Get locale using graph api NOT getSignedRequest - facebook-graph-api

I know it is possible to get the locale of the user with getSignedRequest, and it is possible to get the locale of the user with https://graph.facebook.com/me?fields=locale once they have authorised the app. But what is the equivalent graph api url that I can use before they have authorised the app? All my code is with the graph api so I really dont want to have to switch now to using the whole facebook->getSignedRequest() stuff. I can't find it anywhere but seems silly this functionality has not been provided in graph api?

You have to pick between using the signed_request (which is sent in a POST request to all apps on Facebook) or authorizing the user.
If you don't do one of these, then you won't know what the Users ID is, so you will never be able to identify their locale.
The signed_request just requires you to be able to capture request data and then perform the parsing logic outlined in the doc linked to above - it doesn't require the use of any SDK or API, just the ability to read requests (most languages will be able to do this).

Related

Is there a way to make a Google Place Photos API request without exposing the API Key?

I'm making a web-app where I need to make a request to the Google Places API, this is all good but I also need to make a request to the Places Photo API to display the images of the stuff I find using the places API. To do this, you need to make a request like this:
https://maps.googleapis.com/maps/api/place/photo?parameters
Where one of mandatory parameters is your API Key. I'm using Django and I'm passing a dictionary that has all the info I need to display. However, in the frontend you can see the API Key in the URL of the image. Is there any way I can avoid that?
Thank you so much!
You cannot avoid using an API key. All calls to the Maps APIs need to pass an API key to be able to work.
However, you can secure your API keys with restrictions.
You may follow these instructions to restrict your API key for Place Photos use.
Hope this answers your concern.
The Places API is a server API and can not be restricted by referrer. If you try then you get a 403 response to every request. You can't use it client side with an IP restriction, so the only restriction available is to limit it to the places API. This is not ideal since some of the places API calls are chargeable.

How do I obtain the requires access token?

Until a few days ago the Python script I was using to generate an RSS feed for my own Facebook News Feed was working fine. The script I was using first signed on to Facebook using my log in information and then called up this page and parsed it for an access token:
http://developers.facebook.com/docs/reference/api
I'm not sure that is exactly the way Facebook wants people to get an access token, but reading through all the information on Graph API I can't seem to find anything that says, "Here's how you get that token you need to access your own stuff." It all seems to be directed at people trying to do far fancier stuff.
How do I obtain an access token such that the page referenced here will return the JSON format data I need?
res = browser.open('https://graph.facebook.com/me/home?access_token=%s' % acct)
Start by reading about Access Tokens as there are different types.
Then, to read the user news feed (home connection), you need a user access_token
To retrieve one using the server-side method, you need to follow this document
To understand the flow of the server-side method you can refer to this diagram (source: Login Architecture document ):

Django and Post to Facebook (no authentication)

OK, I need some help understanding the process behind Facebook's website integration process and how I can integrate it into my web app....
In its most basic form, my site stores and displays users' comments about products (there's more to it than that, but that's all that's relevant for this question). What I'd like to do is allow them to post that comment, together with the name of the product (and my site), to their Facebook wall by clicking a button.
I do not need the users to log in to my site at all, either with Facebook or any other authentication system and the Post to Facebook part is optional.
Obviously if they decide they do want to post their comment to Facebook, then they'll need to login, but I'd rather temporarily take them away from the page to login, post and then be brought back to my site.
What I need to know is how much of Facebook's APIs, Open Graph and Auth systems do I actually need to integrate?
I had hoped that I might be able to generate a simple link to Facebook with their comment embedded as a POST element...?
I'd be really grateful if someone could point me in the right direction!!
(P.S. I need a similar solution for Twitter, but I think that's easier!?!)
The Feed Dialog doesn’t allow including of a pre-set message any more, so you’d have to make that post via the Graph API if you want to pre-fill the message (and even then, you should only do so, if you’ve given the user the possibility to edit the pre-filled message first).
See here for how to make a post on a user’s behalf via Graph API, https://developers.facebook.com/docs/reference/api/user/#posts
You can do that all client-side, if you embed the JavaScript SDK into your page.
You need to set up an app on FB, then have the user connect to it (using FB.login), ask for the necessary permission (publish_stream) while doing so, and after successful login use FB.api to make the Graph API call.

Banning users from Facebook application

Is it possible to ban users from using a Facebook application?
I'm not talking about the canvas or the discussions board (which is what I've found by looking around), but the application itself, that is, causing errors or preventing actions whenever the user tries to use the Graph API (in my specific case, an Android app that uses the Graph API to provide some features).
The scenario I'm envisaging is something like this:
user authenticates app to use its features and gets the access_token;
user uses the Graph API according to the app permissions;
user someday does something he shouldn't;
user is banned and, even if the access_token is still valid, Graph API requests fail, and will always fail even when deauthorizing and authorizing the app again.
Is this possible using the Graph API or the developers app console on Facebook, right now, or is there really no way to prevent users from misusing your application? I guess I may do something "out of band" to enforce this somehow, but being able to do it at the Facebook level as well would be much more effective and harder to circumvent.
See https://developers.facebook.com/docs/reference/api/application/
Use the 'banned' connection of the Application object to ban specific users from your App - you'll need the App access token to do this
Just create a blacklist of specific Facebook User IDs, and check the user's ID against the blacklist when they log into your app.
If the blacklist matches, show a message telling them that they are banned and don't allow access to any functionality.

Retrieve comments Facebook users make as the Like a web page

I've been pouring over Facebook's Graph API but I can't seem to find any documentation with regards to retrieve comments users leave as they Like an Open Graph object (in my case, a web page with a Like button).
At a minimum, I would assume that there would be some way to retrieve comments from users whose privacy settings allow anybody to see their updates (I guess this might require me to know the UID of everybody who Likes my web page). Alternatively, there might be some method where user comments may be associated with the Open Graph object's stream instead.
Anybody?
To see a user's wall feed via the API (even public ones) you will to have them authenticate your app. Yeah, pretty crappy not to be able to query their public messages, but it is a current limitation of Facebook's API.