Facebook Permissions API
by Vishu Gupta - April 10, 2008 at 1:10am

As tax time approaches here in the US, it got us thinking how bad it would be if the government mandated that everyone do their own taxes. Many people with small businesses or other complicated tax structures would be distracted from their core work in order to spend a lot of time bookkeeping. This made us realize – as Facebook applications focus on core functions like user experience, monetization, and growth, they might need to offload some of their work to other applications. With this in mind, we created the permissions API. This API will help applications focus on their core functionality by taking on some work that, while important, is not central to the application’s mission.

With the permissions API, an application can authorize another application to call certain API methods on its behalf. The application naturally can revoke this access whenever necessary. At this time, the permissions API allows applications to grant others access to three methods under the admin namespace – admin.getAppProperties, admin.getAllocation, admin.getDailyMetrics More methods and namespaces will be added to the list going forward as needed.

You can specify which of these API methods and/or namespaces are accessible within the application. For example, application A can choose to have application B gather certain stats for it by giving it permission to call admin.getDailyMetrics on its behalf, or it can just grant B permission to call all admin namespace methods by granting permission for “admin.” (This implies permission to call the 3 allowed methods). Note that:

  • Any API method that involves accessing users’ data cannot be called by some other application on an application’s behalf. This is because these API methods must abide by the trust users have in the application that they have installed, and they have not authorized the application to transfer that trust to another application.
  • Any methods that are too powerful or have potential of misuse will not be allowed. For example, admin.setAppProperties will never be open to the permissions API.

Be aware that the permissions API provides a unique ability to ease some work for applications and is very powerful. So permissions should be granted to other applications with utmost care.

You can read more about the API on the Developer wiki here. We also welcome your feedback. You can comment on the API in this forum thread.

The API is currently in Beta. Try it out and let us know what you think.