I'm trying to write a server-side application that reads posts and statuses from a business page on Facebook. When I request /posts, I get many duplicate statuses, as if every edit to the status is available with a different id. As a solution, I thought I would ignore the statuses in /posts, and merge in the statuses from /statuses. But /statuses requires a user auth token, not just an app token, and it would be unacceptable to prompt the user at this point.
Why are the two endpoints authorized differently? This is a publicly visible business page, why do I need a user token to read statuses, but not to read posts?
Is there a way to get statuses without duplicates from the /posts page?
The "duplicate" statuses were in fact not. /posts shows not only what you have posted to your own page, but also others' pages. In this case, the "duplicates" were actually a status being posted to other people's timelines because they were being tagged in the status.
I didn't find an indicator in the graph api to distinguish between these statuses, except that the statuses on my own page have a message attribute, while those on others' pages have a story attribute. It seems a pretty slight distinction, but it works.