Facebook
OAuth 2.0 via the Meta Graph API. Same requireFacebookCreds() resolver as the Instagram connector. The callback discovers the user's profile and every Facebook Page they manage.
Authentication at a glance
| Field | Value |
|---|---|
| Auth model | OAuth 2.0 |
| Required ENV | FACEBOOK_APP_ID, FACEBOOK_APP_SECRET |
| Callback URL | ${BASE_URL}/api/v1/auth/facebook/callback |
| Scopes / permissions | pages_show_list, pages_read_engagement, pages_manage_posts, publish_video |
| Auto token refresh | No — manual reconnect on expiry |
ENV details
Shared with the Instagram connector — one Meta app, two product surfaces.
How to connect
- Open Connections → Facebook → Connect.
- Sign in to Facebook with an account that has admin or editor access to the target Pages.
- Sosyabot lists every accessible Page; select which to enable.
Token refresh
Long-lived page tokens are issued at connect time and not auto-refreshed. Reconnect when a Page token expires.
Notes
- Sosyabot publishes to Pages, not personal profiles. The personal-profile record is created (
category: "profile",can_post: 0) but every postable channel is a Page (category: "page",can_post: 1). - Each Page receives its own access token from
/me/accounts; revoking a Page's role on the user's Facebook account also kills its Sosyabot token. - Posting video uses
publish_videoscope; image posts only needpages_manage_posts.
Troubleshooting
If the channel shows needs_reconnect, the access token was rejected by Facebook. Common causes:
- The user revoked Sosyabot's authorization on the platform.
- The platform invalidated the token (password change, security event).
- Your OAuth app credentials rotated and the existing tokens no longer match.
Re-run the connect flow above. See Troubleshooting for the workspace-wide checklist.