Facebook Developers

When we announced the Developer Roadmap, we also simplified our policies by replacing the Facebook Platform Guidelines with the new Developer Principles and Policies, and posted Examples and Explanations for guidance on putting policy into practice. Our goal is to make it easy to understand our policies, so you can invest your time developing great applications instead of puzzling over rules.

We've all seen applications build long-term businesses by staying focused on providing a good user experience, creating user trust and engagement. These apps help all developers succeed by attracting more users to engage with great applications, creating a virtuous cycle that benefits the whole ecosystem. To continue to support this focus on user experience, we're investing in personnel and technology to help us better uncover and rapidly respond to policy violations. You'll continue to be able to launch an application without prior approval -- that's an important part of our open Platform philosophy -- but you should expect it to be proactively reviewed at any time.

Our Approach to Enforcement

Our aim is for the Developer Policies and Examples and Explanations to reflect the specifics you need to easily make decisions and manage your applications. While our policies will guide our approach, no document can itemize every way to generate a bad user experience, so we'll be enforcing our broader principles as well. Those who try to circumvent the spirit of the policies or principles, or exploit a "loophole," will be subject to enforcement.

When we find a violation, the action we take will depend on the developer's compliance history, and the nature and severity of the violation. In many cases we temporarily suspend some or all application functionality, or permanently disable.

Timing for the New Policies

Most of the revised policies are simplified versions of what we already required, and are therefore fully in effect. But as we said last month, we've also incorporated additional requirements, some of which were previously expected only of applications within the Verification program (which is being retired since all apps must now meet those standards).

We realize that for most of you adapting takes time, so we won't be universally enforcing the increased requirements on all developers until noon PST 16 December 2009. But we expect the largest developers to set a positive example by proactively complying ahead of time, and anyone may hear from us in advance of the deadline asking for particular fixes. You should carefully read the Statement of Rights and Responsibilities and the Developer Principles and Policies to ensure you understand what's required. To help, we've provided highlights of changes and clarifications in the Latest Policy News section of the Examples and Explanations.

As we progress through the Developer Roadmap and the product evolves, we'll continue simplifying the policies and posting examples and explanations. Typically we'll announce substantial policy changes in the Developer Blog, with a lead time before they go into effect. However, in cases where we see exploits that require quick action to protect the ecosystem, where applicable we will post an update to our Examples and Explanations document and post an alert on the Platform Live Status (subscribe by email here) announcing our intention to enforce right away.

Feedback

We hope you'll share your questions and feedback with us and the community in the Developer Forum. And if you see violations please let us know using the "Report" link at the bottom of canvas pages and application profile pages.

We appreciate the great apps you build, and look forward to working with you in protecting the Facebook Platform ecosystem and keeping it a welcoming place for users.

Paul and the rest of the Platform Policy Team stay healthy by riding the virtuous cycle.

We're releasing some updates to stream story formatting, FQL, and finding fans this week. These changes are going live with the weekly code push, which takes place Tuesday evening, Pacific Time.

Switching from the video Attachment Type

We're removing all reference to the video attachment type in stream stories. You should use the flash attachment type, since the flash type gives you more control over how your stories render.

While we'll continue to publish stories that use the video type, we strongly encourage you to start using the flash attachment type instead.

Finding Fans without a Session

You can call pages.isFan without a session key now, so you can determine whether a user is a fan of a Facebook Page without the user needing to authorize your application.

Ensuring User Privacy with FQL

You can help ensure user privacy in your applications by checking whether a given user has blocked the logged-in user. Select the is_blocked field when you query the user FQL table.

Rendering Stream Stories

As another reminder regarding the stream roadmap, next week we're changing the size of stream story images so that their maximum dimensions will be 90x90 pixels.

Also starting next week, if you include more than one image in your stream attachment, Facebook will render only the first image in the array initially. We're also adding a "See More" link so the user can see the remaining images. You can still include up to 5 images in a stream story.

We'll make another announcement on the Platform Live Status page next week confirming this launch.

We hope you start using these features and we welcome your feedback on the Developer Forum.

Pete, the technical writer on the Platform team, is rounding up the news.

Over the past few years, we've worked hard to open source large pieces of our infrastructure such as Thrift, Scribe, and Hive, as we continue to take steps to support the open community and build a scalable, secure, and sustainable identity platform. Along with the code itself, what makes it possible for you to freely use these technologies is a set of well known open source software licenses such as Apache, BSD, and GPL. When it comes to open standards, this same sort of legal structure does not yet exist. About a year ago, we supported the creation of the Open Web Foundation in an effort to make it easier for diverse communities to create open specifications for the next generation of web technologies. Just as there are well known software licenses for open source software, the Open Web Foundation announced today that they've produced what will hopefully become a well known legal agreement for open standards.

