(#100) Missing permissions error in Facebook API clarification

problem description:

• we are getting (#100) Missing permissions errors while extracting facebook account ads insights data using programmatically generated access tokens using Graph API in python.
• later we generated access tokens in the app with ads_read and insights_read permission and we can able to extract the data successfully.

questions:

1.how can we generate access tokens with permissions programmatically using Graph API in python? 2.which token is advisable to extract data for ad account insights?

error message:
{
      "error": {
        "message": "(#100) Missing permissions",
        "type": "OAuthException",
        "code": 100,
        "fbtrace_id": "A4vPClDlI__dFmxxhiVVGRG"
      }
    }

access token generation code sample:

import requests

def get_fb_token(app_id, app_secret):
    url = 'https://graph.facebook.com/oauth/access_token'
    payload = {
        'grant_type': 'client_credentials',
        'client_id': app_id,
        'client_secret': app_secret
    }
    response = requests.post(url, params=payload)
    return response.json()['access_token']


app_id = 'XXXXXXXXXXXXXXX'
app_secret = 'XXXXXXXXXXXXXXXXX'

data_request = get_fb_token(app_id, app_secret)
print(data_request)

Note:

• we have also tried passing scope:ads_read, but we are getting the same error.
• we have also tried Facebook -SDK package, but we are getting the same access tokens.

Simplest: If your BM has access to that ad account Use System User flow.

1. Create A System User.
2. Generate&Copy the long lived token from BM page and paste it into your server. (This will not expire ever)
3. Assign the ad accounts(or any other assets) you wanna access either programmatically or manually.

Standard Apporach: Oauth2 flow.

1. When users get onboarded to your system, ask them to sign in via FB and send the short lived token to Backend servers. OAuth2
2. Exchange the short lived token for long lived one with FB. Long lived tokens have expiry of 60days.