I'm building a product that involves clients adding their FB app data into my product's dashboard.
In this case each client would have to go to developers.facebook.com/apps and create an app first.
I would want to have a button which says "Create App" in my website that when clicked, would create the app instantly for the client.
So is it possible to create a FB App from my website (with script, not manually) ??
Thanks in advance,
Altin.
It was possible couple of years ago, and now it's been removed.
First of all, I’d think about the question, “does every client really need their own app?”
Maybe it’d also be possible to have all of the stuff you’re planning to do (no details on that) under one app, and have it decide on what data to show based on the fact which client’s Facebook page it gets added to (if it’ll run as page tab app), or by some additional parameter passed to it when calling it. You could f.e. example automatically redirect to a sub-folder on your webspace based on this criteria, that displays individual pages for that client.
If that’s not an option, then yes, your clients will have to set up the basic app themselves (and therefor they’ll need a verified account) – and afterwards tell app id and secret to you. Many of the “advanced” app settings can then be set by you via script – look at what properties are marked as “(Editable via API)” here: https://developers.facebook.com/docs/reference/api/application/
(Although some of the basic settings, like category, description, logo etc. will still have to be set by your client themselves. But other, more “technical” stuff, that the client maybe doesn’t know about and doesn’t even want to be bothered with, like canvas/page tab URLs etc. can be set by you. I’d say that’s as good a compromise as you can get for such a scenario.)
Related
I have a hybrid WordPress plugin that fetches all data using curl from the main server. Let's call it A.
B is the client that requests for data and also can send data to A.
Now every request is encrypted and authenticated using a API access keys.
But the problem here is if I copy the plugin from B to a new client site C, the moment I use the same access keys etc. the plugin starts working.
I want to be able to restrict the access of one API access key to one domain name. How can I attain that?
I'd say to include the allowed host's IP address (B) in your access key administration.
So: when B does a call, you can validate the key and the IP it's calling from.
On A, you can use something like $_SERVER['REMOTE_ADDR'] to test the IP calling the script.
Two downsides: when sites move servers, the plugin will stop working. And of course, people can still spoof their IP, so there is a way to get around this, but at least you make it a lot more complicated and probably not worth the hassle for most cases.
A suggestion by TJHX
Make it part of the license you give your customers. The honest ones will follow it, the dishonest ones will find a way to break your DRM. This is a problem technology can't really solve confidently, especially when with things like wordpress people can just see your code - By TJHX
I have also looked into a lot of options but the mere fact is that the user always has access to the code in the wordpress plugin and can easily make amendments to the CURL request Headers even if you encrypt it.
All we can do it add it in our Licenses.
In my plugin, there are iframes that will be loading the data on the frontend so I am going to accept the domain name when the user buys the plugin and will check the referrers to my iframe to sort this issue out.
Thanks a lot guys for your help.
I'm trying to learn the development of Web Applications in JavaScript, and for this I am developing a simple Time Tracking application. I am developing this with ExtJS for dynamically creating the UI.
This would allow Employees to submit the time they have spent working on different projects, and allow the Managers, to add Projects to Users and so on.
Once the user signs in, I determine their role, and provide the appropriate UI (through JavaScript).
I was wondering what is the best and most secure way of doing this? (I am of course checking the authorization on the server side, so that no one can make changes by just calling my PHP Services via http get/post)
I asking from a perspective of disallowing a non authorized person, to even see the non-authorized UI, by fiddling with the JavaScript (from the FireBug console for example).
I was thinking of creating a Service which returns the appropriate script for creating the appropriate UI, through JSONP. It feels quite WTF-ey to me, so I was wondering if there was better way.
To build on naugtur's comment. You must always assume that there will be a very smart person that can build the UI for himself/herself, or fake any of the calls to the server that any part of the UI could do.
Based on that, the premise of the way you suggested towards the end of your question seems debunk to begin with. The easiest route once we settle that (I'm assuming your making a single-page application) would be to always dump all the javascript code right up front at the login screen and only allow the user to see what they need to based on their role (i.e. a card panel that has different cards for each role would be an example).
I would also like to add that on the backend of the application, you should always have security checks in place to make sure the user has the correct role for whatever action he is doing. If your application is internet facing, this is a necessity, there will always be that user who will look through your code and see what he can do maliciously or just for fun... or that guy on who wants to see what happens when he uses the debugger to create his own fake ajax calls with varying parameters.
