a service in order to renew their tokens.

DataSift is currently evaluating what these changes mean to our Managed Sources service, but from our initial understanding we don’t believe it will be possible to automatically renew User Access Tokens nor prevent them from expiring.

It is our assumption that the changes only affect User Access Tokens, so Page Access Tokens are unaffected. For customers who own the pages they’re monitoring we recommend to:

  • Create a “long-lived” User Access Token from your initial User Access Token
  • Use this “long-lived” User Access Token to generate a Page Access Token for the Page you wish to monitor
  • Create a new Facebook Managed Source on DataSift’s platform for the single Page you wish to monitor, using the Page Access Token you just generated

This Page Access Token “should” have no expiry time, so the Source “should” work indefinitely, unless the token is revoked for some other reason (this sometimes happens on Facebook’s side).

We understand that Facebook’s changes are likely to be very disruptive to you. We’d encourage you to provide this feedback to Facebook directly via this form they have made available: https://go.fb.com/2018-FB4D-platform-review-form.html