I was wondering whether it's allowed or not to have a FB app, which would eventually post into user's timeline(on behalf of the user) some user related stuff(which doesn't matter at this point) and also a logo(image) of one of the app's sponsors??
Would this app still be in compliance with FB's policy?
I've read the FB's policy already, but i'm not sure if it's very clear to me, whether it's allowed or not.
thx a lot.
I don't think this adheres to the Facebook platform policies:
https://developers.facebook.com/policy/#control
Specially points 2.1 - 2.3 and 5.4 might be interesting:
2.1. Obtain consent from people before publishing content on their
behalf.
2.2. Use publishing permissions to help people share on Facebook, not to
send people messages from your app.
2.3. Don't prefill captions, comments, messages, or the user message
parameter of posts with content a person didn’t create, even if the
person can edit or remove the content before sharing.
5.4 Only incentivize a person to log into your app, enter a promotion on your app’s Page, or check-in at a place. Don’t incentivize other actions.
Related
Till today there have been methods to get to Facebook User Page by user id. I mean ID, that facebook API returns to our app: https://graph.facebook.com/10152384781676191?fields=link
{
"link": "https://www.facebook.com/app_scoped_user_id/10152384781676191/",
"id": "10152384781676191"
}
But none of the methods works any more:
https://www.facebook.com/app_scoped_user_id/10152384781676191 - does not work
https://facebook.com/profile.php?id=10152384781676191 - does not work
https://facebook.com/10152384781676191 - does not work
UPDATE: It seems the following happened: according to TechCrunch, malicious sites pulled data form public user profiles.
After TechCrunch article Facebook immediately blocked the URLs that Graph API returns: graph.facebook.com/v2.11/{user-id}/?fields=link&access_token={access-token} . They "...are working on instituting additional authentication and rate limiting...".
Any 1) quick workarounds and/or 2) permanent solution?
Facebook banned the link property in their Graph API intentionally. Now they propose to fill out a from in order to review each case individually.
The form: https://go.fb.com/2018-FB4D-platform-review-form.html
News update from April 20th: Facebook Login Changes to Address Abuse
It came to our attention yesterday that some third-party tracking scripts on websites were directly accessing Facebook public profiles. While investigating this issue, we have taken immediate action by:
Disabling the ability to resolve the app-scoped user ID (ASID) returned by Facebook Login to a Facebook profile page, even for logged-in users.
Instituting rate limiting of profile picture requests, to further prevent any third parties from trying to link people's activity across different websites using the application-specific identifiers issued by Facebook Login.
We don’t take breaking changes lightly, but we believe that these updates will help protect people’s privacy and increase trust across the ecosystem. If you have an urgent issue in need of resolution, please fill out this form and someone from our team will get in touch with you.
Thank you for your patience while we work to resolve this issue as soon as possible.
I'm getting constant alerts about the primary purpose of the app redirecting people off the Facebook platform. The entire app takes place within the community and even finishes by asking the user to return to the timeline. Would someone be able to shed light on the conflict. The app is a voting competition: http://bit.ly/UlsterWeddings
Any help would be greatly appreciated. The alert is below.
THE ALERT: Your app appears to have a Canvas integration that redirects people away from Facebook. This violates Facebook Platform Policy 4.8: "Don’t build an app whose primary purpose is to redirect people off of Facebook." In order for us to consider your appeal, your app will need to stop redirecting users off of Facebook.
I've received this alert as well, as have many other developers who are discussing it in the Facebook Developer Community group on Facebook.
Just so we are all on the same page with respect to terminology, "canvas" refers to application web pages displayed in an iframe on facebook.com with the Facebook chrome/navigation elements surrounding the app's page content. Facebook restricts some api methods to only being available on canvas pages, and prohibits unapproved advertising providers (read: Adsense) on canvas pages.
From what I've gathered, today Facebook deployed a new automated policy enforcement script which is why many apps are seeing this alert just now. In typical Facebook fashion, no useful actionable information is provided. The policy itself has not changed, but I was advised to review this video: https://www.youtube.com/watch?v=tYcxyh5HQSI#t=94
The final example in the video is of a user clicking on a link from a post in their stream. In the example, clicking the link takes the user to an off-canvas page. I was told by a Facebook policy employee that this is specifically what my app is doing in violation of the policy.
My conclusion from this is that Facebook have ratcheted up enforcement and significantly tightened up their interpretation of the policy: if your app allows the user to make a post while they are on a canvas page, any links in the post must go only to canvas pages. That is my interpretation which seems to follow from what you see in the video, and from what a Facebook policy enforcement employee told me.
This is a huge departure from past interpretations of the policy. I am guessing that thousands (tens of thousands?) of Facebook apps violate this policy as it is now being interpreted. I for one shall be abandoning canvas and going back to a simple website with Facebook integration.
I have a facebook user who is the owner of the company I work for. He has a single Facebook page, which is the "company page" on Facebook. He created a FB "app" with permissions "manage_pages" and "publish_actions". So the FB api can post to his FB Page, on his behalf, as the app.
Inside the company, we have a few hundred people that use an intranet-based software app. When the users engage in a certain function in the software, the code uses the Facebook API to post a message to the public company page using an access token of the FB account of the company owner. This system works great, but the app is not yet approved, so no one can actually see the posts on the FB page except the company owner.
The software is only available inside the company building, it's not reachable via the Internet. There would be serious intellectual property concerns with allowing an anonymous facebook employee into it. There would be security concerns about making this all public on the web. So I have to presume that FB will not be able to see the backend here - where the posts are created.
