We're developing a social game on Facebook from which players can share posts on their wall. Now we want to reward them for that with in-game currency.
Of course, this should not provide an opening for hackers to generate infinite funds, but since the posting happens entirely client side, they could so by repeatedly telling our server "I have posted", though they haven't. Unless we add countermeasures.
Can our server check with Facebook whether a post was really made?
Can we attach data to a wallpost, like a cryptographic signature generated by our server?
If not, we need to limit the currency a hacker can acquire with some kind of flood control. Tips there?
We're developing a social game on Facebook from which players can share posts on their wall. Now we want to reward them for that with in-game currency.
I think that’d be a violoation of Facebook Platform Policies:
IV. Application Integration Points
You must not incentivize users to use (or gate content behind the use of) Facebook social channels, or imply that an incentive is directly tied to the use of our channels.
The callback you get after using the Feed Dialog will return to you a post_id. You can store that post_id in your database along with a flag indicating that you have already rewarded the user for that specific post. This way you can "reward" users once per post by testing the existence of that post_id + flag in your database.
Related
My latest project has (had) a requirement for the user to invite their friends to their online service. I discovered that, apparently, as of April 2015 with the new v2.0+ Facebook Graph API, you cannot actually get a list of friends for the user, unless those friends are already subscribed members of your app.
The scenario:
My app is a web service that lets the user collaborate on research work in a private group online. The user needs to
look up their list of friends,
set permissions their friend will have in the group, and
send them an invitation both join the service, and the specific group. (using a unique, one-time use link tied to each recipient)
The user would (ideally) receive an invitation with a specific link for them to not just become a subscriber of said online app, but specifically to join the group they were invited to (i.e. not just a generic "hey, check out this app" type of invitation).
The expectation:
The user doesn't care whether their friend is already a member of "MyApp.com". They expect to simply look up their friends just like they do today from their phone when they connect it to Facebook (makes all contacts available, regardless of whether those friends connected their Facebook to their phone, respectively). Likewise, compare inviting members to your Google docs, for example: look up your contact, set permission, send invite - so easy. Users demand this UX simplicity today and do not distinguish or care whether they are dealing with email, Facebook, Twitter contacts, whatever.
The problem:
The entire point of a social network is to be, well, social. If the Graph API only lets my app access friends that are ALREADY users of my app, it completely defeats the entire purpose - it cuts my user off at the knees, kills UX, no more ability to actually contact their own friends. My understanding is Facebook made this change to prevent developers from spamming users, and I get that, I completely support that. HOWEVER, my company and my app are not the ones that are trying to invite friends for it's own purposes, it is the USER and THEIR OWN friends that THEY have the right to access and converse with for their purposes (or so you'd think). Beyond just friends list, even if I had that, I think there are additional hurdles and limitations with posting messages to friends, even private (not wall) messages, which again would be anti-social.
The Question:
Am I understanding Facebook limitations properly, and if so, what is the work-around? I'd be ok with such an API being locked down until you pass a review that proves you aren't spamming users, but I did not see such an option.
Facebook supposedly prioritizes users over developers, and these changes were made because if the user is not comfortable with privacy (don't spam my friends), then they wont be users any longer, and that obviously affects developers and Facebook. OK, but did they not realize that by locking it down this extreme just killed UX for the user in legitimate scenarios? And to my original point, not just a little, but paramount - the result quite literally is that on April 30, 2015, Facebook became anti-social. Surely this is not inline with their mission. Surely there is a better approach.
If your app is not a game (which I assume), the only viable option would be the Message Dialog as desribed at
https://developers.facebook.com/docs/apps/faq#friend_invite
If your app is not a game and has a mobile or web presence:
You can also use the Message Dialog on iOS and Android, or the Send Dialog on Web. These products let a person send a message directly to their friends containing a link to your app. This type of message is a great channel for communicating with a smaller number of people in a direct way. The Message Dialog and the Send Dialog both include a typeahead which lets the person easily select a number of friends to receive the invite.
You might also find App Invites useful but I beleive it's only for iOS and Android apps and might not exactly fit your use case:
https://developers.facebook.com/docs/app-invites
App Invites are a content-rich, personal way for people to invite
their Facebook friends to a mobile app.
I am developing a web App for users who want to post the exact same thing on a given time on their own Facebook wall to make a message viral. Of course, considering they granted my app the permission to do so and signed up specifically for that matter. Also, the frequency of such a blast message would be rare, no more than once or twice a week.
I would like to know if anyone has any experience in doing this and what the limitations are since I can't find them on Facebook's developer support.
This type of behavior is discouraged by the Facebook ToS. Further, in order to publish to a user's feed you need to have a current access token for that user. If they are currently connected and using your app, you have access to those tokens and publishing should be possible but very well might get your app banned for ToS violation.
This is my first post in this facebook's stackoverflow forum. My background is on wireless baseband prototyping on FPGA platform and do not have any prior experience with facebook development. Now i have a chance to work on social network related development work and i'm quite excited. Anyway above is just my background introduction.
