- [Facebook App and Graph API Versioning] (#i-facebook-app-and-graph-api-versioning)
- [Graph (Platform) API Changelog v1.0 to v2.0]
(#ii-graph-platform-api-changelog-v1-0-to-v2-0)
- App-Scoped User ID
- [New Permission to Get a User's Friends] (#b-new-permission-to-get-a-users-friends)
/me/friends
has New Meaning- Facebook App Cannot See User’s Friends’ Data
- Friend List No Longer Contains Individual Members
- Default Permissions have a Name Change
- Facebook will Review Your App if Too Many Permissions are Asked
- Deprecate
/me/locations
Endpoint - All Endpoints Require
access_token
- Added, and Deprecated Permissions and Endpoints
- Graph (Platform) API Changelog v2.0 to v2.1
- Platform API Changelog v2.1 to v2.2
An un-versioned API call will called the oldest version that your Facebook App migrated to.
Facebook App "Foobar" will be forced to migrate to v2.0 on May 1st, 2015. Therefore, on that day forward, any un-versioned call is, behind the scenes
/me?fields=name
is exactly the same as
/v2.0/me?fields=name
When a version of the API expires, apps that still use the expired version will automatically start using the oldest supported version of the API.
This means that if your app is using v1.0 calls on May 1st, 2015, calls will return behavior from v2.0 of the API. This is true even if we've released newer versions of the API.
Endpoints like /me
, /{post-id}
, /{app-id}
, etc
There is a caveat to the following notes, please read it at the end of each bullet point.
-
Each application will return a different
user.id
for the same Facebook profile.# With the same Facebook user # Using access_token from Facebook App "Foo" /me?fields=id # => { id: 12345 } # Using access_token from Facebook App "Hello World" /me?fields=id # => { id: 17 }
Caveat
For all Facebook user who already authorized an Facebook App, the
user.id
will stay constant (i.e. same as the v1.0user.id
) -
Mapping
user.id
across Facebook AppsYou can only do this if all your Facebook Apps are under the same business.
Use Business Manager to group all those Facebook Apps under the same business. And then use the [Business Mapping API] (https://developers.facebook.com/docs/apps/for-business).
The new permission is user_friends
.
This permission is default in v1.0; it must now be asked for separately in v2.0.
v2.0 will return only friends of that user who have authorized your app.
v1.0 will return all friends.
All friends_*
permissions are removed.
In v1.0, an App can see data of its users' friends. In v2.0, that is no longer possible.
Caveat
If your friend has authorized the same app as you did, that app can get your friend's data by querying directly against your friend. Not through you (and your authorization).
The /{user-id}/friendlists
will return responses like
[{ id: '123', name: 'Close Friends', list_type: 'close_friends' }]
[Documentation] (https://developers.facebook.com/docs/graph-api/reference/v2.2/friendlist/)
Individual members of the friend-list will not be returned.
In v1.0, the permission is basic_info
.
In v2.0, the same permission is renamed to public_profile
.
The capabilities are the same.
The following are the maximum permissions to ask for without Facebook's review
public_profile
email
user_friends
Apps created before April 30th, 2014 must be reviewed by April 30th, 2015. Unapproved permissions will not be shown in login dialog afterwards.
Other Apps, no deadline for review. However, they must be reviewed before prompting for additional permissions.
The new endpoint in v2.0 is /me/tagged_places
. An App needs
user_tagged_places
permission to use it.
A Facebook App can't call any endpoints, unless a user has authorized it at least once.
-
Permissions
-
Removed
create_event manage_friendlists read_requests user_checkins user_notes user_online_presence user_questions user_subscriptions xmpp_login friends_about_me friends_actions.books friends_actions.fitness friends_actions.music friends_actions.news friends_actions.video friends_actions:APP_NAMESPACE friends_activities friends_birthday friends_checkins friends_education_history friends_events friends_games_activity friends_groups friends_hometown friends_interests friends_likes friends_location friends_notes friends_online_presence friends_photos friends_questions friends_relationships friends_relationship_details friends_religion_politics friends_status friends_subscriptions friends_videos friends_website friends_work_history
-
-
Endpoints
The REST API is complete gone.
No more FQL queries
In v1.0, the endpoint is /{app-id}/insights
In v2.1, the endpoint is /{app-id}/app_insights
We can query parent and its children in one request
Let's say I have to find
- My posts
- My Albums
- Photos in each of my albums
- Two Tags in each of my photos
And the relation among them look like this
<img src='http://g.gravizo.com/g? @startuml; skinparam classAttributeIconSize 0;
class Me {; };
class Album {;
- name; };
class Post {; };
class Photo {;
- name;
- picture; };
class Tag {; };
Me "1" o-- "0..N" Album; Me "1" o-- "0..N" Post; Album "1" o--> "1..N" Photo; Photo "1" o--> "0..N" Tag; @enduml '>
Instead of making 4 calls, and for-loops, we do it like
/me?
fields=
albums{name, # album's name
photos{name, # each photo's name
picture, # each photo's URL
tags.limit(2) # give me 2 tags per photo
}
},
posts # give all my post-objects
The curl
call
GET https://graph.facebook.com/me?fields=albums{name, photos{name, picture, tags.limit(2)}},posts&access_token=0a123b
To query an Open Graph Object (or App Links), do
graph.facebook.com/?id=<urlEncodedURL>
No more raw "true" or "378293782" Sting response
It will be something like
{ "success": true }
// or
{ "id": 378293782 }
A Facebook App querying /me/permissions
will no longer return installed
permission.
If /me/permissions
returns any data (except an error), that user has
installed the Facebook App.
/{user-id}/picture?redirect=false
now uses the attribute url
in the
javascript response. Not uri
.
redirect=true
will give you the picture itself, binary response.
{ url: 'http://facebook.com/foobar.png' }
GET /{post-id}
{
attachements: [
{ id: '123', url: 'http://facebook.com/foo.png' },
{ id: '2', url: 'http://facebook.com/hello.png' }
]
}
If your Facebook App is already a page-tab App, then your App automatically gets updates from the parent Page.
If not, you can subscribe a Facebook App to a Page.
Issue the following with a Page Access Token
POST
/{page-id}/subscribed_apps
{
access_token: '0a1b2c'
}
The endpoint will extract the app_id
from the access_token
, and make
that App listen to the Page for updates.
A Facebook user can no longer use a User Access Token to get Page data.
A Page Access Token requires a user to ask for the manage_pages
permission
from the Page.
The new endpoint will have
{
perms: [
"ADMINISTER", "EDIT_PROFILE", "CREATE_CONTENT", "MODERATE_CONTENT",
"CREATE_ADS", "BASIC_ADMIN"
],
roles: "Admin"
}
roles
: enum{Admin, Editor, Moderator, Advertiser, Analyst}
New request body will be like
POST /{page-id}/settings
{
options: { "APPEARS_IN_RELATED_PAGES": false }
}
You can only update one setting per POST.
/{group-id}/albums
will use the same response format as that of
/{user-id}/albums