My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. Setup

Migrating Facebook Pages Authentication to REST API Endpoint

Updated:

Starting from Facebook Pages integration v1.1, the authentication flow has been migrated from the external FlowMattic API server (https://api.flowmattic.com/facebook-pages) to a local WordPress REST API endpoint on your own site. This means the entire OAuth flow now happens directly between your WordPress site and Facebook — no third-party server involved.

This guide walks you through updating your existing Facebook Pages connection to use the new REST API-based authentication.

What Changed?

In v1.0, the Facebook Pages authentication was routed through the FlowMattic API server (https://api.flowmattic.com/facebook-pages). This could sometimes be blocked by Cloudflare, security plugins, or firewall rules on certain sites.

In v1.1, the authentication now happens directly on your own WordPress site using a local REST API endpoint. This means:

  • No external server dependency — the OAuth flow runs entirely on your site, so Cloudflare and security plugins won’t interfere with authentication.
  • Longer-lasting tokens — short-lived tokens are now automatically exchanged for long-lived tokens (~60 days), so your connection stays active longer before needing re-authentication.
  • New callback URL — your redirect URI changes from the FlowMattic API server to your own site’s REST API (e.g., https://yoursite.com/wp-json/flowmattic/v1/auth/facebook-pages).

Prerequisites

  • FlowMattic plugin (latest version)
  • Facebook Pages integration v1.1 or later (installed via FlowMattic > Integrations)
  • An existing Facebook App (or you can create a new one)
  • Admin access to your WordPress site
  • Admin access to Facebook Developers

Step 1: Update the Facebook Pages Integration

The Facebook Pages integration is not bundled with the FlowMattic core plugin — it is installed and updated separately from the Integrations page.

  1. In your WordPress admin, go to FlowMattic > Integrations.
  2. Search for Facebook Pages.
  3. If you already have it installed, click Update to get version 1.1 (or later). If you don’t have it installed yet, click Install.
  4. Once updated, the integration version should show 1.1 or higher.

After updating, the connect dialog will automatically show the new REST API callback URL.

Step 2: Get Your New Redirect URI

  1. In your WordPress admin, go to FlowMattic > Connects.
  2. Click Add New Connect and search for Facebook Pages.

new integration connect for facebook pages .png

  1. Click on Facebook Pages. You will see the Connect App dialog with the new Callback or Redirect URL pre-filled.

FlowMattic connects new facebook pages connect.png

  1. Copy the Callback URL shown in the dialog. It will look like:
    https://yoursite.com/wp-json/flowmattic/v1/auth/facebook-pages

    Note: The exact URL depends on your site domain. For example, if your site is https://tryflowmattic.work, the callback URL will be https://tryflowmattic.work/wp-json/flowmattic/v1/auth/facebook-pages.

Step 3: Update Facebook App OAuth Settings

  1. Go to Facebook Developers and open your Facebook App.
  2. Navigate to App Settings > Basic or find Facebook Login > Settings in the left sidebar.
  3. Under Client OAuth Settings, locate the Valid OAuth Redirect URIs field.

FlowMattic - Facebook Login for Business - Meta for Developers oauth URIs.png

  1. Add your new redirect URI (the one you copied in Step 2):
    https://yoursite.com/wp-json/flowmattic/v1/auth/facebook-pages
  2. You can optionally remove the old redirect URI (https://api.flowmattic.com/facebook-pages) if you no longer need it.
  3. Click Save Changes.

Important: The redirect URI must match exactly — including the protocol (https://), domain, and path. Make sure there are no trailing slashes or extra characters.

Step 4: Note Your App Credentials

While you are in the Facebook Developers dashboard:

  1. Go to App Settings > Basic.
  2. Note down your App ID (this is the Client ID).
  3. Note down your App Secret (this is the Client Secret). Click “Show” to reveal it.

