I am sending an app generated request to a user(already authorized the app) by calling the below js function
function send_app_request(){
FB.api( "/" + '<TO-USER-ID>' + "/apprequests", "POST", {
message: "Custom Request for you!",
title: "Sample title",
access_token: "<MY-APP-ACCESS-TOKEN>"
}, function(response) {
alert(response.toSource());
console.log(response);
});
}
The script is working fine, and when the user clicks on the the app icon(with the red notification), at the top right corner of the canvas, he gets redirected to ther app's index page(apps.facebook.com/MY-APP), which is also fine. My question is, what parameter should I add in my FB.api call so that the user gets redirected to my desired app url(eg: apps.facebook.com/MY-APP/show-article/?article_id=5) instead of the index url.
Requests always direct user to your application canvas.
Citing Requests documentation:
Requests are only available for Canvas apps, not websites, as accepting a request will direct the user to the Canvas Page URL of the app that sent the Request.
Possible solution will be addition of desired URL within Request data property and once user land on your Canvas URL with requests_ids passed in URL arguments, read those requests and decide based on data property where user should be redirected.
data
Optional, additional data you may pass for tracking. This will be stored as part of the request objects created. The maximum length is 255 characters.
Update:
To get the data assigned with application/user request fetch it from Graph API:
https://graph.facebook.com/<REQUEST_OBJECT_ID>_<USER_ID>?access_token=APP_ACCESS_TOKEN
Related
I'm using the Facebook requestdialog to show my friend list and invite,this in a Facebook Web APP, using this:
function sendRequestViaMultiFriendSelector() {
FB.ui(
{
method: 'apprequests',
message: 'Selección de amigos a los que invitar a KugaBar'
}, requestCallback);
}
function requestCallback(data) {
console.log(data);
}
It works (ok).
But I need to identify the user when enter in my APP, you see the requestCallback data and see a "request", but when the users click on the notification and enter in the APP
I don't know how identify the request to detect if the user is accessing by the notification.
EDIT: OK I found it.
The param in the GET vars are "request_ids", but one problem appear, this param only come if the user previously have accepted the permissions, if the user clicks on the notification, and accept the permissions, hitting enter: this param doesn't exist, if the user enter again (not need to accept nothing) this param exists in the URL.
Are there any method to get this param in the first time the user enter?
Thanks
When the user first clicks on a request, you should get the request_id from the URL and store it in a cookie. When the user has completed logging in, check if the cookie exists and then update your record accordingly.
Notifications and Requests are NOT the same thing on Facebook. In your case you're talking about Requests. Request ids are passed to the app as a GET parameter 'request_ids' which is a comma separated list.
To be able to access this parameter after login dialog, you want to save your GET parameters from the original launch URL before redirecting to the OAuth dialog and pass them around in the redirect URL. This way you solved this problem for all of your future GET parameters.
If you're using PHP, the function you're looking for is http_build_query. I'd highly discourage from using a cookie to store one-time and easily accessible URL parameters.
I need to keep a track of users referring other users to my website. So i want whenever a user invites his friends from facebook, the invitation link to contain his userid. Is it possible to send invites with random urls.
For eg : Right now the user gets the invitation link for http://example.com because that's what i have specified in my app site url.
I want the invitation link to be http://example.com?referrer=joe
I want the invitation link to be http://example.com?referrer=joe
And “joe” would be who or what here? If it’s the user sending the request – you have his id already, it’s in the request object details under from.
If you want to pass any other referential data – the Requests dialog has the data parameter for that. You can put any text data in there, up to 255 characters long. And when the user follows the request, you will get the request id[s] they are acting upon – and then you can read the request details from the API, and you will get that value you put into data back from there as well.
See docs: https://developers.facebook.com/docs/reference/dialogs/requests/ and https://developers.facebook.com/docs/requests/
Imagine, that you have JS function:
function invite(){
//number from 0 to 9
var i = Math.floor((Math.random()*10));
//get random param
var param = arrayOfDefinedParams[i];
//define request URL
var requestUrl = "https://www.facebook.com/dialog/apprequests?app_id=<APP_ID>&message=<YOUR_MESSAGE>&redirect_uri=<URL_SET_IN_APP_DASHBOARD>/?param="+param;
//show modal window with request URL and random param
myWindow=window.open(requestUrl,'','width=400,height=300');
myWindow.focus();
}
All you have to do now, is binding invite() to onclick event on any element ;)
I have setup the facebook javascript sdk to initialize a friend invite dialog to send requests to friends. Clicking on the invite in Facebook, brings the user back to the site.
