We are developing a mobile application that communicates with a server, which sends a generated email on behalf of the app user to a facebook user.
The user sending the email is signed on to Facebook.
The email is sent to one or multiple FB friends/connection using their id (example: username#facebook.com).
The sender email can be from any domain and that's where the problem lies. Sending directly from gmail for example, works fine. But because our server is sending on behalf of the user, FB thinks its a spoofed email.
Sending the email from the app is not an option for us at this time.
Is there any way or service that would allow us to do this without having our emails marked as spam?
Facebook is transitioning away from the ability to send emails via an
API call on Mar. 1st. To compensate, they allow apps to now ask for a
user's email address directly.
If you set the email domain in your app's settings, then asking for
the email extended permission gives you the users email address
instead the ability to send an email via the API.
As of Mar. 1, the API will stop working and you are left alone to
figure out your own email solution. This goes for regular
notifications, both user to user and app to user, as well
From here
And:
Please note: We are in the process of deprecating the REST API,
and will not be adding support for this in Graph API.
Developers should directly send email to users once they are granted permission.
From here
However, I would suggest rather sending private message than emails, as described here
Related
I have a domain which uses Google Apps for Business to handle email. I already have it mostly set up--MX records point to the correct location and my domain is verified.
I'm now writing a python app (with Django) that will need to serve mail from my domain. What's the correct way to do this with Google? Should I create a Google Apps "user" for the organization as a whole, and then authenticate via SMTP as that user and send mail from there?
The Gmail API says that it
is the best choice for authorized access to a user's Gmail data.
and that
Automated or programmatic message sending
is a typical use case. However, I'm not trying to access a user's data or send mail on behalf of a user, but on behalf of my domain. What's the correct way to proceed?
Any help much appreciated!
You could use SMTP or the Gmail API based on your description. In both cases, you'll need some sort of service account to send mail from. With SMTP, as you mentioned, you'll be authorizing via the instructions you linked.
If you choose to use the Gmail API route, you'll be authorizing the API usage with the account. The Gmail API has many other use cases (e.g. to access user's data) but you're only using it to send emails on behalf of a service account you control.
I am working on website with symfony where users create a page which is publicly viewable and I need to do something so that the users can send an email to their gmail or yahoo or LinkedIn or Facebook contacts(they can choose to whom the mail should go, it's like sending invitations to their mail contacts) about the site saying all about its greatness. I have no idea on what this process called or how to do this ? Do I need to use any Apis or ?
Usually this is done with several invitation channels:
simple email input field
https://developers.facebook.com/docs/plugins/send-button - with Facebook App, but no API call needed, you can just create the code with the code generator
Not sure if there is a possibility to share something with specific LinkedIn accounts, but i assume that you need to use their API: https://developer.linkedin.com/apis
Update
This was reported to Facebook via https://www.facebook.com/whitehat/report/ on Dec 16th 2013 and Facebook responded on Dec 17th that the bug has long since been fixed.
I have retested this with my Facebook account (that I still haven't verified the email address on) and when using the Grap API Explorer tool it is not possible to get the email address of this account using the Graph API or using a FQL query.
Conclusion: The email address you get from Facebook using the Graph API or a FQL query is a verified email. If an account hasn't verified it's email yet it's not possible to get it.
Original Post
I am making a web app with SSO that is offering the user to sign in with either Google or Facebook. I would like users who have both types of accounts to show up as the same user in my system regardless of which identity they log in with. To achieve this I'm thinking of using the email address as the identifier to know if I should create a new account or if the user already exists.
To not introduce any security problems I must know that the email address is verified and actually belongs to the user. For Google the userinfo API can tell me if an email is verified or not, so there's no problem here. But I can not find anything like this in the Facebook Graph API.
Is it possible to know if an email address is confirmed on Facebook?
I know that there is a verified field, but that only tells if the account is verified and not the email address.
At first it looked like you are only able to use the Graph API for accounts where the email address has been confirmed. If the address wasn't confirmed I just got an error telling me that I had to confirm the email address first before being able to sign in to any third party site.
However this does not seem to be true for all accounts. In some cases it's possible to get accesses to all parts of Facebook even if you don't have a confirmed email address. One example of this is when you sign up with a #myopera.com mail address.