Step 5: Create a New Connection in FlowMattic

  1. Back in the FlowMattic Connect App: Facebook Pages dialog (from Step 2):
    • Connect Name: Enter a name (e.g., Facebook Pages).
    • Client ID: Paste your Facebook App ID.
    • Client Secret: Paste your Facebook App Secret.
  2. Click Authenticate & Save Connect.
  3. A popup window will open and redirect you to Facebook’s authorization page.
  4. Log in to your Facebook account (if not already logged in).
  5. Select the Facebook Pages you want to grant access to.
  6. Grant the requested permissions (manage posts, read engagement, manage metadata, etc.).
  7. The popup will show a success message and close automatically.

Step 6: Update Existing Workflows

If you had workflows using the old Facebook Pages connection:

  1. Go to FlowMattic > Workflows.
  2. Open each workflow that uses Facebook Pages.
  3. In the Facebook Pages step, update the Connect dropdown to select the new connection you created in Step 5.
  4. Save the workflow.
  5. Repeat for all workflows that use the old Facebook Pages connection.

Step 7: Delete the Old Connection

After you have successfully updated all your workflows to use the new connection, you must delete the old connection to avoid conflicts.

  1. Go to FlowMattic > Connects.
  2. Find the old Facebook Pages connection (the one created with the previous v1.0 authentication method).
  3. Click the Delete button on the old connection.
  4. Confirm the deletion when prompted.

Note: Any scheduled token refresh cron jobs associated with the old connection will be automatically cleaned up when the connection is deleted — no manual action needed.

Important: Do not delete the old connection until you have updated all workflows to use the new one. Deleting a connection that is still in use by active workflows will cause those workflows to fail.

Troubleshooting

“URL Blocked” or “Redirect URI mismatch” error

  • Make sure the redirect URI in your Facebook App settings exactly matches the one shown in the FlowMattic connect dialog.
  • Ensure your site uses HTTPS (Facebook requires it).
  • Check that Use Strict Mode for redirect URIs is set to Yes in Facebook App settings, and the URI is added correctly.

“Can’t Load URL” error

  • Verify that your site’s domain is added to the Allowed Domains for the JavaScript SDK in your Facebook App settings.
  • Make sure the WordPress REST API is accessible on your site (not blocked by security plugins or server rules).

Authentication popup closes without connecting

  • Check your browser’s popup blocker settings.
  • Look in the WordPress debug log (wp-content/debug.log) for any PHP errors.
  • Ensure your site’s REST API is working by visiting https://yoursite.com/wp-json/flowmattic/v1/auth/facebook-pages directly — you should see an error message about missing parameters (this confirms the endpoint is active).

Token expired after ~60 days

  • Long-lived user tokens last approximately 60 days. When they expire, you will need to re-authenticate by editing the connection and clicking Authenticate & Save Connect again.
  • Page access tokens derived from a long-lived user token do not expire, so your workflows will continue working as long as the user token is valid.

FAQ

Q: Do I need to create a new Facebook App?
A: No. You can use your existing Facebook App. You just need to add the new redirect URI to the Valid OAuth Redirect URIs list.

Q: Will my existing workflows stop working?
A: Your existing workflows will continue to work with the old connection until the access token expires. However, we recommend migrating to the new connection as soon as possible, since the old API server endpoint may be deprecated in the future.

Q: What permissions does the integration request?
A: The integration requests the following Facebook permissions:

  • pages_show_list — View your list of Pages
  • pages_read_engagement — Read Page engagement data
  • pages_manage_posts — Create, edit, and delete Page posts
  • pages_manage_engagement — Manage Page engagement
  • pages_read_user_content — Read user-generated content on Pages
  • pages_manage_metadata — Manage Page metadata and subscribe to webhooks

Q: Why was the authentication method changed?
A: The previous method routed the OAuth flow through the FlowMattic API server, which could sometimes be blocked by Cloudflare, security plugins, or firewall rules on your site. The new REST API-based method handles the entire authentication directly on your own WordPress site, bypassing these potential blocking issues and ensuring a more reliable connection experience.
Attachments
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Access denied
Access denied