What happens
When calling User.getAdAccounts(fields, { appsecret_proof }), the first request includes the appsecret_proof automatically, if provided. However, using the returned cursor’s .next() method issues a subsequent request without the appsecret_proof, causing failures when App Secret Proof is required in the app settings.
Reproduction steps (very minimal):
const { FacebookAdsApi, User } = require('facebook-nodejs-business-sdk');
const api = FacebookAdsApi.init(accessToken);
// No setAppSecret() available in this SDK version 23.0.1
const appsecret_proof = generateAppSecretProof(accessToken, appSecret);
const user = new User('me');
const fields = ['id', 'name'];
const firstPage = await user.getAdAccounts(fields, {
appsecret_proof,
limit: 25,
});
const nextPage = await firstPage.next(); // The proof disappears hereWhat you expected to happen
All paginated requests (including .next()) should include the appsecret_proof when it was provided in the initial request—especially if the app has Require App Secret Proof for Server API Calls enabled.
Why it matters
If the app requires appsecret_proof, pagination fails with errors like Invalid appsecret_proof. This breaks implementation patterns that rely on .next() for traversal, forcing developers to implement manual pagination logic (recreating parameters including appsecret_proof and after cursor each time).
Suggested improvements:
-
Automatically propagate custom parameters (like appsecret_proof) in cursor pagination:
- Preserve initial
params for use in .next()
-
Alternatively, provide a method like api.setAppSecret(appSecret) (as forks or SDKs in other languages do), so the SDK generates the proof internally on every request—including pagination.
Additional details:
- Second request via
.next(): missing appsecret_proof — issue confirmed
What happens
When calling
User.getAdAccounts(fields, { appsecret_proof }), the first request includes theappsecret_proofautomatically, if provided. However, using the returned cursor’s.next()method issues a subsequent request without theappsecret_proof, causing failures when App Secret Proof is required in the app settings.Reproduction steps (very minimal):
What you expected to happen
All paginated requests (including
.next()) should include theappsecret_proofwhen it was provided in the initial request—especially if the app has Require App Secret Proof for Server API Calls enabled.Why it matters
If the app requires
appsecret_proof, pagination fails with errors likeInvalid appsecret_proof. This breaks implementation patterns that rely on.next()for traversal, forcing developers to implement manual pagination logic (recreating parameters includingappsecret_proofandafter cursoreach time).Suggested improvements:
Automatically propagate custom parameters (like
appsecret_proof) in cursor pagination:paramsfor use in.next()Alternatively, provide a method like
api.setAppSecret(appSecret)(as forks or SDKs in other languages do), so the SDK generates the proof internally on every request—including pagination.Additional details:
SDK version: 23.0.1
Graph API version: e.g.,
v23.0Debug logs (with
api.setDebug(true)):appsecret_proof=...— OK.next(): missingappsecret_proof— issue confirmed