Facebook Cookbook - Jay Goldman [160]
$permissions = array('admin.');
$result = $facebook->api_client->permissions_grantApiAccess
('456eaf416a25820f18568b7cb0848c3c', $permissions);
That would grant permission for my Super Disco Napping app to have access to your stuff, which I highly recommend you do so that I can sneak peaks at what’s going on. If you decided you wanted to limit me to getting just allocations and metrics, you could modify the call to narrow the permissions:
$permissions = array('admin.getAllocation','admin.getMetrics');
$result = $facebook->api_client->permissions_grantApiAccess
('456eaf416a25820f18568b7cb0848c3c', $permissions);
Discussion
Permissions.grantApiAccess() returns true (1) if successful or false (0) if it fails. You only need to call this once for each grant you want to do, but it will continue to succeed if you call it multiple times, and it won’t fail with any kind of “Permission already granted” error.
You can check to see which permissions have been granted to your application by another application by using the Permissions.checkAvailableApiAccess() method and passing in the API key of the other app:
$result = $facebook->api_client->permissions_checkAvailableApiAccess
('456eaf416a25820f8568b7cb0848c3c');
In this case, result would contain an array of permissions that the Super Disco Napping application granted to your app, if any. You can also do the reverse and check to see which permissions your app has granted to another app by calling:
$result = $facebook->api_client->permissions_checkGrantedApiAccess
('456eaf416a25820f1868b7cb0848c3c');
which would, in this case, return an array of permissions you had granted to the Super Disco Napping app.
Revoking API access works just like granting it, but with a different method call:
$permissions = array('admin.getAllocation','admin.getMetrics');
$result = $facebook->api_client->permissions_revokeApiAccess
('456eaf416a25820f18568b7cb0848c3c', $permissions);
Post-Remove (Uninstall) URL
Problem
I’d like to be able to collect some statistics when users remove my application, but I don’t get any kind of notice from Facebook.
Solution
You can specify a Post-Remove URL in your app’s settings, which Facebook will ping with a POST request when a user removes your app.
Discussion
The important thing to note is that users won’t be sent to the URL when they remove it, but rather that you’ll get a POST request from Facebook with some useful information, listed in Table 9-8.
Table 9-8. Post-remove URL parameters
Name
Type
Description
fb_sig_uninstall
bool
This will always be true (1).
fb_sig_time
string
The uninstall timestamp in epoch seconds (see Formatting Relative Time for more info on epoch time).
fb_sig_user
int
uid (user ID) of the user who removed the app.
fb_sig_api_key
string
API key of the app being uninstalled.
fb_sig
string
Signature of the POST, made up of the other parameters and the app’s secret key hashed into an MD5 hash.
You should verify that the POST requests you receive are valid by building your own version of fb_sig and then checking that they match:
$sig = '';
ksort($_POST);
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'fb_sig_') {
$sig .= substr($key, 7) . '=' . $value;
}
}
$sig .= $secret;
$verify = md5($sig);
if ($verify == $_POST['fb_sig'] && $_POST['fb_uninstall'] == true) {
// The signatures match and this is an uninstall request,
// so go ahead and do it
} else {
// This is a forged request or not an uninstall, so track it
// for later inquiry
}
Note that this assumes you already have a secret variable on this page that contains your app’s secret key.
Adding Missing PHP Client Library Methods
Problem
Some of the methods documented in this chapter throw a “Call to undefined method” error when I try to use them!
Solution
The bad news: five methods listed in the Developers Wiki are missing