The query string has any and all request_ids that have not been handled (deleted).
I am following the documenation listed at the FB developers site here which states:
JavaScript SDK:
FB.api(requestId, 'delete', function(response) {
When they are returned to my site, the querystring has a request_ids parameter:
example: www.mysite.com/somepage?request_ids=0493834050
my Javascript code looks like this:
FB.api(requestIds[i], 'delete', function (response) {
console.log(response);
});
But the error I get is:
ERROR
code: 104
message: "An access token is required to request this resource."
type: "OAuthException"
All I want to do is delete the request ID. before I was even running the above code, the querystring was building up with every submitted request. It does appear they have been removed, because the querystring is reduced down to a single request id. But I am still uncertain it has been handled properly.
NOTE I am not using the Graph version - as I have not setup Graph on the app settings in Facebook.
I have the Facebook C# sdk - if someone has an easy way to do this here. I have tried the following with the same results.
var fbClient = new FacebookClient(accessToken)
fbClient.Delete(requestId);
I don’t see what’s possibly unclear about the error message – you need a valid access token to be able to delete requests, but by the looks of it you don’t have one.
So you’ll either have to have the user connect to your app in order to get an active access token for him; or you have to do it using your own app access token (but that’d have to be done server-side then, because you don’t want to transfer your app access token to the client side).
I am sending an app generated request to a user(already authorized the app) by calling the below function
function send_app_request(){
FB.api( "/" + '<USER-ID>' + "/apprequests", "POST", {
message: "Custom Request for you!",
data: "<REDIRECT-APP-URL>",
access_token: "<APP-ACCESS-TOKEN>"
}, function(response) {
console.log(response);
});
}
When a user clicks on the pop-up that appears beneath the app icon(with a red number) at the top right corner of the canvas, he gets redirected to the index page of the canvas with 'request_ids' as one of the parameters. How do I get/decode the 'data' parameter(contains a url) which i passed during the FB.api call(in the function above), so that I can redirect the user to a specific location(url) in my application.
I have seen this functionality in many applications, and I am "unable" to figure out how they are able to redirect the users to a specific location in their app, instead of the index page when the user clicks on the pop up.
The data is specific for that request you send to the user.
When the user clicks the requests and gets to your page (with the "request_ids" parameter) you should then get the data for the requests.
The url to get the requests from:
https://graph.facebook.com/USER_ID/apprequests
You will get a list of the requests and the data for each one (if such was sent).
You then need to delete the request for the user by issuing a request to:
https://graph.facebook.com/REQUEST_ID?method=delete
You can find a php example here: Upgrade to Requests 2.0
I added a like button to the canvas application page that actually configured to the facebook page of the application.
I would like that whenever a user pressed like or dislike on my page, a request will be sent to my server noticing it that the user liked or disliked the application page.
I can catch these events by using the following code:
FB.Event.subscribe('edge.create', function(response) {
alert('You liked the URL: ' + response);
});
FB.Event.subscribe('edge.remove', function(response) {
alert('You disliked the URL: ' + response);
});
I can just check if the response equals to my facebook application page.
the question is.. after I catched the like or dislike, how do i forward it to the server secure enough ? how can I send the request to the server without posting the facebook id as a post/get parameter?
i want to send it to the server in a way that the server will be able to fetch the facebook session information and fetch the userid from there, or any other secure way.
example:
if i'll just call http://mysite/liked_my_app?uid=4534534543
then a user notice this request and start sending liked_my_app with fake uids.
is there a way to prevent that somehow ?
thanks
Instead of using the UID of the user, forward the signed_request. Only you can decode signed requests coming from your application because of the app_secret you have to use to decode it.
Another possible solution (depending on what exactly you want to do when you confirm a like/dislike event) is to check at intervals your page/app like count - in a cron job for example. When a user likes your page/app you can retrieve his UID (possibly other information as well), and you can cross-reference the lists from the last cron job.