As the title says, what is the difference when doing a request with the php sdk, between api('/me') and api('/current_user_fbid')?
Adding to avs099's answer.
You cannot use me without an access token. But you can use an id without access token.
e.g.
http://graph.facebook.com/1137725463 works, but
http://graph.facebook.com/me will fail
as #Dhiraj Bodicherla said, "me" and "current_user_id" are the same - but there are exceptions when you cannot use "me" - for example, when you do requests using application or page tokens. So if you are writing a backend code which is dealing with multiple users/tokens etc - keep this in mind - you can't use "me" with app token.
Using me or current_user_id in graph api will yield the same result.
You should check Developer Tool Explorer
DEMO
Hope this helps
Related
I am trying to use APIs from this https://support.smartbear.com/zephyr-scale-server/api-docs/v1/ documentation, where I am Unable to get the response. I am fulfilling all the specified requirements as mentioned in above documentation.
http://{My_Jira_URL}/jira/rest/atm/1.0/testcase/{Test_Case_ID}/attachments
The Auth type which I am using is Basic.
Here is a response which I am getting in postman
Can anyone let me know what I am doing wrong | what could be the cause behind this issue.
Or Else any alternate way or API resources to get Attachments for Jira-Zephyer Test cases?
You will need to use Zephyr scale API token as authorization to get a response for the APIs.
https://support.smartbear.com/zephyr-scale-cloud/api-docs/#section/Authentication
I want to use the variable named event.requestContext.authorizer.jwt.claims.cognito:username which is the result of JWT authorizer at the URI of http proxy integration of HttpApi(I mean not RestApi) of AWS , because I want to access the information of authorized user. The exposed api is like this.
https://xxxxxx.com/platform/pro/user/john
pro means production .
john is event.requestContext.authorizer.jwt.claims.cognito:username .
The management console said my input like this is error.
https://xxxxxx.com/platform/${stageVariables.stage}/user/${event.requestContext.authorizer.jwt.claims.cognito:username}
I think : is NG.
Please help me.
I just found this question by accident. I guess you solved this in the meantime, but in case it's still relevant, you need to put cognito:username in quotes and brackets, so instead of ${event.requestContext.authorizer.jwt.claims.cognito:username} use ${event.requestContext.authorizer.jwt.claims['cognito:username']}.
If I enable the option giving in Advanced Settings is gives me BAD Request or error code 400
If I enable this option, what is the required value of AppSecret_Proof parameter?
If you visit github and have a look at their PHP SDK's code, you'll find how they generate appsecret_proof's value.
This part was recently added so you have to refer to the latest version of PHP SDK. To activate/inactivate, as you already know, you have to visit App Dashboard > Setting > Advanced.
EDIT: 2013-08-09
Now they have official document.
From the documentation article Securing Graph API Requests:
The app secret proof is a sha256 hash of your access token, using the app secret as the key. Here's what the call looks like in PHP:
$appsecret_proof = hash_hmac('sha256', $access_token, $app_secret);
Using the facebook graph you can get photo information as follows:
https://graph.facebook.com/20531316728
However the link they provide to actually grab the photos are not secure and use http:
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174597_20531316728_2866555_s.jpg
Replacing http with https doesn't do the trick because you get a security warning:
https://profile.ak.fbcdn.net/hprofile-ak-snc4/174597_20531316728_2866555_s.jpg
Facebook is insisting that all apps use secure browsing and use https. However my app uses facebook photos, which cannot be accessed because they begin with http.
Does anyone know how to get around this problem?
I found the answer to my own question. You can add a parameter to get a the ssl parameter:
https://graph.facebook.com/20531316728&return_ssl_resources=1
I've never come across a way to ask the API for valid https versions of the images other than for profile pictures. That is done by https://graph.facebook.com/{userId/Name}/picture
Here's Zuck: https://graph.facebook.com/4/picture and https://graph.facebook.com/zuck/picture
If you're using the PHP SDK, this was a F***ing life-saver (where $album['cover_photo'] is the id of a photo):
$this->facebook->api($album['cover_photo'],'GET',array('return_ssl_resources'=>1));
Whenever i would simply add &return_ssl_resources=1 to the end of the query itself my server would throw a 500 error. I found another thread that showed that you can pass this argument in an array.
I want to send some data using GET over http. I want to decrypt or scramble it for security reasons so instead of sending: http://www.website.com/service?a=1&b=2&b=3
i want it to look like http://www.website.com/service?data=sdoicvyencvkljnsdpio
and inside the service to be able to decrypt the message and get the real data.
What is the best approach for this?
Thanks!
You can use SSL and certificates. You can see it works here: http://mattfleming.com/node/289. You can find various tutorials on how to do that based on for your specific web-server.
What laguage are you in? If php you could look up on the mcrypt functions.
But seriosly. Probably a better way for that would be to use HTTPS, which was designed for that.
I don't know about your application but it could have relevance.
Another common tequnique is the secure token teqnique where you basically generate a hash of your params and a secret token. The token is the only thing not included in the url. At the other end you re-create that hash with the same secret token and see if itmatches. This way youc an compile security methods like IP validation, time to live timestamps or signing a request by a user.
A more advanced method is the HTTP Digest authentication
SSL and POSTing the data would be a sensible way to approach this, but if you must do it with GET you can still keep it fairly secure
The MCrypt libraries for PHP are very good, then on the receiving page you would need a checksum to be absolutely sure that the string passed hasn't been tampered with.