Is it possible to pass Facebook Graph API access token through request header?
Yes it is possible
Authorization: Bearer AccessTokenHere
e.g.
curl --header "Authorization: Bearer CAAC...ZD" https://graph.facebook.com/me
This answer previously recommended using "OAuth" instead of "Bearer" as the token type. Both will work, but "Bearer" is the type that shows up in the standard. Also, on completing Facebook's OAuth flow, the token_type
in their response is bearer
. So all in all "Bearer" makes more sense.
Related videos on Youtube
kavare
A Senior Full Stack Developer / Engineer Manager / Product Manager with expertise in JavaScript & ReactJS (3 years of product experience; 6 years of hands-on programming experience). Led the front-end architecture of a talent CRM system with 11 modules and 1M+ contacts. Scaled engineer teams from seed to series B with agile culture. Co-founded 2 NGOs and 1 startup with hands-on entrepreneurship. Find me on LinkedIn: https://www.linkedin.com/in/aarontthsieh/
Updated on November 09, 2020Comments
-
kavare over 3 years
I am testing Facebook Graph API v2.3 with Postman. While it is possible to get response by putting access token in query string as follow:
https://graph.facebook.com/v2.3/me?access_token=my_access_token
I am wondering whether it's possible to do the same thing with HTTP request headers, which would be something like this:
GET /v2.3/me HTTP/1.1 Host: graph.facebook.com Authorization: <my_access_token> Cache-Control: no-cache Postman-Token: <postman_token>
Based on this similar question (i.e. How should a client pass a facebook access token to the server?) on Stackoverflow, it seems that this should be possible.
Any thoughts on this?
Edit:
What raised my interest is that, when I used the
API Graph Explorer
provided by Facebook Developers, it seems that there's no query string in that sandbox either. How does that work?Facebook API Graph Explorer
DO use query string for access token. Thanks to @CBroe's response.-
CBroe about 9 yearsOf course Graph API Explorer passes the access token as a query string parameter (for GET requests), you can clearly see that when you look at the request it makes in your browser’s developer tools network panel.
-
kavare about 9 years@CBroe I think you are right. After checking the Network panel it's clear that Graph API Explorer passes the access token using query string. Does that mean query string is the only way to pass it?
-
-
kavare about 9 yearsBrilliant!! I just missed out the "OAuth" in front of the access token. Thank you @phwd
-
Nepoxx about 8 yearsIs this documented somewhere on Facebook?
-
Nepoxx about 8 years@phwd Thank you. It wasn't clear to me that Facebook's API was OAuth compliant (but it makes sense).