views:

82

answers:

2

Hi

I've created a facebook fbml/api page that returns some content and it works.

I need to ensure:

  1. That no-one can add the app to their own page. This is because the app only works for me - content behind the scenes is purely for me and not anyone else. The content is served from my own server of course.

  2. The content however is visible as normal to friends (eg. photos/videos). ie. people can see this as a tab on my profile.

  3. The URL should be protected such that no-one can simply add/include apps.facebook.com/appname/blah to their own page

Any ideas on how to set this up. I don't need actual coding details, just high level notes - from someone who has worked with Facebook/api. I know how to do all the above if it wasn't facebook.

Thanks,

+1  A: 

Take a look at Authorizing Applications. Facebook has callbacks for when users add your application. Also when users access your application you have access to their profile information. You could add a check, and if the user isn't you, redirect them to a page stating they don't have permission to user your application (or something similar).

Jeremy Raymond
+1  A: 

If you set your application into "Sandbox Mode" (Under Developer->Your App->Advanced->Sandbox Mode), all of your criteria should be met, as only whitelisted developers of the application will be able to add it. Anyone else accessing the app URL will simply get a "not found".

I can't be 100% sure about the content tab, but I believe it will work properly. The rest will definitely be protected.

zombat