Platform Updates: Labor Day Edition
by Tom Elliott - September 5, 2011 at 7:30pm

The team is here working hard towards f8 on September 22 and wanted to bring you another update on Labor Day weekend.

Making the Graph API more complete

The Graph API is the core of Facebook Platform, enabling you to read and write data to Facebook. Over the past year, we have been actively working to bring the Graph API up to parity with the REST API which will give you the ability to fully migrate to the Graph API. This week, we’ve enabled the following features on the Graph API:

Reading Friend Requests

You can now read friend requests with the Graph API by issuing an HTTP GET request with a user access_token with the read_requests permission to:

https://graph.facebook.com/USER_ID/friendrequests

This returns a list of objects containing your friend requests. For example:

{
  "from": {
    "name": "Stephen Doyle",
    "id": "533875325"
  },
  "created_time": "2011-08-22T17:13:07+0000",
  "message": "Omg.",
  "unread": true,
  "to": {
    "name": "Cissy Lim",
    "id": "100001147247007"
  }
}

This simple PHP example gets and prints a user’s friend requests:

<?php
  $app_id = 'YOUR_APP_ID';
  $app_secret = 'YOUR_APP_SECRET';
  $my_url = 'YOUR_URL';

  $code = $_REQUEST["code"];

  echo '<html><body>';

  if(!$code) {
    // Get permission from the user to publish to their page. 
    $dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
      . $app_id . "&redirect_uri=" . urlencode($my_url)
      . "&scope=read_requests";
    echo('<script>top.location.href="' . $dialog_url . '";</script>');
  } else {
    // Get access token for the user
    $token_url = "https://graph.facebook.com/oauth/access_token?client_id="
      . $app_id . "&redirect_uri=" . urlencode($my_url)
      . "&client_secret=" . $app_secret
      . "&code=" . $code;
    $access_token = file_get_contents($token_url);

    $notifications = "https://graph.facebook.com/me/friendrequests?" 
      . $access_token;
    $response = file_get_contents($notifications);

    $resp_obj = json_decode($response,true);

    echo '<pre>';
    print_r($resp_obj);
    echo '</pre>';
  }
  echo '</body></html>';
?>

You can find more information in the User object documentation.

Managing Banned App Users

We have added the ability to retrieve a list of banned users, ban a list of users, check whether a specific user is banned and un-ban a user from your app using the Graph API.

Retrieving a list of banned users

To retrieve a list of banned users from an app, issue an HTTP GET with an app access token to:

https://graph.facebook.com/APP_ID/banned

Banning a list of users

To ban a list of users from an app, issue an HTTP POST with an app access token to:

https://graph.facebook.com/APP_ID/banned?uid=USER_ID1, USER_ID2

Testing whether a specific user is banned

To test whether a specific user is banned from an app, issue an HTTP GET with an app access token to:

https://graph.facebook.com/APP_ID/banned/USER_ID

Un-banning a user

To un-ban a user from an app, issue an HTTP DELETE with an app access token to:

https://graph.facebook.com/APP_ID/banned/USER_ID

The simple PHP example below shows how to get the app access token and manage banned users of your app:

<?php
  $app_id = 'YOUR_APP_ID';
  $app_secret = 'YOUR_APP_SECRET';
  $ban_user = 'USER_ID';

  // Get an App Access Token
  $app_token_url = 'https://graph.facebook.com/oauth/access_token?'
    . 'client_id=' . $app_id
    . '&client_secret=' . $app_secret
    . '&grant_type=client_credentials';

  echo '<pre>';
  echo $app_token_url;
  echo '</pre>';
 
  $app_access_token = file_get_contents($app_token_url);
 
  echo '<pre>';
  echo $app_access_token;
  echo '</pre>';

  // Ban a user
  $ban_user_url = 'https://graph.facebook.com/'
    . $app_id . '/banned?uid=' . $ban_user . "&"
    . $app_access_token . '&method=post';

  $ban_user_result = file_get_contents($ban_user_url);
  echo '<pre>';
  echo 'Ban user result: ' . $ban_user_result;
  echo '</pre>';

