Facebook Developers

We finished rolling out Facebook Chat today. Along with this, we're excited to announce an important related feature -- real-time notifications. Just as users can communicate in real time with Facebook Chat, users who are on Facebook will now receive notifications as soon as they are sent. Whether it's to announce the giving of a gift, the challenging to a game, or the joining of a cause, your applications' notifications will make a more instant impact. We encourage you to think about new ways to integrate with Facebook when you send notifications.

In order to call users' attention to the notifications, we've added a notification pop-up window to the Chat bar in the lower right corner of the browser window. From there they can interact with the notifications and choose to see all of them.

We realize this change requires a learning period for our users. During this time some of them might not respond to notifications as they did before. To offset this, we're working on ways to introduce users to the new notifications interface.

This is only just the beginning. Because we've added a new interface, this also means there are more integration points that your applications can hook into. We welcome your thoughts on what new integration points you'd like to see (for instance, since notifications appear right next to Facebook Chat, maybe you'd want a link in a notification to initiate a chat session). Please send your thoughts as well as any other comments, questions, or feedback, to developer-feedback@facebook.com. Put [real-time notifications] in the subject line.

As you have probably noticed by now, we are not launching the updated Facebook profile in early April, as we mentioned earlier. But we thought we'd take this time to give you an update as to where things stand, and what's been going on these past few weeks.

Recently we've reached out to the developer community by holding two roundtable events and conducting a survey of the Facebook Developer website. We've also been taking into consideration the feedback we've received at the developer-feedback@facebook.com address.

Since then, we've been reviewing your comments and incorporating your feedback constructively wherever appropriate.

Some other things we want to communicate. The new profile design will be released later this spring. We're still iterating on the design, making sure we get it right. We'll still continue to roll out improvements to Platform as well. And rest assured, we will give you a period of time so you can update your applications before the profile is released to our users.

Keep watching this space for updates, and please, keep sending us your feedback and questions to developer-feedback@facebook.com. Put [new profile] in the subject line.

As tax time approaches here in the US, it got us thinking how bad it would be if the government mandated that everyone do their own taxes. Many people with small businesses or other complicated tax structures would be distracted from their core work in order to spend a lot of time bookkeeping. This made us realize – as Facebook applications focus on core functions like user experience, monetization, and growth, they might need to offload some of their work to other applications. With this in mind, we created the permissions API. This API will help applications focus on their core functionality by taking on some work that, while important, is not central to the application’s mission.

With the permissions API, an application can authorize another application to call certain API methods on its behalf. The application naturally can revoke this access whenever necessary. At this time, the permissions API allows applications to grant others access to three methods under the admin namespace – admin.getAppProperties, admin.getAllocation, admin.getDailyMetrics More methods and namespaces will be added to the list going forward as needed.

You can specify which of these API methods and/or namespaces are accessible within the application. For example, application A can choose to have application B gather certain stats for it by giving it permission to call admin.getDailyMetrics on its behalf, or it can just grant B permission to call all admin namespace methods by granting permission for “admin.†(This implies permission to call the 3 allowed methods). Note that:

Be aware that the permissions API provides a unique ability to ease some work for applications and is very powerful. So permissions should be granted to other applications with utmost care.

You can read more about the API on the Developer wiki here. We also welcome your feedback. You can comment on the API in this forum thread.

The API is currently in Beta. Try it out and let us know what you think.

The Reviews application is provided on your application’s About page by Facebook, as a venue for user comments and ratings. If you’re listed as a developer on a particular application, you’re technologically blocked from posting a review there. Also, as noted on the Developer wiki, “[a]pplication developers cannot trade positive reviews or collude with others to post, incentivize, or otherwise ‘game’ the posting of negative or positive reviews. Applications should stand on their own merits based on user feedback, not insider quid pro quos.â€

To help you build high-quality applications, Facebook allows developers to create officially registered test accounts. Any reviews posted by these accounts are invisible outside the test network and friends, and do not influence the posted Reviews score. While any regular user account can review any application for which that account is not a listed developer, please remember Facebook’s longstanding policy that every non-test account must be held by a real person using his or her actual name and holding no other non-test Facebook account.

When we discover fake accounts, we delete them to preserve the integrity of the Facebook community, and sometimes take further action. Of course, use of fake accounts by developers (or those acting as their proxy) to manipulate the review system is prohibited, and subject to policy enforcement measures such as a moratorium.

We appreciate your reports of review abuse (lodged through the “Report†link below every review). They help Facebook guard against inappropriate posts.

On Friday, we rolled out a feature that allows users to ignore all application requests from specific friends. We've heard from developers and users that they feel certain friends seem to be a large source of unwanted application requests. So with this change we wanted to give users the opportunity to filter out these friends' requests. When these requests are automatically ignored, it will not count as an ignore for the application. We expect this change will increase the overall acceptance rate for requests as well as users' overall expectations of and affinity for requests.

Like most large Web sites, Facebook gets a lot of attention from spammers and other unscrupulous people. Over the last three years, we have developed many tools to stop this type of activity and protect users' private data. One of the most powerful tools in our arsenal is the CAPTCHA, a simple image that displays obfuscated text that computers cannot read but humans can.

Now that Facebook Platform applications have become incredibly popular, we’re rolling out tools that make it as easy and efficient as possible for third party developers to secure their applications. As part of this effort, we are introducing a new FBML tag to easily drop a CAPTCHA onto a canvas page. You can add the fb:captcha tag to any canvas page form, and we will render a CAPTCHA for you. When that form gets submitted we will grade the CAPTCHA and add an fb_sig_captcha_grade parameter to the callback request if the CAPTCHA was filled out correctly. By using fb:captcha, you can secure your application from automated scripting attacks.

Also, we want to remind you to always verify that the fb_sig parameter is correct, as this ensures the request has originated from Facebook and has not been altered. The client library makes this easy to do with $facebook->validate_fb_params(). If you're not using PHP, read this article for more information on how to verify that the fb_sig parameter is correct.

We're always looking at ways to improve communications with our developer community. We're in the midst of redesigning the Facebook Developers Site and want to know what you think of the site, Facebook Platform overall, and the Platform technical documentation.

We're conducting a quick survey and hope you can take a few minutes to participate. We're looking forward to hearing what you have to say.