So because of this, I've run into problems getting the app reviewed because I have no way to let Facebook reviewers actually see the software where the user creates the post, as they requested.
Is this considered a non-starter setup by FB, or does FB have any contingency for this situation? Or do they expect every FB app to be used in a completely public environment? I'm just thinking surely I'm not the only person trying to use a FB app to post to a company page from a publicly-inaccessible place inside that company?
Thanks!
This was the answer to the problem, thank you CBroe: It is not a matter of approval that makes the app's postings viewable by everybody, but simply of the app still being in development mode.
The actual Facebook gui in the app dashboard doesn't say "development mode" on/off like it used to. It now says "do you want to make this app live to the public". I selected "yes" which made the app's postings viewable by everybody.
In my case, the original confusion stemmed from the fact that we didn't want to make the app live to the public, we only want our one company owner to use the app - so we naturally did not change that setting to "live".
I'm trying to get a user to 'Like' a page via the SDK. User is signed in and I get a valid access tokken form the cookie. My APP has asked for permissions read_stream and publish_stream. I can successfully do things like post to their wall, etc. But when my APP tries to 'Like' a page, I get the error back:
OAuthException: (#3) Application does not have the capability to make this API call.
Am I missing some other permission, or is there a setting I have to turn on in my APP? I'm at a loss here.
You can't like a Page on behalf of a user (Bugzilla discussion). You can, however, like posts, comments, and photos on behalf of a user.
Edit 7/9/2012
Since bugzilla no long exists, the bug linked above is inaccessible. Google doesn't have a cached version of the page, so I ran another search. The best thing I could come up with was this Google Code Discussion regarding the ActionScript API.
Facebook makes brief mention of Publishing likes via the Graph API in the documentation, but doesn't say one way or another whether you can like a Page on behalf of a user - just "Objects" which (probably arguably) are not "objects" in Facebook-lingo.
My thought is, the API to like page is available, but is only offered to white listed applications (such as, the Facebook iOS and Android applications) written by "special" publishers. There's obvious reasons why Facebook wouldn't want/allow developers to create like connections on the graph. It would be taken advantage of by spammers and other nefarious developers and would deteriorate the meaning of what a "like" represents for a page on Facebook.
My guess is, you'd have to make a pretty strong case to Facebook about why you need/want access to the Page's Like connection (for publishing) before they'd even consider giving you access. I'd also guess that they'd want to verify that you're doing only user initiated like creations (in such a way that the iOS application would handle it) so as to protect the reptutation/meaning of a "like" action.
Actually this is NOT true, but you have to do a complicated Javascript / UIWebView process in order to display a Facebook 'page' of JUST the like button on your view, and this like button you can configure in the JavaScript / Objective-C (using string replacement) to be any Facebook page url you like.
Facebook's platform policies don't allow for a web-based like button aside from using the officially supported options
Those options doesn't require using OAuth or the Open Graph api. However, facebook just added support for mobile apps to send like actions through opengraph.
I'm not sure if they intend to allow sites to customize their like buttons or just apps...
Liking works for me with the iOS SDK using the graph api:
https://developers.facebook.com/docs/opengraph/actions/builtin/likes/
According to the Facebook Platform Policies:
You must not pre-fill the user_message
parameter or content sent via an
extended permission (such as a status
update or note), unless the user
generated the content earlier in the
workflow.
Does that mean that I can't publish stories to the stream automatically, even if the user agreed to?
I've seen apps (such as PlayStation Network, Foto Diaria) that publish stories automatically.
PlayStation Network publishes stories about actions you did in PS3 games and Foto Diaria publishes a picture from your wall every day. In both cases the attachment is created by the application, and the user message is empty. Could that mean that publishing stories with an empty user message (empty, not absent) is not considered pre-filling?
EDIT: I need to know what is allowed or not by the Facebook Platform Policies, not how to post stories.
If you ask the user for the publish_stream extended permission then you'll be able to post automatically whilst the user is interacting with the application. You can pre-fill the user message only if it's something that the user has entered earlier in the process e.g. if you've asked them to comment on a piece of content and then publish a story about the comment. If in doubt, leave it blank.
If you want to publish automatically even when the user isn't online then you'll also need them to grant the application the offline_access extended permission. In this case you'll also need to store the session key that Facebook gives you for that user.
https://developers.facebook.com/docs/guides/policy/examples_and_explanations/stream_stories/
Check this out. The Platform policies section of the FB Dev site has some additional documents to allow you gain a better understanding of the guidelines for sharing.
Please also read the section about User Feedback.
https://developers.facebook.com/docs/guides/policy/examples_and_explanations/user_feedback/
Hope this helps.
We can ask user to grain of offline_access permission, which is access to user profile at anytime, even if user is not online. But this permission will no longer available.
I agree that this permission is so harmful to user.
But it still useful if owner app want to post to their own account during user use their app. If you want to post to your self account, you can manually grain offline_access to your app, and select access_token and keep it in your own app, and use it when you need to post your account. It make sense that Facebook should allow developer to do this task.
it is simply forbidden but, there is a catch about it, if is text prepared by user previously, you can post that text later and I think you are able to add your own text to that. But not so sure..
I'm saying this based on McDonald's Canada's yourquestions app, you can ask questions to them, whenever its answered they posting to your wall.
But to clarify that, as a PMD I'll ask to FB personally and let you know what is the answer is.