  // Get banned users
  $banned_users_url = 'https://graph.facebook.com/'
    . $app_id . '/banned?' . $app_access_token;
  $banned_users = file_get_contents($banned_users_url);
  $banned_users_obj = json_decode($banned_users, true);
  
  echo '<pre>';
  echo 'Getting list of banned users:<br />';
  print_r($banned_users_obj);
  echo '</pre>';

  // Un-ban user
  $unban_user_url = 'https://graph.facebook.com/'
    . $app_id . '/banned/' . $ban_user . "&method=delete?"
    . $app_access_token;
  $unban_user_result = file_get_contents($unban_user_url);

  echo '<pre>';
  echo 'Unban user result: ' . $unban_user_result;
  echo '</pre>';

  // Check to see that specific user is banned
  $check_ban_user_url = 'https://graph.facebook.com/'
    . $app_id . '/banned/' . $ban_user . "?"
    . $app_access_token;
  $check_ban_user_result = file_get_contents($check_ban_user_url);
  $check_ban_user_obj=json_decode($check_ban_user_result, true);

  echo '<pre>';
  echo 'Check for banned user result: <br />';
  print_r($check_ban_user_obj);
  echo '</pre>';
?>

You can find more information in the App object documentation.

Getting and Setting Migrations on your App

Many developers have requested that we add functionality to manage your app settings. We have added the ability to get and set migrations on your app (migrations.getstatuses and migrations.setstatus in the REST API).

Getting migrations

To retrieve a list of migration settings from an app, issue an HTTP GET with an app access token to:

https://graph.facebook.com/APP_ID?fields=migrations

Setting migrations

To set a list of migrations for an app, issue an HTTP POST with an app access token to:

https://graph.facebook.com/APP_ID?migrations={"MIGRATION_NAME":0|1}

The simple PHP example below shows how to get the app access token and manage migrations for your app:

<?php
  $app_id = 'YOUR_APP_ID';
  $app_secret = 'YOUR_APP_SECRET';

  // Get an App Access Token
  $app_token_url = 'https://graph.facebook.com/oauth/access_token?'
    . 'client_id=' . $app_id
    . '&client_secret=' . $app_secret
    . '&grant_type=client_credentials';

  echo '<pre>';
  echo $app_token_url;
  echo '</pre>';
 
  $app_access_token = file_get_contents($app_token_url);
 
  echo '<pre>';
  echo $app_access_token;
  echo '</pre>';

  // Get migrations list
  $migrations_url = 'https://graph.facebook.com/'
    . $app_id . '?fields=migrations&'
    . $app_access_token;

  $migrations_result = file_get_contents($migrations_url);
  $migrations_obj = json_decode($migrations_result, true);

  echo '<pre>';
  print_r($migrations_obj);
  echo '</pre>';

  // Set migration (secure_stream_urls) to true
  $set_url = 'https://graph.facebook.com/'
    . $app_id . '?migrations={"secure_stream_urls":true}'
    . "&method=post&" . $app_access_token;

  echo $set_url;

  $set_result = file_get_contents($set_url);

  echo '<pre>';
  echo 'Set result: ' . $set_result . '<br />';
  echo '</pre>';  

?>

You can find more information in the App object documentation.

Checking if a user is an admin of a Page

Formerly pages.isAdmin on the REST API, you can now check if a user is an admin of a Page on the Graph API. To perform this operation on the Graph API, you will need the Page access token. There are two ways to obtain this access token:

  • If you are an admin of the Page, the Page access token can be retrieved by issuing an HTTP GET with a user access token (granted manage_pages permission) to:
    https://graph.facebook.com/PAGE_ID?fields=access_token
    
  • If you are not an admin of the Page, the Page access token can be retrieved by issuing an HTTP GET with a user access token (granted manage_pages permission) to:
    https://graph.facebook.com/USER_ID/accounts
    
    This will return a list of Pages that the user admins, along with Page access tokens.

