I'm trying to show the feed and events of a Facebook fanpage on a website. I'm using the php sdk to call the Facebook graph api. I also created an app on my Facebook account and have an app ID, app secret and app token. I don't want to log in the user of the website. I just want to integrate the events and news data of the Facebook fanpage on the website.
My question is: Can I use the static app token to make graph api calls with php from my server and build my website after that, so that no one will receive the app token? Or is this bad because of security issues?
Here is the code:
$app_ID = '{appID}';
$app_secret = '{appSecret}';
$app_token = "{staticAppTokenFromFacebookDeveloperSettings}";
$facebook_page_ID = '{facebookPageID}';
$fb = new Facebook\Facebook([
'app_id' => $app_ID,
'app_secret' => $app_secret,
'default_graph_version' => 'v2.7',
]);
$fb->setDefaultAccessToken($app_token);
try {
$response = $fb->get('/' . $facebook_page_ID . '/feed');
//$response = $fb->get('/' . $facebook_page_ID . '/events');
// ...
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
Thank you very much!
