| CARVIEW |
Select Language
HTTP/2 200
vary: Accept-Encoding
content-encoding: gzip
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-frame-options: DENY
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-ZaFqFLaz' blob: 'self' connect.facebook.net 'unsafe-eval' https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com https://*.google-analytics.com https://translate.google.com *.google.com gw.conversionsapigateway.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net gw.conversionsapigateway.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.doubleclick.net *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ dc.ads.linkedin.com analytics.twitter.com t.co;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data: 'unsafe-eval';block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
document-policy: include-js-call-stacks-in-crash-reports
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
origin-agent-cluster: ?1
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: M0RXiFm5asx2FMzZT0aji7l4eHNog2UGTb7T2U3Z3/DO407zMs2Uq1Ndt0BEgBpHx7Y4iUORSEpzQXQ99MmDYg==
date: Thu, 24 Jul 2025 16:20:53 GMT
x-fb-connection-quality: UNKNOWN; q=-1, rtt=-1, rtx=0, c=10, mss=1380, tbw=3532, tp=-1, tpl=-1, uplat=888, ullat=0
alt-svc: h3=":443"; ma=86400
Debug Token - Graph API - Documentation - Meta for Developers
Debug-Token
Graph API Version
Debug-Token /debug_token
This endpoint returns metadata about a given access token. This includes data such as the user for which the token was issued, whether the token is still valid, when it expires, and what permissions the app has for the given user.
This may be used to programatically debug issues with large sets of access tokens.
Reading
GET /v23.0/debug_token?input_token={input-token} HTTP/1.1
Host: graph.facebook.com/* PHP SDK v5.0.0 */
/* make the API call */
try {
// Returns a `Facebook\FacebookResponse` object
$response = $fb->get(
'/debug_token?input_token={input-token}',
'{access-token}'
);
} catch(Facebook\Exceptions\FacebookResponseException $e) {
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
$graphNode = $response->getGraphNode();
/* handle the result *//* make the API call */
FB.api(
"/debug_token?input_token={input-token}",
function (response) {
if (response && !response.error) {
/* handle the result */
}
}
);/* make the API call */
new GraphRequest(
AccessToken.getCurrentAccessToken(),
"/debug_token?input_token={input-token}",
null,
HttpMethod.GET,
new GraphRequest.Callback() {
public void onCompleted(GraphResponse response) {
/* handle the result */
}
}
).executeAsync();/* make the API call */
FBSDKGraphRequest *request = [[FBSDKGraphRequest alloc]
initWithGraphPath:@"/debug_token?input_token={input-token}"
parameters:params
HTTPMethod:@"GET"];
[request startWithCompletionHandler:^(FBSDKGraphRequestConnection *connection,
id result,
NSError *error) {
// Handle the result
}];Permissions
- An app access token or an app developer's user access token for the app associated with the
input_tokenbeing inspected is required to access this endpoint.
Parameters
| Name | Description | Type |
|---|---|---|
| The Access Token that is being inspected. This parameter must be specified. |
|
Fields
| Name | Description | Type |
|---|---|---|
| Data wrapper around the result. |
|
| The ID of the application this access token is for. |
|
| Name of the application this access token is for. |
|
| Any error that a request to the graph api would return due to the access token. |
|
| The error code for the error. |
|
| The error message for the error. |
|
| The error subcode for the error. |
|
| Timestamp when this access token expires. |
|
| Timestamp when app's access to user data expires. |
|
| Whether the access token is still valid or not. |
|
| Timestamp when this access token was issued. |
|
| General metadata associated with the access token. Can contain data like 'sso', 'auth_type', 'auth_nonce' |
|
| For impersonated access tokens, the ID of the page this token contains. |
|
| List of permissions that the user has granted for the app in this access token. |
|
| List of granular permissions that the user has granted for the app in this access token. If permission applies to all, targets will not be shown. |
|
| The ID of the user this access token is for. |
|
Publishing and Deleting
You cannot perform these actions on this edge.