I am working on an app for a company to pull in Facebook Insights data for a data warehouse. The app itself is a simple .NET client/REST API that works fine but is limited by the amount of data we can pull at a time because we are in development mode. I've looked into going into production mode, but Facebook wants a privacy policy and a number of other steps that leads me to believe the app will become publicly available. How do I go to production mode and still keep this private? Is it possible?
Related
My use case is fairly simple: I want do display the latest images of an Instagram profile I own on a public website I own.
For this purpose I've written an integration of the Instagram Basic Display API, registered an app with https://developers.facebook.com/apps/, implemented an automated access token renewal mechanism and everything works locally.
So, as I'm about to publish this feature to the website, I'm not able to find any official policy from Facebook that clearifies whether or not I'm required to put this app in "Live Mode".
Technically, "Live Mode" has no benefits to my use case and I'd find it way out of proportion to go through an App Review process, just to display a list of images that are my own anyway. So my question is:
Given this scenario, is it allowed to keep said App in "Development Mode", while still using its data for production purposes?
And: Are there any official statements on this, that any of you might be aware of and that I'm just not able to find?
I found this: https://developers.facebook.com/blog/post/2019/09/23/live-mode-for-production-use/
But even though the headline is fairly unambiguous, the article itself doesn't help making the issue any clearer...
It is OK to use Development mode in such case: https://developers.facebook.com/docs/app-review/introduction
If your app will only be used by app users who have a role on the app or claimant Business, App Review is not required and your app does not need to be switched to Live mode.
I am trying to set up a new Facebook App that is used to pull in the latest post from a public page into another website. I successfully did this a few months ago, but since the GDPR law has come into effect, Facebook's process of creating new apps has become much stricter, requiring them to go through App Review before allowing access to the Pages API product.
However to go through the App Review process, I need to provide step by step instructions and a screencast of the app in action. This isn't an app in the traditional sense, and how am I meant to show the app in action when I can't get it working without it being reviewed!?
The docs mention that "While testing and before submitting for review, your app may only access content that is available on a Page that you, as an app admin, developer, or tester, administer. If the app wants to access public content on other Pages, you must submit this feature for review" - does this mean that I do not to go through App Review if the Developer Account has access to administer the page in question?
To answer your question directly, if your app will only be loading data from pages that you admin, you don't need review/approval to use that API
That said, if you're making this app to fetch posts from someone else's page it will need approval, and if it's a simple background script i'm not sure how you can have it reviewed - the process is focussed on page management tools used by multiple users rather than once-off scripts
I have a multi-tenant web application and I'm wondering which would be the best way to let all the tenant publish their content on the feed of their facebook page (if they have one of course).
There's no public page/link to share so all the shared content has to go straight to the feed (using JS with FB.api feed + photos...). I am wondering which is the most proper way to accomplish this task: having one FB app for every tenant, or using the same FB app for all the different pages, or some other way...
Any suggestions?
I would set this up using a Facebook app for each tenant. This would be forward thinking if you ever want to do further Facebook integration. This also protects your tenants from eachother's behavior. If one tenant violates Facebook policy (There's a lot more of it nowadays) and gets their app locked or anything similar then it won't affect your other tenants ability to interact with Facebook. Also if your application is a white label app then giving each tenant their own Facebook app is almost necessary. Of course each clients having their own app does incur maintenance costs. Whenever Facebook decides to deprecate functionality or implement new features that require their Migration strategies, you'll have to manage each of the apps individually at developers.facebook.com, and depending on how many tenants you have and which features you've integrated with, that can be become tedious since there's no way of automating confirmation of compliance for all of the apps set up. Also now there's a review process for a lot of integration features. That review process would be required for each of the apps individually depending on the features implemented.
Is it possible to limit the total number of user installs of a Facebook application using Facebook API or configuration?
Obviously the beauty of Facebook's platform is the virality. However, the greater the number of installations the more server demands grow etc.
So when building applications for clients with fixed budgets (think marketing activity / capping adverts per day based on spend) - is there a way to restrict the total number of users that Facebook allows to install an application?
Specifically talking here about building Facebook Games.
No, there is no build-in mechanism for that – because usually developers are happy about an ever-growing user base.
A canvas app is not really “installed”, users just connect to it. And this is the only point where you could try to handle this – once a user has connected to your app, you can recognize that (via the signed_request parameter or using the JS SDK) when he visits your app next time. So from a certain point on you could just not ask users for login any more (FB.login, redirecting them to the Auth dialog, …).
Obviously your initial app page will still be called, but any stuff you do afterwards with connected users and their data (if that’s what strains your little server most) you could just stop for users that are not already connected. Big downside of this is of course, if a user removes your app (willingly or by accident), they will find no way to re-connect with your app again.
Maybe you should consider hosting your app on a platform like Heroku – it’s free, and I think they will provide you with enough server power to handle your app growing larger than initially planned/expected.
I know about test accounts, but during beta I'd like to allow access only to my friends, and then later friends-of-friends, and then only eventually Kevin Bacon and his friends.
That would probably suck, wouldn't it? The app would be listed (is there a way to prevent listing?) and someone I don't know might try it and get a "sorry, this is in development message." I imagine they'd be irritated and not come back.
From what I've read, only a few apps take off, but when they take off, they REALLY take off. Do developers just release these things fully baked?
Anyone start out with OpenSocial or other smaller-than-Facebook networks?
Any ideas for a soft, gradual, restricted roll-out?
Once you've set up your application, there is a setting in the Developer application control panel for your app: Your app -> Advanced -> Sandbox Mode.
Sandbox mode lets you restrict access to only those people listed as developers (under the Basic section).
In terms of expanding the app, Facebook doesn't provide much more flexibility that the Sandbox mode. Unfortunately, adding everyone as Developers of the app doesn't work very well for a beta, as people can access the application control panel once they are a developer. I ended up putting a whitelist of Facebook Ids into the front controller of my application for a previous beta, and it worked fairly well.
The apps are only listed in the App Directory if you submit them and they are accepted. There's no issue about preventing listing, it's something you have to apply for.
As for restricting users, you can accomplish it with a script in the application that checks whether the currently logged-in user is within your restricted user set. For example, if you only want friends of yourself, check whether the current user is friends with your user id. If not, simply display an error/message page or redirect them to the Facebook home page (or wherever). Add this check to the rest of the start-up logic run each page (such as connecting to your DB and authenticating with Facebook).
What I have done in some cases is keep a database table with the user id's of users who are allowed access, essentially a "whitelist". If the user isn't in the table, redirect them.