Please read the question carefully before you answer as it is a bit confusing.
I recently saw that Pagemodo gives the option to have multiple tabs on a single page as many times as you want which they call as "UNLIMITED TABS" in their plan options. So this means that if we want multiple welcome tabs on a page that can be done. Technically you can create only one page tab with one application. To have multiple tabs you will need multiple apps.
Now the question is how is it possible?
Even if i have multiple apps, while showing the page tab i can fetch the data about the tab from a db using "page id" as this is the only thing i have in the signed request. How do they get to know which page it is (ok we can get it from signed request) and which app it is out of those multiple apps that were created so that they render data accordingly?
Be careful your not falling for marketing speak.
Pagemodo likely manages a defined number of apps (which may be a very large number) and is allowing you to install them onto any page you manage giving you in essence unlimited uses.
The backend is all managed via end points for each of the apps and the signed request.
I found how it may be possible.
This is a nice place to get an idea of the problem i came up with:
http://forum.developers.facebook.net/viewtopic.php?id=90792
After thinking about it i came up with the following solution that though you do not have a way to get the application id till you are not authenticated using signed request or any other data provided by facebook. But you can still get it via the page tab url.
So if i have an app with tab url as: http://www.example.com/tab.php, we can pass the app id via http://www.example.com/tab.php?id=APPID
Solves the purpose pretty well.
I'm developing this Facebook Application and I was wondering if it's possible (and how) to programmatically, through the Facebook PHP Graph API, press some 'Like' button on some page?
Of course, this is optional on my application... I'm still not ready to really explain what application I'm doing, but it would be interesting to code such a feature.
Is it possible somehow?
By your description it sounds like you're trying to get a user to like something without the users knowingly clicking a like-button. This sort of interaction is not condoned by Facebook, I think. There are various black-hatty ways to accomplish this though, one fairly elaborate one is descriped here: http://www.liquidrhymes.com/2010/08/25/smoking-hot-bartender-is-some-smoking-hot-facebook-spam/
UPDATE Sorry, I might be wrong. If you get stream_publish extended permissions from the user, you might be able to like posts on their behalf by doing a POST to /POST_ID/likes. See Publishing to Facebook in http://developers.facebook.com/docs/api
You cannot do this. Facebok wont let you do a POST to /POST_ID/likes, you can only do a get request to retrieve their likes. What you are trying to do is a violation of facebook's TOS. I would suggest just adding a like button and "forcing" them to like before they continue with your application. However, in my opinion even that is kind of silly because they can instantly go unlike it after they have used your application.
i was looking for the same thing, but not to force a user into liking something, but actually for their own protection.
here is where i come from: on a web site (maybe on multiple pages) there is an "I Like" button, implemented as described by facebook.
each time a user goes to that page, the browser will make a request to facebook, throught the iframe that contains the button, providing all the info that we are used to from a web server log file.
if the user has in the past logged in facebook and not cleared the cache. the request will also contain the cookie indentifying the facebook user.
so even more then analytics, facebook know all about the user activity on those pages.
so i wanted the user to only give this info when they decide to.
my solution was to have a button (as graphic only) on the page. when the user clicks it a new frame should open and only there the facebook code should be executed.
obviously on the new frame i could not put the normal "i like" code, since that would require a 2nd click for the user. at this point i would need the "programmatically clicking of the i like button".
it is not an opengraph solution, but it works: the frame just does a redirect to
http://www.facebook.com/share.php?u=URL
I developed a simple application on Facebook using PHP and I want to know how the people can add this application, and after adding the application a update is generated (e.g vipin join this application).
Thanks
Users don't add applications anymore. The closest they can get is bookmarking, which your application receives no notice of. The closest thing you can get to checking as a developer is checking is Users.isAppUser.
You also don't receive notice when a user grants/rejects permissions (which is generally a prerequisite to viewing your application).
Basically, you have to post notices and create feed entires in direct response to user action (unless they've granted you a perpetual session).
The old model of actually adding applications was all kinds of broken from a user experience point-of-view, so Facebook basically pulled the plug on it.
Yup, no more "Dude just added this app" messages in the newsfeed. However, Facebook will occasionally show "Dude uses the 'Thing' application" messages under the "highlights" section of a user's homepage. There's nothing you can do to encourage or discourage it -- it just happens.