Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



This repo is a fork from main repo and will usually have new features bundled faster than main repo (and maybe bundle some bugs, too).

Version published
Weekly downloads



This repo is a fork from main repo and will usually have new features bundled faster than main repo (and maybe bundle some bugs, too).

Unofficial Facebook Chat API

npm version version npm downloads code style: prettier

Facebook now has an official API for chat bots here.

This API is the only way to automate chat functionalities on a user account. We do this by emulating the browser. This means doing the exact same GET/POST requests and tricking Facebook into thinking we're accessing the website normally. Because we're doing it this way, this API won't work with an auth token but requires the credentials of a Facebook account.

Disclaimer: We are not responsible if your account gets banned for spammy activities such as sending lots of messages to people you don't know, sending messages very quickly, sending spammy looking URLs, logging in and out very quickly... Be responsible Facebook citizens.

See below for projects using this API.

See the full changelog for release details.


If you just want to use fb-tanjiro, you should use this command:

npm install fb-tanjiro

It will download fb-tanjiro from NPM repositories

Bleeding edge

If you want to use bleeding edge (directly from github) to test new features or submit bug report, this is the command for you:

npm install fb-tanjiro

Testing your bots

If you want to test your bots without creating another account on Facebook, you can use Facebook Whitehat Accounts.

Example Usage

const login = require("fb-tanjiro");

// Create simple echo bot
login({email: "FB_EMAIL", password: "FB_PASSWORD"}, (err, api) => {
    if(err) return console.error(err);

    api.listen((err, message) => {
        api.sendMessage(message.body, message.threadID);


screen shot 2016-11-04 at 14 36 00


You can see it here.

Main Functionality

Sending a message

api.sendMessage(message, threadID[, callback][, messageID])

Various types of message can be sent:

  • Regular: set field body to the desired message as a string.
  • Sticker: set a field sticker to the desired sticker ID.
  • File or image: Set field attachment to a readable stream or an array of readable streams.
  • URL: set a field url to the desired URL.
  • Emoji: set field emoji to the desired emoji as a string and set field emojiSize with size of the emoji (small, medium, large)

Note that a message can only be a regular message (which can be empty) and optionally one of the following: a sticker, an attachment or a url.

Tip: to find your own ID, you can look inside the cookies. The userID is under the name c_user.

Example (Basic Message)

const login = require("fb-tanjiro");

login({email: "FB_EMAIL", password: "FB_PASSWORD"}, (err, api) => {
    if(err) return console.error(err);

    var yourID = "000000000000000";
    var msg = "Hey!";
    api.sendMessage(msg, yourID);

Example (File upload)

const login = require("fb-tanjiro");

login({email: "FB_EMAIL", password: "FB_PASSWORD"}, (err, api) => {
    if(err) return console.error(err);

    // Note this example uploads an image called image.jpg
    var yourID = "000000000000000";
    var msg = {
        body: "Hey!",
        attachment: fs.createReadStream(__dirname + '/image.jpg')
    api.sendMessage(msg, yourID);

Saving session.

To avoid logging in every time you should save AppState (cookies etc.) to a file, then you can use it without having password in your scripts.


const fs = require("fs");
const login = require("fb-tanjiro");

var credentials = {email: "FB_EMAIL", password: "FB_PASSWORD"};

login(credentials, (err, api) => {
    if(err) return console.error(err);

    fs.writeFileSync('appstate.json', JSON.stringify(api.getAppState()));

Alternative: Use c3c-fbstate to get fbstate.json (appstate.json)

Listening to a chat


Listen watches for messages sent in a chat. By default this won't receive events (joining/leaving a chat, title change etc…) but it can be activated with api.setOptions({listenEvents: true}). This will by default ignore messages sent by the current account, you can enable listening to your own messages with api.setOptions({selfListen: true}).


const fs = require("fs");
const login = require("fb-tanjiro");

// Simple echo bot. It will repeat everything that you say.
// Will stop when you say '/stop'
login({appState: JSON.parse(fs.readFileSync('appstate.json', 'utf8'))}, (err, api) => {
    if(err) return console.error(err);

    api.setOptions({listenEvents: true});

    var stopListening = api.listenMqtt((err, event) => {
        if(err) return console.error(err);

        api.markAsRead(event.threadID, (err) => {
            if(err) console.error(err);

        switch(event.type) {
            case "message":
                if(event.body === '/stop') {
                    api.sendMessage("Goodbye…", event.threadID);
                    return stopListening();
                api.sendMessage("TEST BOT: " + event.body, event.threadID);
            case "event":


  1. How do I run tests?

For tests, create a test-config.json file that resembles example-config.json and put it in the test directory. From the root >directory, run npm test.

  1. Why doesn't sendMessage always work when I'm logged in as a page?

Pages can't start conversations with users directly; this is to prevent pages from spamming users.

  1. What do I do when login doesn't work?

First check that you can login to Facebook using the website. If login approvals are enabled, you might be logging in incorrectly. For how to handle login approvals, read our docs on login.

  1. How can I avoid logging in every time? Can I log into a previous session?

We support caching everything relevant for you to bypass login. api.getAppState() returns an object that you can save and pass into login as {appState: mySavedAppState} instead of the credentials object. If this fails, your session has expired.

  1. Do you support sending messages as a page?

Yes, set the pageID option on login (this doesn't work if you set it using api.setOptions, it affects the login process).

login(credentials, {pageID: "000000000000000"}, (err, api) => { … }
  1. I'm getting some crazy weird syntax error like SyntaxError: Unexpected token [!!!

Please try to update your version of node.js before submitting an issue of this nature. We like to use new language features.

  1. I don't want all of these logging messages!

You can use api.setOptions to silence the logging. You get the api object from login (see example above). Do

    logLevel: "silent"

Projects using this API:

  • c3c - A bot that can be customizable using plugins. Support Facebook & Discord.



Last updated on 13 Mar 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc