APP_ID

APP_SECRET

ACCESS_TOKEN

Access token (short-lived or long-lived) obtained through Authorization Flow

POST_ID

TIMESTAMP

INPUT_TOKEN

Access token (short-lived or long-lived) associated with YOU, the Facebook App owner

OWNER_ACCESS_TOKEN

Owner's access token (short-lived or long-lived) obtained

CREATED_TIME

Facebook’s Graph API is the central means for programmatic access to Facebook data.  It is the entry point for reading and writing to Facebook’s “social graph”. 

This course begins with a discussion of the major concepts of the Facebook Graph API. You will learn basic concepts like authentication, authorization, and access tokens. Then, you will build out your mini-project step by step by deploying the "Login with Facebook"  web page. By the end, you will have a thorough understanding of how to build API integrations in your own projects.

Facebook Login and the Facebook Graph API

## The long-lived access token

In our previous lesson, we noted how the short-lived access token &mdash; which your web application obtains as soon as a user has completed their "Login with Facebook" flow and after Facebook has redirected them back to your application &mdash; is a perfectly valid token. You have about an hour to use it for authorized requests to the Facebook Graph API. During that time, you can request resources belonging to the user that authorized your application, as long as the resources you request are within the permission scopes that you originally asked for.

A one-hour lifespan for a token might be sufficient for some application needs, but it is likely that your application will need longer-term access. Let's assume that your web application will want to make behind-the-scenes requests of your users' Facebook data, and you intend to do this well into the future.

To do that, you are going to need the **long-lived access token**. A long-lived access token has the same functionality as a short-lived token, but it has a validity of 60 days.

# The long-lived access token

In our previous lesson, we noted how the short-lived access token &mdash; which your web application obtains as soon as a user has completed their "Login with Facebook" flow and after Facebook has redirected them back to your application &mdash; is a perfectly valid token. You have about an hour to use it for authorized requests to the Facebook Graph API. During that time, you can request resources belonging to the user that authorized your application, as long as the resources you request are within the permission scopes that you originally asked for.

A one-hour lifespan for a token might be sufficient for some application needs, but it is likely that your application will need longer-term access. Let's assume that your web application will want to make behind-the-scenes requests of your users' Facebook data, and you intend to do this well into the future.

To do that, you are going to need the **long-lived access token**. A long-lived access token has the same functionality as a short-lived token, but it has a validity of 60 days.

Learn about the long-lived access token in detail.

__default

Exchange for a Long-Lived Access Token

The long-lived access token