6. Restful Api https://api.facebook.com/method/[name] users.hasAppPermission users.isAppUser users.getLoggedInUser Benefit Easy SOA Resource Only Http Stateless Light Weight Simple Readable Json and XML deprecated https://api.facebook.com/method/users.getInfo?uids=555020699&fields=name&access_token=…
9. Object user page message status message photo video http://graph.facebook.com/anytao http://graph.facebook.com/platform https://graph.facebook.com/{ID}
11. Data object as URL! Consistent All objects in Facebook can be accessed in the same way: Users: https://graph.facebook.com/btaylor (Bret Taylor) Pages: https://graph.facebook.com/cocacola (Coca-Cola page) Events: https://graph.facebook.com/251906384206 (Facebook Developer Garage Austin) Groups: https://graph.facebook.com/195466193802264 (Facebook Developers group) Applications: https://graph.facebook.com/2439131959 (the Graffiti app) Status messages: https://graph.facebook.com/367501354973 (A status message from Bret) Photos: https://graph.facebook.com/98423808305 (A photo from the Coca-Cola page) Photo albums: https://graph.facebook.com/99394368305 (Coca-Cola's wall photos) Profile pictures: http://graph.facebook.com/anytao/picture (your profile picture) Videos: https://graph.facebook.com/614004947048 (A Facebook tech talk on Tornado) Notes: https://graph.facebook.com/122788341354 (Note announcing Facebook for iPhone 3.0) Checkins: https://graph.facebook.com/414866888308 (Check-in at a pizzeria)
19. Json return { "data": [ { "id": "555020699_160639637289676", "message": "I agree with Reg, this makes me really proud to live in Toronto...", "picture": "http://external.ak.fbcdn.net/safe_image.php?d=ace00444e7daf6cb40d8605fae85c257&w=130&h=130&url=http%3A%2F%2Fi.ytimg.com%2Fvi%2F-KGLgDQAo5U%2F0.jpg", "link": "http://www.youtube.com/watch?v=-KGLgDQAo5U&feature=youtube_gdata_player", "source": "http://www.youtube.com/v/-KGLgDQAo5U&autoplay=1", "name": "Hoedown Throwdown", "caption": "www.youtube.com", "description": "I got off the subway at Bloor and Yonge last night, and this is what I saw; some buskers with a fiddle and a banjo were playing, and these four other guys just started to pop it and lock it, apparently just for the hell of it. It cheered me right up.", "icon": "http://static.ak.fbcdn.net/rsrc.php/zj/r/v2OnaTyTQZE.gif", "actions": [ { "name": "Comment", "link": "http://www.facebook.com/555020699/posts/160639637289676" }, { "name": "Like", "link": "http://www.facebook.com/555020699/posts/160639637289676" } ],
20. Demo Every object in the social graph has a unique ID. You can access the properties of an object by requesting. https://graph.facebook.com/{ID} http://graph.facebook.com/anytao http://graph.facebook.com/anytao https://graph.facebook.com/anytao/friends?access_token=2227470867|2.0x1QCxus6HCsWaaMArPglg__.3600.1297929600-738694610|aZXed9W0Ank-2mhI73UnwIX3gYI https://graph.facebook.com/anytao/friends?access_token=2227470867|2.0x1QCxus6HCsWaaMArPglg__.3600.1297929600-738694610|aZXed9W0Ank-2mhI73UnwIX3gYI
22. Key advantages Common syntax for all methods Condense Facebook queries Reduce response size
23. FQL is an SQL-like syntax SELECT name FROM user WHERE uid = 4 Has AND, OR and NOT keywords Use basic boolean operators SELECT uid2 FROM friend WHERE uid = 4 AND uid2 > (4 + 1000) Enhance queries with basic functions now() strlen()
24. FQL is an SQL-like syntax substr() strpos() Example, SELECT location FROM event WHRERE eid=1234567 AND strpos(name, “facebook”) AND start_time > 10000000
25. FQL: Advanced Query SELECT eid FROM event WHERE eid IN ( SELECT eid FROM event_member WHERE uid = 4 ) AND location = “beijing”
26. FQL, not SQL No JOIN No ORDER BY No GROUP BY No LIMIT Only one table in FROM Not allowed: SELECT * FROM user, photo WHERE uid = 4
27. FQL, not SQL display most recently updated events in Bejing SQL: SELECT * FROM event WHERE location = “bejing” AND user = 4 ORDER BY update_time ASC FQL: SELCT update_time, eid, name, location FROM event WHERE eid IN (SLECT eid FROM event_member WHERE uid = 4) AND location = “beijing”
32. Actors on Facebook oAuth Jacky - User Explorer - Consumer Facebook - Service Provider 1 2 3 Example
33. Retrieve a request token 1 2 3 Request user authorization Exchange request token for an access token Example
34. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) OAuth Dialog (User Authentication) https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID&redirect_uri=YOUR_URL
35. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) OAuth Dialog (User Authentication) https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream
36. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) OAuth Dialog (User Authentication) Cookie not found, show OAuthDialog(facebook layout)
37. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) OAuth Dialog (User Authentication) Goes to App Authorization directly…
38. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) Http 302 (redirect_urlparam) OAuth Dialog (User Authentication) Don’t allow! http://YOUR_URL?error_reason=user_denied& error=access_denied&error_description=The+user+denied+your+request.
39. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) Http 302 (redirect_urlparam) OAuth Dialog (User Authentication) Allow! Redirect with Authorization Code param http://YOUR_URL?code=A_CODE_GENERATED_BY_SERVER
40. Facebook Authentication / Server side flow http://mydomain.com OAuth (App authorization) Request: https://graph.facebook.com/oauth/access_token https://graph.facebook.com/oauth/access_token? client_id=YOUR_APP_ID&redirect_uri=YOUR_URL& client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
42. Facebook Authentication / Server side flow http://mydomain.com HTTP 302 (redirect_url) Successful authenticated! access_tokenin the body of the request
43. Facebook Authentication / Client side flow Http request HTTP 302 (redirect_url) Pass URI fragment with access_token