Skip to main content

Facebook App Keys

Description

General

  • Documentation: https://developers.facebook.com/docs/facebook-login/access-tokens/#apptokens
  • Summary: Facebook access tokens are strings used for identification and are of three types: either to identify a user, an application, or Page. Application access tokens are used to modify and read app settings. They can also be used to publish Open Graph actions. They are generated using a pre-agreed secret between the app and Facebook and is then used during calls that change app-wide settings.
  • IPs allowlist: This feature is not available.
  • Scopes: App access tokens are only limited to access and modify application data (no reach on users, pages, or clients).

Revoke the secret

There is no direct information on how to revoke app access token.

Check for suspicious activity

Facebook API has access to an AppEventLogger class in order to monitor various activities (see here).

Details for Facebook App Keys

  • Family: credentials

  • Category: social_network

  • Company: Meta

  • High recall: False

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 25.92

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - facebook
    - fb(-|_)?(client|app|id|key|secret)
- type: BanMinifiedPreValidator
  threshold_minified: 0.8

Examples

- text: |
    facebook String appId = "294790898041575"; String appSecret = "ce3f9f0362bbe5ab01dfc8ee565e4372"
  client_id: '294790898041575'
  client_secret: 'ce3f9f0362bbe5ab01dfc8ee565e4372'
- text: |
    String fb_id = "294790898041575"; String fb_secret = "ce3f9f0362bbe5ab01dfc8ee565e4372"
  client_id: '294790898041575'
  client_secret: 'ce3f9f0362bbe5ab01dfc8ee565e4372'
- text: |
    facebook String appId = "294790898041575"; String appSecret = "ce3f9f0362bbe5ab01dfc8ee565e4372"
  client_id: '294790898041575'
  client_secret: 'ce3f9f0362bbe5ab01dfc8ee565e4372'
Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status