Facebook API development records

Register an app
There is an application named developer in the application. After the application is added, you can register a new application. Click "set up new application" and enter the application information to submit. The developer homepage does not seem to have any related link entries, which is inconvenient.

 

Permission Verification
Currently, most social media and Weibo websites use standard oauth verification, and Facebook is no exception. When a user logs on to Facebook, he or she enters the account and password on the Facebook website page. After Successful Logon, the user will redirect to your page to obtain the token, and then access the API to use the token for verification. Your application only needs to get the user's token. Throughout the process, you will not be able to access the user's account and password. Even if you get the account, the API only recognizes the token. Compared with HTTP Basic Authentication (adding the bae64 account and password in the HTTP header), the entire process is complicated but secure. In the Basic Authentication era, developers can do all kinds of applications as they like. The most troublesome thing after oauth is verification. Especially for desktop or mobile applications, a browser control is usually embedded in the form.

 

Get token
1) access https://graph.facebook.com/oauth/authorize? Client_id = {app_id} & redirect_uri = {app_url}. If the user does not log on, log on to the system and check whether the application is allowed to access its data. Facebook returns to your application with a code parameter: {app_url }? Code = {code}

2) Access https://graph.facebook.com/oauth/access_token? Client_id = {app_id} & redirect_uri = {URL} & client_secret = {app_secret} & code = {code}
Facebook returns to your application. The body contains access_token. You can store the User Token in your application. The default value is 60 minutes. You can add the offline_access permission so that it does not expire.
The entire process is relatively simple, and there is no need to sign it. The trouble is that you must jump to the Facebook website for verification. If you are using a client application, the experience will be affected.

 

Access API
You can add the access_token parameter to access the function to be verified. Get or post depends on the specific function. The API returns data in JSON format in a unified manner. There is no other choice, unlike Twitter. No signature is required in the request.

 

Permission
Facebook permissions are precisely divided. By default, you can only access the most basic information of users. For example, if you want to obtain the statu of a user with privacy settings (only available to friends, the read_stream permission is required. If you want to post statu, you need the publish_stream permission. If you want to obtain the user's email account, you need the email permission. Therefore, it is best to determine which permissions are required based on your application, and activate the corresponding permissions when the user uses the permission verification for the first time; otherwise, the expected results will not be met in subsequent use.
Privilege Escalation
Visit: https://graph.facebook.com/oauth/authorize? Client_id = {app_id} & redirect_uri = {app_url} & scope = publish_stream, offline_access, user_status, read_stream
The scope is followed by permissions. Each permission is separated by a comma and can have multiple permissions.

 

Update notification
Real-time updates: when your users have updates, Facebook can notify you. This is a very useful feature that can accept updates from users in real time.

1) create a subscription. By default, your application does not have update notifications. You need to create a subscription to notify Facebook that I need to update notifications.

Post Data to https://graph.facebook.com/?app_id=/subscriptions? Access_token = {token}. This token is the application's token, not the user's token. Note that the URL is https, not HTTP (the document is wrong), parameter: object, fields (the updates you need to monitor), callback_url, and verify_token (you can specify a token). After submitting this request, a subscription is created. When submitting a POST request, your callback_url must exist and can be accessed. Facebook will get this URL to verify whether it exists.

2) accept updates. After a subscription is created, when a user updates the subscription, Facebook will notify this URL to inform you of the update (post). The update content you receive will be in JSON format, for example: "{" object ":" user "," entry ": [{" uid ":" 100001548188940 "," ID ":" 100001548188940 "," Time ": 1301731097, "changed_fields": ["Feed"]} ", indicating that the user has updated the status, excluding the updated content. Of course, the returned result may be a collection.

After receiving the data, you can perform corresponding update processing. The post frequency based on your application may be high (monitoring all users using your application ).ProgramPerformance.

 

Summary

Facebook is a comprehensive social networking website with rich APIs, including friends, feed, like, music, photo, events, checkin... and many other documents. However, it is easy to use. At least no signature is required for each request API, which is much easier than Twitter and Douban. The key is to spend time researching his documents. The documents contain detailed instructions and the problems can be solved through the documents.

 

Keywords: Facebook, API, social networking site, Weibo, Application
Http://chy710.cnblogs.com/