Here’s a clean, end-to-end path to make Wizbrand fetch Page likes/followers/posts legally via Meta’s Graph API for each customer.

Step-by-step plan

Phase 0 — Decide scope & rules

1. Data you’ll show: public page info, latest posts, reactions/comments counts, follower/like counts, and selected Page Insights (requires permission).
2. Compliance choice: No scraping. Only Graph API. Customers must connect their Page and grant permissions.

Phase 1 — Create & configure the Meta app

3. Create app: In Meta for Developers → Create App → choose Manage everything on your Page (Pages API) and add Facebook Login.
4. Business assets ready: Public Privacy Policy URL, Terms URL, User Data Deletion instructions/page, a support email, app icon, and your App Domains (wizbrand.com etc.).
5. Business verification: In Business Settings, complete Business Verification (you’ll need docs + domain verification). This is required for most Page permissions.

Phase 2 — Implement customer connect (OAuth) flow

6. Facebook Login setup: Add valid OAuth redirect URIs (e.g., https://wizbrand.com/oauth/facebook/callback).
7. Scopes (permissions) you’ll request from each customer:
   • pages_show_list (let user pick which Page)
   • pages_read_engagement (read posts, comments, reactions & basic metadata)
   • pages_read_user_content (read UGC on the Page)
   • read_insights (Page Insights metrics like fans, reach, engagement)
   • pages_manage_metadata (to subscribe your app to Page webhooks; optional but recommended)
   If you also plan to publish content later, add pages_manage_posts (not needed for read-only).
8. Token flow in code:
   • User clicks Connect Facebook Page in Wizbrand.
   • Redirect to Facebook Login with scopes above.
   • On callback, you receive a short-lived User Access Token → exchange for long-lived User Token.
   • Use the long-lived User Token to call /{user-id}/accounts to list Pages the user manages.
   • User selects one or more Pages → for each Page, store the Page ID and Page Access Token returned for that page.

Tip: If a customer only gives a Page URL, your UI should still require them to connect & authorize; do not attempt to “look up” data without permission.

Phase 3 — App Review (before going Live)

9. Prepare review:
   • Add screencast showing your exact user flow (how user connects a Page, what you fetch, where you show it).
   • Explain why you need each permission and show only Page-level, non-personal data in the demo.
10. Submit for:pages_show_list, pages_read_engagement, pages_read_user_content, read_insights, pages_manage_metadata.
    • Optional: Page Public Content Access only if you need to read public posts from Pages you don’t manage (this does not grant insights/likes).
11. Test users & testers: Add them so reviewers can log in and see your flow.

Phase 4 — Fetching data the right way

12. Store securely (multi-tenant): For each org/customer in Wizbrand, store Page ID + Page Access Token encrypted (KMS/HashiCorp Vault/etc.). Track expires_at if present.
13. Core reads (examples; fields vary by API version & permissions):

• Basic profile/metrics
  GET /{page-id}?fields=name,link,about,fan_count,followers_count,category
  (fan/followers fields may require insights/engagement permissions and can vary by version)
• Recent posts (with counts)
  GET /{page-id}/posts?fields=id,created_time,message,permalink_url,reactions.summary(true).limit(0),comments.summary(true).limit(0),attachments{type,url}
  Use paging (after cursors) to iterate.
• Insights (daily)
  GET /{page-id}/insights?metric=page_fans,page_follows,page_posts_impressions,page_engaged_users&period=day
  Cache and aggregate for charts.

14. Rate limits & scheduling:

• Queue background jobs per Page; stagger calls; cache results (e.g., refresh posts hourly, insights daily).
• Use If-None-Match/ETag or since params where supported to reduce calls.

15. Webhooks (recommended):

• Add a verify endpoint in Wizbrand (https, fixed path).
• In App Dashboard → Webhooks → subscribe to Page.
• When a Page is connected, call POST /{page-id}/subscribed_apps with subscribed_fields=feed (requires pages_manage_metadata).
  Now you’ll get push updates for new posts/comments and can refresh just-in-time.

Phase 5 — Token lifecycle & re-auth

16. Long-lived tokens: Always exchange user token for long-lived; derive Page token each connect. Some Page tokens can be long-lived; still handle invalidation.
17. Re-connect UX: If token expires/permissions change, show a Reconnect Facebook banner for that Page.
18. Disconnect UX: Provide Disconnect button → delete stored token and unsubscribe app from the Page.

Phase 6 — Productization & compliance

19. UI/UX in Wizbrand:

• “Connect Facebook Page” CTA.
• Page picker (multi-select), per-page status (Connected / Needs reconnect).
• Dashboards: Posts table, Reactions/Comments counts, Insights charts, Follower/Likes counters (with “last synced”).

20. Data governance:

• Only store what you need, encrypt at rest, restrict access by tenant.
• Honor Data Deletion (self-serve button + documented endpoint).
• Add clear copy explaining you never post or DM; read-only access.

21. Go Live: After approvals, switch app to Live Mode. Ensure your Privacy Policy/Deletion pages remain accessible.

(Optional) Public pages you don’t manage

22. If you must display public posts from Pages that didn’t connect to Wizbrand: apply for Page Public Content Access.

• This won’t give you insights or follower/like counts. For that, you still need the Page admin to connect.

Minimal endpoint cheat-sheet (reference)

• List managed pages: GET /{user-id}/accounts
• Page profile/metrics: GET /{page-id}?fields=...
• Posts: GET /{page-id}/posts?fields=...
• Insights: GET /{page-id}/insights?metric=...&period=day
• Subscribe app to page (webhooks): POST /{page-id}/subscribed_apps

Quick success checklist

• App created with Manage everything on your Page + Facebook Login
• Business verified + domain verified
• OAuth redirect URIs set
• Permissions requested: pages_show_list, pages_read_engagement, pages_read_user_content, read_insights, (pages_manage_metadata for webhooks)
• App Review demo recorded
• Token exchange coded; Page tokens stored securely per tenant
• Background sync jobs + caching + rate limiting
• Webhooks wired for feed
• Data deletion + privacy policy live
• Live Mode enabled after approval

If you want, I can generate a tiny “connect flow” sample (Node/Laravel) showing the exact OAuth URLs, token exchange, and the three API calls you’ll need for posts, insights, and follower counts.

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand. 

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND