My current need is to post messages occasionally in my Facebook account from the server. The peculiarity of the Facebook system for my goal is that I need to obtain a long-lived token. This can be achieved in three steps:
Step 1: Gain a normal access token (short-lived):
You only have to use this tool that provides the platform: Graph API Explorer.
In the official documentation is detailed (Quickstart - Generate a basic Access Token), but it isn't tricky. The only important detail is that it's necessary to ask for a token with publishing permissions. This is properly explained a bit further down; in Get Publishing Permissions section.
Step 2: Obtain a long-lived token
For my need of publication from the server without user intervention (my account) I need a long-lived token. It is easy to get from the normal token providing the application identificator and secret.
This is properly explained in official documentation. It consists of a GET request with the following URL and these parameters (line breaks are included for readability):
https://graph.facebook.com/oauth/access_token? grant_type=fb_exchange_token& client_id=488654341253452& client_secret=c622e09e0d33546oj89g9d523286bdb& fb_exchange_token=CAAG8lxCY80wBAOrpDHAGETsHZC...zIUBlhqEvYLq0d9GkpOsZD
Paso 3: Post
Once we have the long-lived token -with right publishing permissions- to post is very easy (oficcial documentation).
It only consists in creating a POST request with the next URL (to publish in the feed) and with the long-lived token as value of access_token parameter. Something like this:
POST https://graph.facebook.com/102036675662757/feed? message=Hello%20World& access_token=CAAG8lxCY80wBAOrpDHAGETsHZC...zIUBlhqEvYLq0d9GkpOsZD
Although it is a POST request, the message can go in the URL (properly encoded with Percent encoding).
Unlike Twitter, Facebook uses OAuth 2.0, so no need to encrypt the requests as they are on an encrypted channel (HTTPS). This greatly simplifies the composition of petitions.
The problem of renewing the long-lived token
The only drawback of the Facebook system to post from the server is that long-lived token expire in about two months. The documentation explains the problem and ways to solve it: Refreshing Long-Lived Tokens. I extract quite a few explanatory paragraphs:
You should, in general, not use the same long-lived tokens on more than one web client (i.e. if the person logs in from more than one computer.) Instead you should use the long-lived tokens on your server to generate a code and then use that to get a long-lived token on the client. Please see below for information Generating long-lived tokens from server-side long-lived tokens
In my case I have not needed to look into this at the moment; it's not very costly for me to renew manually the token.