Today we join Google, Microsoft, Yahoo!, and others within the Open Web Foundation community in publishing this agreement and applying it to an initial set of specifications. We all have made the OAuth Core 1.0a and OAuth WRAP specifications available under the terms of version 0.9 of the Open Web Foundation Agreement. At a high level this means that we're helping to ensure OAuth can be freely and broadly implemented by anyone -- large companies, individual developers, and open source projects -- around the world. While we're starting with OAuth today, we intend to make additional technologies available under the terms of this agreement in the future.

Switching gears to the technology, we currently use OAuth 1.0a which allows us to use the same code when interacting with APIs from Google and some of our other partners. For instance, two weeks ago Facebook engineer Luke Shepard and I worked with many folks in the OAuth community at the Internet Identity Workshop on how it could support many of the flows within Facebook Connect that our developers use every day. Several companies and individuals involved in OAuth efforts have started working on the next evolution of OAuth, known as OAuth WRAP.

While you might not have heard of OAuth WRAP until today, we're quite supportive of the effort. In fact, we intend to contribute to it, and hope to see the technology become part of the next generation of OAuth within the IETF.

David Recordon, senior open programs manager, needs all of your help to create an open, standardized, social web. (want a job?)

We're excited to announce our official support for the Microsoft SDK for Facebook Platform, which Microsoft released today.

This SDK contains rich social features and offers something for almost any kind of Facebook developer who is building with Microsoft technology, whether you're implementing Facebook Connect or are building a Web-based or desktop application. If you're one of the six million Microsoft software developers just starting to build for Facebook, you can use this SDK to make your applications more social, letting your users share and connect with their friends.

If you're building on the Web, you can use the ASP.NET library to easily build Facebook Connect sites or canvas applications using APIs and a rich set of ready-made Facebook controls. On the desktop, you can easily integrate Facebook Connect into your Silverlight, WPF, or Windows Forms applications.

The Microsoft SDK for Facebook Platform joins the ranks of our other supported libraries, alongside PHP, JavaScript, iPhone, Adobe ActionScript 3.0, and Force.com. You can check out the libraries with which you can build on Facebook -- both officially supported and community supported -- in the Client Libraries article on the Developer Wiki.

Releasing this SDK is Microsoft's latest move in helping make the Web more social. When we held our Facebook Technology Tasting event this past April, Microsoft was there to showcase applications built on Silverlight and .NET that utilize the latest features of Facebook Platform, such as the Open Stream API.

Start building today at www.microsoft.com/facebooksdk.

Wei, a software engineer on Facebook Platform, is working on making the Web more open and social.

As part of an ongoing effort we've had underway to address the quality of third-party ads running inside applications, we wanted to offer some clarifications, reminders, and information on our actions.

First, deceptive ads are a widespread issue on the Web and one we fight aggressively. This battle is not new and it’s far from over. We faced stimulus scam ads on our own system earlier this year and pushed them off the site with rigorous enforcement. We did the same months later when deceptive ads from third-party ad networks appeared in applications. We’re doing that again now as we see them appear in the form of offers.

Since introducing updated policies for third-party ads on Facebook Platform in July, we have disabled two entire ad networks and suspended or brought into compliance over 100 applications for ad-related violations in regions around the world, over half of which had more than one million monthly active users.

We recognize that monitoring ads isn't the first area of focus for an entrepreneur just getting started with social applications. That's why ad networks that don’t play by the rules should expect to be our first point of contact in our line of enforcement. Our policies are clear. If you're an ad network and don’t comply with them, you are doing a disservice to your customers, and you should expect your business opportunities on Facebook to cease.

In addition to legal notices that have been sent to many ad networks to mandate ongoing compliance on Facebook Platform, today we are disabling two additional offer and ad networks who have repeatedly violated our policies.

We have explicit policies on offers and inappropriate ad content. Our actions should illustrate that the issue is bigger than one ad format, and that there’s a lot of room to do more. It should be clear what matters are the ongoing actions taken when things are quiet by platforms, ad networks and developers, and not brief reactions when the market's paying attention.

In addition to steps we’ve taken to build teams and technologies devoted to this issue and continual outreach to work with members of the ecosystem on ways to improve their practices, it is the responsibility of both developers and ad networks to make sure the content running in third-party applications is appropriate.

The opportunities for high quality ads are significant, and several players are genuinely focused on sustainability and creating a user experience that builds long-term trust. There’s a reason more than 70% of our 300 million active users engage with applications each month. We expect that our joint efforts with you, our developers, will align incentives in a way that allows businesses to thrive through a consistent and aggressive focus on the user experience.

