This document refers to a feature that was added in PHP SDK v1.0.
PHP SDK Version


The FacebookCanvasHelper is used to obtain an access token or signed request when working within the context of an app canvas.

Facebook\Helpers\FacebookCanvasHelper( Facebook\FacebookApp $facebookApp )


If your app is loaded through Canvas, Facebook sends a POST request to your app with a signed request. This helper will handle validating and decrypting the signed request.

$fb = new Facebook\Facebook([/* */]);
$canvasHelper = $fb->getCanvasHelper();
$signedRequest = $canvasHelper->getSignedRequest();

if ($signedRequest) {
  $payload = $signedRequest->getPayload();

If a user has already authenticated your app, you can also obtain an access token.

$fb = new Facebook\Facebook([/* */]);
$canvasHelper = $fb->getCanvasHelper();

try {
  $accessToken = $canvasHelper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
  // When Graph returns an error
  echo 'Graph returned an error: ' . $e->getMessage();
} catch(Facebook\Exceptions\FacebookSDKException $e) {
  // When validation fails or other local issues
  echo 'Facebook SDK returned an error: ' . $e->getMessage();

if (isset($accessToken)) {
  // Logged in.

The $accessToken will be null if the signed request did not contain any OAuth 2.0 data to obtain the access token.

Instance Methods


public FacebookCanvasHelper __construct(FacebookApp $app, FacebookClient $client, $graphVersion = null)

Upon instantiation, FacebookCanvasHelper validates and decrypts the signed request that was sent via POST if present.


public Facebook\AccessToken|null getAccessToken()

Checks the signed request for authentication data and tries to obtain an access token access token.


public string|null getUserId()

A convenience method for obtaining a user's ID from the signed request if present. This will only return the user's ID if a valid signed request can be obtained and decrypted and the user has already authorized the app.

$userId = $canvasHelper->getUserId();

if ($userId) {
  // User is logged in

This is equivalent to accessing the user ID from the signed request entity.

$signedRequest = $canvasHelper->getSignedRequest();

if ($signedRequest) {
  $userId = $signedRequest->getUserId();
  // OR
  $userId = $signedRequest->get('user_id');


public string|null getAppData()

Gets the value that is set in the app_data property if present.


public Facebook\SignedRequest|null getSignedRequest()

Returns the signed request as an instance of Facebook\SignedRequest if present.


public string|null getRawSignedRequest()

Returns the raw encoded signed request as a string if present in the POST variables or null.