Here i want to create a virtual Facebook user. Imagine you are interacting with your refrigerator on Facebook. This is the kind of concept we want to show.
Following are the functionality i would like to have at my virtual's facebook account..
1) recognize real friend check-in and messages posted on his/her wall.
2) ability to write messages on real friend's wall.
3) recognize messages posted on virtual account's wall.
4) ability to write message on virtual account wall.
How can the virtual account be equipped with such functionalities? Can i achieve by writing a facebook application? Please advise the direction i should look at.
Cheers,
Phone Naing
The facebook api lets you query their graph but it requires an access token to do that.
There are 3 main token types: User, Page and App.
Your app would be able to get an app token easily but it's limited to public data only, like data of public pages.
For a page and user tokens you'll need the actual user to interact with your app in order to get the token.
You can get the friends check-ins, feed, images, events and so on by asking for the right permissions from the user (there are user permissions and friends permissions).
You can also post to friends wall with the "publish_stream" permission.
For "recognizing" posted items on a user wall you can either recheck the user feed every once and a while and compare what you had and what you get or use the Real-time Updates.
With all of that said, I seriously doubt that you'll manage to pull something like that with the current limitations of the facebook api.
Let's start with the fact that facebook does not like profiles to be "vritual", they want the profiles to be of real people.
Of course that there are plenty of virtual profiles but they can remove them (and sometimes do).
Even if you do have these virtual profiles, since they are virtual they won't interact with your application using facebook, that is won't be logged in to facebook via their channels (web interface, android or iOS, etc).
Because of that you won't be able to get a user access token which you need for all of the information you want.
Since the deprecation of the offline_access permission there's no way to have a token which is valid for a user for more than about 2 months, which means that for each "virtual user" you'll need to log him in to facebook and then interact with your app to get a new token.
You can create a page instead of a virtual profile, which will also be fine with facebook.
But here again, you need a user to actually interact with facebook and your app to get a valid page access token, and even if you get that, it's not enough for the data you want to ask for.
To put it all together:
I think it can't be done.
I saw an article on Coca Cola doing something using RFID bracelets to automatically LIKE things on Facebook (photos, etc) as well as a number of marketing companies (http://www.digitalbuzzblog.com/renault-pushes-facebook-likes-with-rfid-at-auto-show) but I wanted to know how are they technically able to do this? As far as I know, the terms of service prevents this so how would one technically (using code, etc) automatically like an object? Could you do it using QR codes?
From here: http://www.webmonkey.com/2010/04/facebook-tags-everyone-at-f8-with-rfid-chips/
It looks like you have to link your Facebook account to your RFID tag (by logging into FB and entering in some serial number.
This is new functionality implemented by Facebook. I haven't found any info on how to implement readers for these devices, and it may very well not be available to the public (developers) yet.
My guess is that they're still working out the idea with some limited vendors that they can control for now.
DISCLAIMER: I'm no RFID expert! I'm only guessing here!
I suppose the user authorizes an app with publish_stream, offline_access permissions and the token get stored and linked to the RFID. Then something like the below is happening (imagine we are in a car exhibit):
The user swipes the card against a machine placed next to a car (representing a photo from the Facebook Official Brand Page photo album)
The serial got read from the RFID card
The access_token is retrieved
A simple HTTP POST call to something like: PHOTO_ID/likes is issued with that access_token
in my company we use an rfid technlogy that allows users to like a page, checkin, or share photos on a pages timeline.
The issue here is that you can' t of course do it without the user permission, in fact, when you give people the bracelet they have to register the unique rfid code with the RFID-APP cms.
The cms is nothing but a facebook app which associates the rfid token to your fb/tw/... profile asking you the given permission to post on you behalf to that page.
Best
Mario
i'm developing an application for a university exam, using Appengine and Gwt (Google products) and i'd like to implement Facebook this way:
- give the ability to a FB user to login to the application through facebook (did this implementing the oAuth2.0 flow, so now i have the user's access token and his permissions)
- since the application is for being notified when a professor publishes some material for his course (this is all handled by appengine), i'd like to notify the user when a professor publishes some material, through a wall post or a note from my application in a way that it writes to the user something about the new published material.
I've been looking through EVERY single resource online, and couldn't find an answer: a lot of similar questions but no answers.
Writing the POST is not a problem, and for the moment i'm trying with the api graph explorer.
I manage to write on the user's wall/note as if he's writing himself or (if the user likes the application) write all the likers a wall post/note (but the same to everyone).
But i don't find a way to send personalized wall posts/notes to every user in response to some specific material published.
FB doesn't allow to do this because is considered spamming?
You can't directly post things to your user's wall as a way of notifying them - wall posts are intended to be things the user posts from within your app (for instance, they find something in your app interesting and choose to share it with their friends, so they click a 'Share' button).
You could try using an App-Generated Request (http://developers.facebook.com/docs/channels/#requests). This will increment the user's Bookmark Counter, and when they click on it they will enter your app and you can show them the latest news.
OR, you could ask for the 'email' permission for your app, and send the user an email notification when something is new.