When you sign up to Facebook with a #myopera.com email address you get a message that your account has been temporarily locked as soon as you submit the sign up form. To continue you need to provide your phone number to verify your account and to "keep Facebook safe and free from spam" (sorry for the Swedish in the screenshot, this was before I could get into Facebook and change language to English):
When you provide your phone number you are logged in and Facebook doesn't nag you any further about that you have to verify your email address.
The only place where you can see that your email address is not yet verified is on the settings page:
The Mobile Settings that is usually not accessible before you have verified your email address is available and lists the phone number entered during sign up:
In addition to this it is also possible to log in to third party sites with an unconfirmed email address:
When I connect to the graph api with this user I can get the unconfirmed email address and the verified field returns true as expected since I have verified the account by adding a phone number. So obviously I can't trust that the email address I get from Facebook really belongs to the user that has the Facebook account.
Is there any other way of knowing if the email address is verified or not or do I have to verify it myself if I want to use it for identifying the user?
I was looking for an official Facebook statement regarding this issue and finally i found this: https://developers.facebook.com/docs/facebook-login/multiple-providers#postfb1, which clearly says that developer should not rely on the fact that email address is verified.
I've never used it, but you may be able to check with a FQL query of the user.email_hashes: http://developers.facebook.com/docs/reference/fql/user
I'm trying to send an email through the Facebook API. I've added the application and given it the email extended permission. I've been following the instructions at http://wiki.developers.facebook.com/index.php/Notifications.sendEmail and am using their sample code (albeit with correct userids in place of the ones they list):
$uids = array(12345,67890,13579);
$csv = implode(",", $uids);
$result=$facebook->api_client->notifications_sendEmail($csv,"Test: this should appear in the subject", "This should appear in the body (plain text)", "Test: <b><i><u>this should appear in the body</u></i></b> (HTML)");
echo "sent to $result targets of ". count(str_getcsv("$csv",",")) . "total.";
The api call returns no errors, but $result is empty indicating none of the emails were sent (confirmed by the emptiness of my inbox). I have tried this in and out of sandbox mode. Asking facebook for contact_email, proxied_email, and email, all return correct results. Attempting to send an email to the address returned by proxied_email does NOT result in an email being received.
I've also tried sending normal notifications and adding news items to the dashboard, both of those work without problem. I'm not sure what application setting or configuration I am missing. Any suggestions for troubleshooting would be very much appreciated.
Facebook is transitioning away from the ability to send emails via an API call on Mar. 1st. To compensate, they allow apps to now ask for a user's email address directly.
If you set the email domain in your app's settings, then asking for the email extended permission gives you the users email address instead the ability to send an email via the API.
As of Mar. 1, the API will stop working and you are left alone to figure out your own email solution. This goes for regular notifications, both user to user and app to user, as well
I'm building a website that allows user to connect using Facebook Connect. So far I'm able to log the user in and fetch data about them (name, email, pic, etc.). If I fetch the email (using Users.getInfo) I get a proxied email (apps+blahblah#facebook.com), which is absolutely great. Problem is, that email doesn't work. I've tried sending an email to it and I never received it. There are two reasons I see that could cause this:
I don't have enough permissions. Ok, I can understand that, but if I don't have enough permissions then why are they returning an email at all?
The email has to be somehow sent from the application itself (I've tried sending it from my Gmail account) -- but how would Facebook know that the email is coming from the application?
So which is it? Or is it something else?
I have recently been looking into this as well.
I did find some guidelines on http://www.insidefacebook.com/2010/01/15/facebook-platform-email-sharing-api-proxy-email-service-going-live-in-5-days/
here is the most important part:
Emails you send must clearly indicate that they are from you and must not appear to be from Facebook or anyone else. For example, you must not include Facebook logos or brand assets in your emails, and you must not mention Facebook in the subject line, “from” line, or body header. All emails to users must originate from the same domain, and you must provide us with the name of that domain in the Facebook Developer application used to manage your application.
I have already found that if you do not have the address in the from as #facebookappmail.com
might even have to be appname#facebookappmail.com the emails will bounce. So sending from your gmail will not work, the "blah blah blah" in the proxy contains the application information of the application that had the permissions to get that email.