権限 (Permissions)

認可されたアプリケーションは、既定ではユーザーの基本情報 (Basic Information) にしかアクセスできません。さらに追加の情報へアクセスするには、追加の権限を取得する必要があります。

追加の権限が必要なとき、それを得ずにユーザー情報へアクセスした場合には、HTTPステータスの200とともに

{"data":[]}

のような空のデータ、または

{"error":"(#200) The user hasn't authorized the application to perform this action"}

のようなレスポンスが返されます。

権限の取得

アプリケーションの認可ページへのアクセス時に、scopeパラメータで必要な権限の種類を指定します。権限はカンマ区切りで複数指定できます。

https://www.facebook.com/dialog/oauth
    ?client_id=APP_ID
    &redirect_uri=REDIRECT_URL
    &scope=COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES

追加の権限はOAuth Dialogで、赤枠部分のように表示されます。

取得済みの権限の確認

次のURLへリクエストを送ることで、取得済みの権限の一覧を取得できます。

https://graph.facebook.com/me/permissions
    ?access_token=USER_ACCESS_TOKEN

レスポンスは、

{"data":[{"installed":1,"user_status":1}]}

のような形式で返されます。

App Settingsによる権限の確認

ユーザーはApp Settingsで、アプリケーションに許可した権限を確認できます。

アプリケーション名の右にある[Edit]をクリックすると表示される、「This app needs」の一覧がそれです。

権限の種類

User Permissions / Friends Permissions

権限※1 認められるアクセス
_about_me the "About Me" section of the profile in the about property
_activities the user's list of activities as the activities connection
_birthday the birthday with year as the birthday property
_checkins Provides read access to the authorized user's check-ins or a friend's check-ins that the user can see.

This permission is superseded by user_status for new applications as of March, 2012.

_education_history education history as the education property
_events the list of events the user is attending as the events connection
_groups the list of groups the user is a member of as the groups connection
_hometown the user's hometown in the hometown property
_interests the user's list of interests as the interests connection
_likes the list of all of the pages the user has liked as the likes connection
_location the user's current location as the location property
_notes the user's notes as the notes connection
_photos ユーザーがアップロードした写真、およびユーザーがタグ付けした写真。
_questions the questions the user or friend has asked
_relationships the user's family and personal relationships and relationship status
_relationship_details the user's relationship preferences
_religion_politics the user's religious and political affiliations
_status ユーザーのステータス メッセージとチェックイン。

(投稿に関連づけられた位置情報に、この権限がどのように作用するかはlocation_postを参照のこと)

_subscriptions the user's subscribers and subscribees
_videos the videos the user has uploaded, and videos the user has been tagged in
_website the user's web site URL
_work_history work history as the work property
email the user's primary email address in the email property.

Do not spam users. Your use of email must comply both with Facebook policies and with the CAN-SPAM Act.

※1 権限の正確な表記は、User permissionsはuser_xx、Friends permissionはfriends_xxの形式となります。ただしemailだけはemailの表記で、user permissionsのみで有効です。

Extended Permissions

権限 説明
read_friendlists Provides access to any friend lists the user created. All user's friends are provided as part of basic data, this extended permission grants access to the lists of friends a user has created, and should only be requested if your application utilizes lists of friends.
read_insights Provides read access to the Insights data for pages, applications, and domains the user owns.
read_mailbox Provides the ability to read from a user's Facebook Inbox.
read_requests Provides read access to the user's friend requests
read_stream ユーザーのニュース フィードのすべての投稿への、アクセスと検索を許可する。
xmpp_login Provides applications that integrate with Facebook Chat the ability to log in users.
ads_management Provides the ability to manage ads and call the Facebook Ads API on behalf of a user.
create_event Enables your application to create and modify events on the user's behalf
manage_friendlists Enables your app to create and edit the user's friend lists.
manage_notifications Enables your app to read notifications and mark them as read. Intended usage: This permission should be used to let users read and act on their notifications; it should not be used to for the purposes of modeling user behavior or data mining. Apps that misuse this permission may be banned from requesting it.
user_online_presence Provides access to the user's online/offline presence
friends_online_presence Provides access to the user's friend's online/offline presence
publish_checkins Enables your app to perform checkins on behalf of the user.
publish_stream アプリケーションがコンテントやコメント、それに「いいね!」を、ユーザーやユーザーの友人のストリームに投稿することを許可する。

これはpublish_actionsも含む権限の上位セットである。

However, please note that Facebook recommends a user-initiated sharing model. Please read the Platform Policies to ensure you understand how to properly use this permission. Note, you do not need to request the publish_stream permission in order to use the Feed Dialog, the Requests Dialog or the Send Dialog.
rsvp_event Enables your application to RSVP to events on the user's behalf

Open Graph Permissions

権限※1 説明
publish_actions Allows your app to publish to the Open Graph using Built-in Actions, Achievements, Scores, or Custom Actions. Your app can also publish other activity which is detailed in the Publishing Permissions doc. Note: The user-prompt for this permission will be displayed in the first screen of the Enhanced Auth Dialog and cannot be revoked as part of the authentication flow. However, a user can later revoke this permission in their Account Settings. If you want to be notified if this happens, you should subscribe to the permissions object within the Realtime API.
_actions.music Allows you to retrieve the actions published by all applications using the built-in music.listens action.
_actions.news Allows you to retrieve the actions published by all applications using the built-in news.reads action.
_actions.video Allows you to retrieve the actions published by all applications using the built-in video.watches action.
_actions:APP_NAMESPACE Allows you retrieve the actions published by another application as specified by the app namespace. For example, to request the ability to retrieve the actions published by an app which has the namespace awesomeapp, prompt the user for the users_actions:awesomeapp and/or friends_actions:awesomeapp permissions.
_games_activity Allows you post and retrieve game achievement activity.

※1 権限の正確な表記は、User permissionsはuser_xx、Friends permissionはfriends_xxの形式となります。ただしpublish_actionsだけはpublish_actionsの表記で、user permissionsのみで有効です。