I have a basic question about a facebook app I am building. In the first phase, we are building the app so that it doesn't collect any user information, thus keeping the user from having to click the "allow" button to use the app. However, we are considering adding features to the app later on that would require user information. I am just curious if it is a good idea to build it like this, or if we should just collect user information from the start. Would users think it is strange for an app to start collecting data after the app is already live? Any advice is appreciated. Thanks!
No it's not a bad idea. Actually Facebook recommends only asking for a permission when needed:
As a best practice, you should only request extended permissions at
reasonable times when the user engages with features that would
require their use. For example, if you are asking the user for the
publish_stream permission in order to create a custom share UI, the
user will better understand the context behind your request if
presented with the permission while interacting with the app's share
functionality.
Please DO visit the document I linked to.
Related
I have a Facebook app which is currently live, but would like to add additional functionality which involves requesting additional permissions (mainly publish_actions). The new permissions, due to Facebook policy, need to be reviewed by their team before they can be used live.
Is it possible to use one app for this? Is there a way (and is it acceptable by Facebook) to lead the user down a different flow if they are a tester, rather than a user during the review process?
I've also looked into the possibility of a test app, but I'm not sure if it's possible to flag that the app to review is a test version, which would then be approved on the live app. Facebook's FAQ seems to suggest this is not possible.
I'm not marking this as a definite answer, as it's a bit hacky and I have no confirmation that this will work until the review process has been completed. However, you can use the FB API to determine whether the user viewing the app is a specified test account or not by adding conditionals based on the user ID. It will also help if you make the test account an automatic user of the app on user creation.
For example, if you want to include new functionality, check if the user ID is a specific test account ID or not. If it is, display it. If not, display something else.
Hello I've read the docs and am having trouble getting a definitive answer for the following questions:
Can our app detect if another app is used by a given user. What about if we are admin of, or have the id of both apps.
If one of the apps is removed from FB is there a way to tell if a user had it installed before it was removed? A sort of history of past apps, I guess.
Here:
FB Connect: is there a way to see the logged in user's facebook apps?
Best answer is "I think the most you can do..." but I'd like to know for sure.
Thanks for any help.
If you request the permission user_actions:APP_NAMESPACE you can see the open graph actions that the user has performed in that app.
http://developers.facebook.com/docs/authentication/permissions/#open_graph_perms
In my apps I generally store the user ID of all authorized users in a database, and when I get a call via the "Deauthorize Callback URL" I don't delete the user from the database, but instead only flag the user as deauthorized.
This way I can easily get an overview of users that are using (or have used) any of my apps. This allows me to present special features for users who are using several of my apps.
For example, let's say I made a photo app (like Instagram) and a GPS running app (like Endomondo). If the user takes a photo with Instagram while running with Endomondo, I could present the option to GPS-tag the photo, or add the photo to Endomondo.
This is something that I think we developers should use more. Perhaps present an open API to other apps, to let the apps work together.
After a Facebook user authorizes the app, the user has to be verified manually by a live person which needs to see details of his profile, including his pictures etc.
What would be the correct way to implement this?
Should the app download all necessary data from the user's profile after the user authorizes the app? Seems a lot of wasted effort if there is an easier way.
I have already posted this question to http://webapps.stackexchange.com here.
You can't see a whole lot of details on ones profile without that user having authorized your app. You can however see the ProfilPicture, so if that is most important it would be possible.
And since (I presume) a user starts on your own page/site you could add a check in there so that someone can click an 'accept-button' on your side...
But what I really wonder is, why not just make sure the people you don't want to be authorized with you app don't know where to reach the app??
Think that's way easier to sort out a bunch of people...
I'm a complete newbie about Facebook applications, and need some advice on whether the following application is feasible:
The application would essentially enable users to choose a photo from their album, which would be displayed in the application's "directory" alongside their name and age. If possible, their photo would link to their Facebook profile. Application users can browse the listed users. It would be aimed at performers; hence the directory.
Would this be possible; if so, what would be the best way to approach it?
Furthermore, does the app violate any Facebook terms of service regarding data if the user has given permissions? And how does storing user emails work if they have given email access?
I know there are several questions, so any help would be appreciated! I will not be making the application myself, but would like to know how it could be done so I have a clear understanding when talking to programmers.
Yes, it is definitely possible to implement your application. Your questions are very vague - If you could be more specific, I'd try to answer them for you. When the user initially logs into your application, it will have to pass to Facebook the list of permissions your application requires. Once the user okays it, your application will have access to all the data it has requested.
I know about test accounts, but during beta I'd like to allow access only to my friends, and then later friends-of-friends, and then only eventually Kevin Bacon and his friends.
That would probably suck, wouldn't it? The app would be listed (is there a way to prevent listing?) and someone I don't know might try it and get a "sorry, this is in development message." I imagine they'd be irritated and not come back.
From what I've read, only a few apps take off, but when they take off, they REALLY take off. Do developers just release these things fully baked?
Anyone start out with OpenSocial or other smaller-than-Facebook networks?
Any ideas for a soft, gradual, restricted roll-out?
Once you've set up your application, there is a setting in the Developer application control panel for your app: Your app -> Advanced -> Sandbox Mode.
Sandbox mode lets you restrict access to only those people listed as developers (under the Basic section).
In terms of expanding the app, Facebook doesn't provide much more flexibility that the Sandbox mode. Unfortunately, adding everyone as Developers of the app doesn't work very well for a beta, as people can access the application control panel once they are a developer. I ended up putting a whitelist of Facebook Ids into the front controller of my application for a previous beta, and it worked fairly well.
The apps are only listed in the App Directory if you submit them and they are accepted. There's no issue about preventing listing, it's something you have to apply for.
As for restricting users, you can accomplish it with a script in the application that checks whether the currently logged-in user is within your restricted user set. For example, if you only want friends of yourself, check whether the current user is friends with your user id. If not, simply display an error/message page or redirect them to the Facebook home page (or wherever). Add this check to the rest of the start-up logic run each page (such as connecting to your DB and authenticating with Facebook).
What I have done in some cases is keep a database table with the user id's of users who are allowed access, essentially a "whitelist". If the user isn't in the table, redirect them.