Graph API access

# Instagram API access ## Resources **[Instagram API Getting Started](https://developers.facebook.com/docs/instagram-api)** [Access Tokens](https://developers.facebook.com/docs/facebook-login/guides/access-tokens) [App Types](https://developers.facebook.com/docs/development/create-an-app/app-dashboard/app-types#business) [Graph API Getting Started](https://developers.facebook.com/docs/graph-api/get-started) [Facebook SDK](https://developers.facebook.com/docs/business-sdk/getting-started#ruby) [Graph API Explorer](https://developers.facebook.com/tools/explorer?) [Facebook Login with the JavaScript SDK](https://developers.facebook.com/docs/facebook-login/web) [Meta Business SDK](https://developers.facebook.com/docs/business-sdk/overview) [App Review Overview](https://developers.facebook.com/docs/app-review/introduction) [App Review Submission Guide](https://developers.facebook.com/docs/app-review/submission-guide) [Read User Media Data](https://developers.facebook.com/docs/instagram-api/reference/ig-user/media#reading) from `GET /{ig-user-id}/media` [Get Instagram "Insights"](https://developers.facebook.com/docs/instagram-api/guides/insights) `GET /{ig-user-id or media-id}/insights?metric=engagement,impressions,reach` [IG User API endpoints](https://developers.facebook.com/docs/instagram-api/reference/ig-user) [IG Media API endpoints](https://developers.facebook.com/docs/instagram-api/reference/ig-media) ## Notes "Instagram Professional accounts must be connected to a Facebook Page before their data can be accessed through the API. Once connected, any Facebook User who is able to perform Tasks on that Page can grant your app an access token, which can then be used in API requests." ([source](https://developers.facebook.com/docs/instagram-api/overview#pages)) ### Getting to the user's Instagram account from a Facebook Login * The user logs in via Facebook and grants permissions * The App requests a list of the users Facebook Pages (can be multiple, so we may need a step where the user selects the correct FB page) `/{meta_user_id}/accounts` * The App requests the Instagram business account associated with the page `/{page_id}?fields=instagram_business_account` ([source](https://developers.facebook.com/docs/instagram-api/getting-started)) ## Steps * Register as a Facebook Developer (Decide on an account) * Register the app as a *Business App* (required for persistent access to the API) and connect a corresponding [Business Account](https://www.facebook.com/business/help/1710077379203657?id=180505742745347) * Install the [Facebook SDK](https://developers.facebook.com/docs/business-sdk/getting-started#ruby) in our app * Create a page where Creators can log in and grant the app (basic) access to their Instagram account * Complete [App Review](https://developers.facebook.com/docs/instagram-api/overview#app-review) **(do we need to call this out to Palette and make sure that the use case will pass review?)** # TikTok API access ## Resources * [Login Kit](https://developers.tiktok.com/doc/login-kit-web/) * [App Registration](https://developers.tiktok.com/doc/getting-started-create-an-app)(required for to allow users to log in) * [App Review Guidelines](https://developers.tiktok.com/doc/our-guidelines-developer-guidelines) * [OAuth Access Token Management](https://developers.tiktok.com/doc/oauth-user-access-token-management/) * [Display API](https://developers.tiktok.com/doc/display-api-overview/) (lists and shows a user's videos *and associated metadata*) ### Notes *"After successfully completing authentication with TikTok, your application will be able to request access to basic user data such as display name and avatar. For requesting access to additional data from users, pre-approval will be required in your TikTok app on developers.tiktok.com."* Tiktok API tokens all have an expiry, and a refresh token is provided to generate a fresh access token for persistent authorization. Tiktok's documentation suggests CRON jobs to keep tokens valid. "*The server code must be responsible for the following: ... Handling the refresh flow before access token expiry.*" See point 2 [here](https://developers.tiktok.com/doc/oauth-user-access-token-management/). ## Steps * [Register](https://developers.tiktok.com/signup) a TikTok developer account * Register an app to be able to fetch "basic user data such as display name and avatar". * [Get app approved](https://developers.tiktok.com/doc/getting-started-create-an-app) to grant access to further data * Create sign-in page that utilizes the TikTok [Login Kit](https://developers.tiktok.com/doc/login-kit-web/) to log into creator account and request authorization to access data * Store response data for creator * Create CRON job to manage token refreshes * [List creator videos](https://developers.tiktok.com/doc/tiktok-api-v2-video-list/) at https://open.tiktokapis.com/v2/video/list/ (creator identified by `Bearer` token) * [Get video metadata](https://developers.tiktok.com/doc/tiktok-api-v2-video-query/) at `POST` https://open.tiktokapis.com/v2/video/query/ with video IDs from previous query # YouTube API access ## Resources * [YouTube Data API Overview](https://developers.google.com/youtube/v3/getting-started) * [Authorization Credentials](https://developers.google.com/youtube/registering_an_application) * [OAuth Access to Google APIs](https://developers.google.com/identity/protocols/oauth2) * [Google API Ruby Client](https://github.com/googleapis/google-api-ruby-client) * [Oauth policy Compliance](https://developers.google.com/identity/protocols/oauth2/production-readiness/policy-compliance#sensitive-restricted-scope-verification) * [YouTube-specific Authorization guide](https://developers.google.com/youtube/v3/guides/authentication) * [YouTube Data API](https://developers.google.com/youtube/v3/getting-started) * [OAuth Consent Screen](https://console.cloud.google.com/apis/credentials/consent?project=api-project-392446058806) (includes useful information about app verification) * [Verification process FAQ](https://support.google.com/cloud/answer/9110914)