Once you have the Page access token, to check if a specific user is an admin of the Page, issue an HTTP GET request with the appropriate PAGE_ID, Page access token, and USER_ID to:

https://graph.facebook.com/PAGE_ID/admins/USER_ID

This simple PHP example shows a user is an admin of Page ($page_id) and determines if another user ($check_uid) is an admin of that Page:

<?php

  $app_id = 'YOUR_APP_ID';
  $app_secret = 'YOUR_APP_SECRET';
  $my_url = 'YOUR_URL';
  $page_id = 'YOUR_PAGE_ID'; //User must be an admin of this Page
  $check_uid = 'USER_ID'; //Random User

  $code = $_REQUEST["code"];

  echo '<html><body>';

  if(!$code) {
    // Get permission from the user to access their Pages. 
    $dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
      . $app_id . "&redirect_uri=" . urlencode($my_url)
      . "&scope=manage_pages";
    echo('<script>top.location.href="' . $dialog_url . '";</script>');
  } else {

    // Get access token for the user with manage_pages permision, 
    //   so we can GET /me/accounts
    $token_url = "https://graph.facebook.com/oauth/access_token?client_id="
      . $app_id . "&redirect_uri=" . urlencode($my_url)
      . "&client_secret=" . $app_secret
      . "&code=" . $code;
    $access_token = file_get_contents($token_url);

    $page_access_token_url = "https://graph.facebook.com/" . $page_id 
      . "?fields=access_token&" . $access_token;

    echo '<pre>';
    print_r($page_access_token_url);
    echo '</pre>';

    $page_access_token = file_get_contents($page_access_token_url);
    $page_access_token = json_decode($page_access_token, true);

    echo '<pre>';
    print_r($page_access_token);
    echo '</pre>';

    //check that the check_uid is an admin of the Page
    $is_admin_url = "https://graph.facebook.com/" . $page_id 
      . "/admins/" . $check_uid . "?access_token=" 
      . $page_access_token[access_token];

    echo '<pre>';
    print_r($is_admin_url);
    echo '</pre>';

    $response = file_get_contents($is_admin_url);
    $response_obj = json_decode($response, true);

    echo '<pre>';
    print_r($response_obj);
    echo '</pre>';

    echo '<pre>';
    echo $response_obj[data][0][name];
    echo '</pre>';

    if(empty($response_obj[data][0][name])) {
      echo 'This user is not an admin.';    
    } else {
      echo 'This user is an admin.';
    }
  }
  echo '</body></html>';
?>

Activity Feed and Recommendations Plugins Support Multiple Domains

You can now provide a comma separated list of domains to show activity and recommendations for by adding a site parameter. The XFBML version defaults to the current domain. For example, here is an HTML example with the activity feed and recommendations plugins with activity from developers.facebook.com and facebook.com:

<html>
<body>
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>

<fb:activity site="facebook.com, developers.facebook.com" width="300"
 height="500" header="true" font="" border_color="" recommendations="false">
</fb:activity>

<fb:recommendations site="facebook.com, developers.facebook.com" width="300" 
height="500" header="true" font="" border_color="" recommendations="false">
</fb:recommendations>

</body>
</html>

For more information, please see our Activity Feed and Recommendations plugins documentation.

Streamlined Payment Flows

We now offer a streamlined payment for all apps and games on Facebook to allow you greater flexibility in how your users transact on games. In this new flow, you can choose to remove the Credits bulk-discounted packages from the flow:

You have the choice of which flow you want to offer. If you choose not to take any action, nothing will change in your payment flows. You are free to split test and determine which flow works best for your apps and users. See the Credits API documentation for details.

Support Section

A Support section has been added to the Dev Site. This page contains helpful links to Technical Q&A, Bugs, Facebook Developers Group, and Beta Tier.

With the Forums now read-only, we have heard feedback from many developers that it isn’t clear where to get questions answered. Stack Overflow is where you’ll go to have your technical Facebook Platform questions answered; Bugs is where you go to report an issue with a legitimate repro, and you should participate in the Facebook Developer Group to ask all other questions, discuss, and chat with us directly.

OAuth 2.0 Encrypted Access Tokens

We recently completed encrypting access tokens on Friday as part of the OAuth 2.0 Roadmap. You can enable this for your app by enabling the Encrypted Access Token migration setting in the Advanced tab.