Sending messages to Facebook Workplace group through API

If you build a connector between Workplace and some other application, you need to do a few things. For example, if we create a scenario where we have changed the privileged group “Domain Admin “in Active Directory, we can send a Post message to the Workplace API. Doing API Post calls will help “IT admin “monitor groups within the Workplace if there have been changes in this group. In this scenario, we will create an API token in the Workplace, create a group in the Workplace, create a Powershell script that will post data into the API, and create a schedule monitor in Active Directory that calls the script to update the group.

The Workplace is based on a bearer token, so to have access to post articles into a group, you need to create a token. We start by signing on to your portal “workplace.com “as an admin. Now you can click on the toolbar icon in the left panel; from there, you go to integrations and create a custom integration. You can see in the following figure how to create a new API key; note that the key is hidden for security reasons. Then you need to select that you can post data into a group through this custom integration.

Create API key

Next, create a group in the Workspace that you want to add the messages from the server. You can make the group by going to “Create Group, “type in the group's name and click on create.

Create Group

When you have finished with all the configuration on the custom integration, you should create a script containing the API key and the path to the post method. You can use the following link to see what options are available. https://developers.facebook.com/docs/workplace/reference/graph-api/post

We create the script, and the test sends data to the Workplace as it says in the following script that it requires you to assign the group name in the variable GroupName.

# https://gist.github.com/gislig/5dc6029447a973470fa5fcc892efe955# Here is the API key from the custom integration
$apiKey = "THE CUSTOM INTEGRATION API KEY SHOULD BE SET HERE"
# Define the header with the API key with Bearer authorization
$headers = @{"Authorization" = "Bearer " + $apiKey}
# Define the path where you can search for groups
$apiGetPath = "https://graph.facebook.com/v2.11/community/groups"
# Find the id of the Monitoring Group
$GroupName = "MonitoringGroup"
$GroupID = ((Invoke-RestMethod -Method Get -Uri $apiGetPath -Headers $headers).data | ? { $_.Name -eq $GroupName }).id# Create the message
$Message = "Greetings people of earth."
# Build the post method link with the groupid and the message
$apiPostPath = "https://graph.facebook.com/$GroupID/feed?message=$Message"
# Send the message
Invoke-RestMethod -Method Post -Uri $apiPostPath -Headers $headers
Running test on pushing data to API

We have tested that the script works, and text posted the message to the group MonitoringGroup. We should upgrade the script to read changes in a privileged group, but to do that, we need to read the event log on a domain controller. We start by creating a simple test script that allows us to read the event log, but we have to define what type of event we like to watch, and we do that by searching for the security log for “Event 4728”. After we have succeeded in creating the test script, then we will merge the script with the

# Getting event 4729, at least within the last 5 minutes, get the message(Get-EventLog -LogName Security -After (Get-Date).AddMinutes(-5) -InstanceId 4728 -ErrorAction SilentlyContinue).Message
Testing to get event from the server

Now we have everything to post messages to the Workplace, and from that, we can finish the script and create a scheduled task based on events in the event viewer. First, we try to add the user to “Domain Admins, “and from there, we check if there is a message and if so, then we can continue to create a task; this task will run the PowerShell script automatically every time an “EventID 4728 “is detected.

Sending an event to API from the OS

Everything is working, and you can now use the following code block to do the same in your environment but be cautious that if you don’t know what you are doing, do not continue.

# https://gist.github.com/gislig/1aa3ef669eae4a99877b3e91e1bd1bde# Here is the API key from the custom integration
$apiKey = "THE CUSTOM INTEGRATION API KEY SHOULD BE SET HERE"
# Define the header with the API key with Bearer authorization
$headers = @{"Authorization" = "Bearer " + $apiKey}
# Define the path where you can search for groups
$apiGetPath = "https://graph.facebook.com/v2.11/community/groups"
# Find the id of the Monitoring Group
$GroupName = "MonitoringGroup"
$GroupID = ((Invoke-RestMethod -Method Get -Uri $apiGetPath -Headers $headers).data | ? { $_.Name -eq $GroupName }).id# Getting event 4729, at least within the last 5 minutes, get the message
$Message = (Get-EventLog -LogName Security -After (Get-Date).AddMinutes(-5) -InstanceId 4728 -ErrorAction SilentlyContinue).Message
# Build the post method link with the groupid and the message
$apiPostPath = "https://graph.facebook.com/$GroupID/feed?message=$Message"
# Check if there is any data within the message; we don't want to send empty data.
if($Message){
# Send the message
Invoke-RestMethod -Method Post -Uri $apiPostPath -Headers $headers
}

Based on this, we can monitor the different types of events within the Workplace; currently, IT Admins use Slack as their primary tool to chat and push data into where they can monitor and talk about. The Workplace can help IT Admins and managers also view data from one place. Using the API, we can do many different things, such as using Power Automate or other extra solutions.

IT tech geek, developer etc.