I normally use a dirty method to get my Facebook Graph API token key in applications that fetches facebook data. I download the Graph API example page at graph dot facebook dot com then I locate the token key in the page. (The account is already connected)
Now, I need to program (for someone else) a commercial application that uses Graph API and I’m afraid such an hacky way could become non-functional if Facebook website changes.
Is there a static URL more common than the example page where the Graph API token_key resides, or do you think my method will be safe for a long time?
[Edit]
Just to comment my question, and the answer to my question:
I was trying to build a desktop application fetching data on Facebook using only Graph Explorer and the Graph API example page instead of doing the web request in the answer. I didn’t want to have a desktop application that depends on a Facebook App so that’s why I was always asking the user to connect via two text boxes (which is against Facebook t&c) then I was downloading the Graph API examples page to get the proper token.
But Graph Explorer and its examples are using a ‘Facebook App’ too. So it’s not clear if the access_token are going to be valid for a long time or not: It’s not a good practice.
The answer is: Redirecting a user to an authentification page then fetching an access token is safer, easy to handle and a lot more stable than connecting a user via text boxes and several WebBrowsers navigation.
You can get an application access token to query public data on Facebook from this URL:
https://graph.facebook.com/oauth/access_token?type=client_cred&client_id={yourappid}&client_secret={yourappscret}You need to create an application on Facebook and pass it’s ID and secret key.
More information on: http://developers.facebook.com/docs/authentication/applications/