Separate from our ad policies, we encourage everyone in the community to read the simplified principles and policies we announced last week for Facebook Platform. The underlying issues here are bigger than ads. They’re about building an experience that users will want to come back to… no spam, no surprises.

If you have an advertising-related inquiry, please use the Platform Advertising Contact Form.

Nick is a member of the Platform team.

Many of you currently use the Facebook JavaScript client library to integrate social features into your website or application. This library helps you access a user's identity (like name, profile photo), connections (friends, pages), and social activity (live feed, communication channels) to add value to your service. Today, we are launching a new alpha version of the JavaScript library that is at least 3 times faster, 10 times more lightweight, and easier to use. It's a work in progress and we would like to hear your feedback and collaborate on its development.

In addition, we're open sourcing the new Facebook Connect JavaScript SDK on GitHub, along with a readme, documentation, and a FAQ to give you the ability to collaborate and build with us.

Looking Ahead

As we announced last week, we're giving you more visibility into our roadmap. Over the next few months, we plan to revamp and release the new JavaScript SDK in phases with the following functionality:

1. Core: Authentication, authorization, Facebook Platform/Connect API calls, and publishing to the Feed.
2. XFBML/Widgets: Dynamic loading and events, new social widgets.
3. Data: Data access abstractions.

Today's alpha release includes the Core module. This is an early release, and we will continue to develop features for the SDK over the next few months.

Why Open Source?

At Facebook, we believe in releasing and contributing to open source projects as a way to increase innovation across the Web. That's why you'll find us developing the new JavaScript SDK from the alpha stage release publicly. We are working hard to ensure your experience with Facebook Connect is fast and stable. In order to keep us nimble and allow us to bring you new functionality, without compromising stability, we have ensured full test coverage of the new JavaScript SDK. We are including this in the open source repository to assure you of our commitment to quality, but also with the hopes that you will contribute back as we develop in the future.

Naitik, a software engineer on the Platform team, is making your connections better, stronger, and faster.

At Facebook we work overtime to protect users' experience from hackers, phishers, fraudsters, and other bad actors across the Web.

Our users trust Facebook with their personal data, which is something we take very seriously. In a recent TRUSTe survey, Facebook was voted one of the top 10 most trusted companies when it comes to user privacy. Through Facebook Platform, our users can entrust their data to your applications. When they do so, it becomes your responsibility to protect that data.

Knowing how to secure data and keeping up with the latest scams and vulnerabilities is a full time job in and of itself, so our security team is here to share the top issues on our radar and discuss the secure aspects of Facebook Platform. We've assembled a Platform security article on our Developer Wiki to help you make your software development practices more secure. The article discusses:

• The security benefits that Facebook Platform's core components (FBML/FBJS/XFBML) offer.
• The Open Web Application Security Project (OWASP) Top Ten vulnerabilities, which should help you prioritize the threats you need to worry about.
• OWASP and Microsoft Web development resources, for more complete documentation on secure development.
• Standard server administration practices to enhance security on your site.

We hope you're already utilizing these methods, and if you aren't, that you seriously consider implementing them to avoid having a malicious person compromise your application. This way, together we can offer our users the safest and most secure Facebook experience possible. We welcome your feedback on the Developer Forum.

Ryan, an engineer on the Facebook Security team, is on the case, protecting your data.

A big part of building a successful and lasting application isn't just about getting users to try it the first time, it's also vital to get them to come back again and again. To help make that easier we're launching a set of tools to enable users to bookmark applications so they can easily navigate back to them, as well as receive updates from applications in a new communication channel -- Counters. We've also added a column to the permissions FQL table so that you can easily see which of your users have bookmarked your application.

You can prompt your users to bookmark your application in the following ways:

• You can use the fb:bookmark FBML or XFBML tags, which render an Add Bookmark button on your canvas page or Facebook Connect site.
  
• You can call FB.Connect.showBookmarkDialog (for your Facebook Connect site or IFrame application) or Facebook.showBookmarkDialog (for your FBML application) inside an onclick handler only. (Only show the dialog when a user has clicked something indicating they want to bookmark an application -- don't pop it up on its own.)

Both methods pop up a dialog that prompts your users to bookmark your application or site.

If a user has already bookmarked your application, the button won't appear to the user, and if called, the dialog informs the user that the application has already been bookmarked.

We'll modify the bookmark buttons and dialog when the navigation to applications changes so that users always know where to find their bookmarks.

In addition to making it easier for users to find your application again, bookmarks will also make it easier for users to see the Counter associated with your application. Counters aren't live yet, but when they are, they will give you the ability to notify users in a lightweight way that they have impending actions in your application.

Please keep checking our Developer Roadmap to see the latest about upcoming features and changes. We welcome your feedback in our Developer Forum.

Arun, a software engineer on the Platform team, wants your users to keep coming back to your apps and Connect sites.

We hosted six Facebook Developer Garages this month around the globe.

In Istanbul, Turkey, over 250 developers were joined by Facebook’s Justin Osofsky, who gave an overview of the benefits of implementing Facebook Connect, as well as development tools and strategies related to social gaming.

Over in Ireland, a small gathering of developers hosted their first Facebook Developer Garage Belfast and covered integrating with Facebook using PyFacebook.

In Venice, Italy, over 200 developers gathered to learn how to create Facebook applications and monetize on Facebook. They also hosted a lightning round of pitches to local VCs in an attempt to raise funding for Facebook development projects.

In one of the first Developer Garages in South America, over 300 developers gathered in Ecuador for the Facebook Developer Garage Guayaquil. They discussed how to optimize the Facebook APIs and how to implement Facebook Connect. They also showcased educational apps made specifically for the Ecuadoran people.

To the north in Canada, over 200 developers came together at the Facebook Developer Garage Montreal to learn more about Facebook’s crowdsourced translation through the Translations tool. They also explored how to use Facebook as a tool for social change.

The Facebook team closed the month hosting a special Facebook Developer Garage Palo Alto – Roadmap Edition. Mark Zuckerberg, Facebook founder and CEO, welcomed developers big and small to Facebook headquarters to discuss where Facebook Platform is headed. Ethan Beard, Director of Facebook Developer Network, walked developers through the Developer Roadmap and our plans for the next six months. If you missed the presentation, you can view it below.

If you'd like to host a Developer Garage in your region, please see our Developer Wiki to learn more about the program or check out the Platform Page to find more Garages near you. We look forward to seeing you at a Facebook event soon!

*Special thanks to our sponsor, Intel.

Julia, who manages Facebook developer events worldwide, can't wait to see who will hold their first Developer Garage next month.

As part of our ongoing effort to improve communication with our developer community, we offer you the latest monthly roundup of the announcements, new features, and updates to Facebook Platform that occurred during October, 2009.

This month we announced our first ever Platform roadmap, so you can know in advance where we're headed and what to expect in the coming months.

New Features

• Check out the developer roadmap, and see how we're simplifying user communication, improving application discovery and engagement, and offering new developer products and policies.
  • Read the announcement.
  • Review the roadmap. Follow the roadmap to know what to expect.
  • Familiarize yourself with the updated Platform Principles and Policies.
  • We're simplifying the stream, so make sure you know how you can publish application stories on Facebook.
• We've extended Facebook Share to enrich the sharing experience on your website and make it easier for you to measure engagement. With a live counter and Share analytics, you can now track how often users share, comment on, like, and click back to a shared item.
• Monitor the current state of Platform with the Platform Live Status feed. You can subscribe to the feed via RSS. You can also subscribe to our announcements by email.
• Help users easily integrate Facebook into their websites and widgets with the Create Application API.

Updates

• For consistency and security reasons, Facebook Connect login dialogs now always render in a browser pop-up.
• We've updated the Facebook Events API, and released events.invite, so your users can now invite friends to events through your applications.
• We extended the Comments API methods (comments.get, comments.add, and comments.remove) so you can specify an object_id parameter in place of an XID. The comment FQL table now also takes an object_id as an indexable parameter.
• Your applications can now get the stream for a Facebook group, and post to the Walls of a group. You can specify a group ID as a source_id to retrieve the group's stream with stream.get and FB.ApiClient.stream_get, and as a target_id to publish onto the group's Wall with stream.publish, Facebook.streamPublish, and FB.Connect.streamPublish.
• You can now set the canvas_name application property using admin.setAppProperties instead of editing the setting in the Developer application.
• Desktop applications can upload photos using Facebook's open source library, based on Adobe AIR. Facebook for Adobe AIR now includes this feature.
• Adobe updated the ActionScript 3.0 library for Facebook Platform, which supports translations, fql.mutliquery, the Comments API, and the Inbox API.
• If you use either the XFBML or FBML version of the fb:comments tag, you can pass numposts=0 to let you filter and moderate comments.

Announcements

• Users can find out all they need to know about applications on the Applications on Facebook Page.

Articles/Videos

• Watch a video demonstrating how to drag and drop photos in Facebook for Adobe AIR.

Keep an eye on this blog (or subscribe to the RSS feed), the Platform Live Status (or subscribe to its RSS feed), and the weekly Push Changes articles for announcements, changes, and other important bulletins.

As always, we appreciate your continued feedback in our Developer Forum -- let us know how we can reach and communicate with you even better.

Pete, the technical writer on the Platform team, likes keeping you up to date.