I wanted to confirm if this is possible. I want to publish "User To User Requests" directly to the open graph action with my own UI (specifically the friend selector).
My friend selector does follow the platform guidelines (ie do not allow users to select all users at once). My question is that can I publish these requests directly without having to use any of the FB UIs including the request dialog preview (we are going to show our own preview).
This is to be built on iOS. The primary reason we want to use our own UI is because our design team feel that the popups hinder UX on mobile and they want to make it seamless. Their reasoning is a design issue that probably up for another discussion all together, but what I want to know is about using the requests api without using the native FB ui.
The answer is simply, YES, yes you can do this and then post the request to each friend using the id's of the friends selected by the User. All you have to do is just retrieve the friend list retrieve selected user ids and POST to them the requests.
Related
I'm currently building a food ordering Messenger bot that uses an extension for the menu, as it is a much faster way to browse and select in the restaurant menu rather than using carousel or lists and repeated questions about the quantity.
However, using extensions currently limits the use to mobile users. An extension is used(rather than a plain web-view) to get the user messenger id to determine which user is making the order. An idea came across my mind to switch to a regular web-view to allow desktop users to use the bot, as currently the messenger opens the web-views in a frame rather than in a new tab, but this means that the only way to determine which user is ordering is to pass the user ID (bot`s database user table ID, not the messenger ID) as a URL parameter for the menu.
My question is, how safe and is it even a good idea to do so?
This would depend on how sensitive the user ID is. If the API that accesses your database is properly secured, then it should not be a problem, since no personally identifiable information can be extracted with just the user ID.
If you wanted to be really safe and not expose the user ID from the database at all, you could store the PSID from Messenger in the user db record, then send and do a look up on that instead.
So, I guess the short answer is, it's as secure or insecure as anything you would pass around over HTTP, since the webview in Messenger is a plain webview.
First, although this may have been different when you posted your question, Messenger Extensions now absolutely do work on the desktop versions of Messenger (both when using messenger.com directly from the desktop, as well as when using the version of Messenger embedded within facebook.com). That said, I would recommend using the Content-Security-Policy directive to allow both messenger.com and facebook.com to display your webview as a frame within the browser, rather than the X-Frame-Options recommended by Facebook at https://developers.facebook.com/docs/messenger-platform/webview/extensions#webview_on_web . X-Frame-Options forces you to choose a single domain (messenger.com or facebook.com) to allow your webview to appear on, whereas with Content-Security-Policy you can allow both.
Second, it's worth pointing out that even if using Messenger Extensions, if you're not validating the incoming data using signed_request, then anyone can spoof an order acting as that user. The instructions at https://developers.facebook.com/docs/messenger-platform/webview/context#signed describe how to validate incoming info from getContext() to ensure that the information really did come from Messenger.
I am developing an mobile app for iPhone. The app will primary used by people who are on holiday in a different country and will be offline most of the time, due to high costs for internet traffic.
However, the company for which I am developing the app wants to users to be able to use the "Facebook Share" functionality also when people are not connected to the internet.
It should work on a way that they click the SHARE link button in the app, but then get a message that they are offline and the link will get shared as soon as they are online again.
I am trying to figure out how to do this. Can I pass the link I want to share to the official FB App via fb:// protocol (or whatever) and the FB App handles the post/share as soon as it is online again?
Or do I have to do it on my own, put the links I want to share in a internal database and then post them to the wall when I am online again?
Or any other ways??
Any suggestions would be welcome, I would prefer a very quick solution and hope someone maybe has an idea how to do this. I was hoping I can pass the share-link to the official FB App and this one handles everything when it goes online again !?
Thanks for your ideas!
Your approach should be to make your link-sharing code automatically cache requests until they are sent. The app then doesn't need to concern itself with the details - it can just post the link and get a 'failed', 'success', or 'postponed' response from your API and notify the user accordingly.
Your link-sharing code can then internally check if it can currently post to FB and if not (either because the user is currently offline or perhaps the Facebook token is expired) it will store it for later. This class will then re-check periodically (for example when the app comes to the foreground or when the class is initialised the next time the app starts) for connectivity and then it will check if the token is still valid and perform FB login if required. Once it has a valid token it can then iterate through the pending requests and act upon them.
If you really want to make it nice and clean, you can separate out the code that accepts incoming requests to do something, checks if it can be performed now, does it or stores it for later, and periodically checks any requests in the pending queue. This class will not have any idea what the requests do or how they are performed, it will work with another class that implements a protocol to do the actual work and knows about facebook, etc. There may even be an existing design pattern for such a setup, but I don't know what it's called if there is.
Update: I did some research and found this is very similar to the "Fire-and-Forget Pattern".
How do I trigger a programmatic post to a specific person's Facebook wall so that it looks like this (but replace GO TRY IT ON with my app):
I do not want this to be a generic post to the world. I want this targeted to the specific user's wall whom I specify. I want to include a specific message. I already have social discovery for my app enabled (meaning that I can see my app when I search facebook on my iPhone, and I see it in my list of apps such that I can tap the row and launch my app from facebook).
Looks like you want to familiarize yourself with the concept of the Open Graph -> https://developers.facebook.com/docs/opengraph/
product is obviously an object defined in that apps open graph settings, and suggesting is an action that can be undertaken with products.
So what you've shown us in this picture is not a normal post, it's the publication message of an Open Graph action.
But I'm not aware of any simple way to make this publication visible only to one user. The general visibility is set by the user in the auth dialog for your app. I don't know if there's a way to further restrict visibility for a single action publication, maybe by dynamically creating a friendlist with only that one user in it or something …
I'm trying to figure out the best way I can inform analytics trackers that the page view is coming from my app, rather than a 'direct visit' (for example).
I have an app that displays a list view of tons of different news stories, and I want to make it so that, when a user taps on one of the stories, and it is displayed in my UIWebView, the website being loaded is somehow informed that the referral came from 'example-iphone-app', or maybe my iPhone app's website?
Is there any way to manipulate the http request to make the iPhone app act as if the link is being opened by a referral link on my website?
I was originally thinking of just adding a query string with a parameter like ?source=myappname, but realized this is not a reliable (or even useful) way of alerting site owners with Google Analytics, SiteMeter, Urchin, etc. from where the request has come.
If you're using Google Analytics then you can set the utm_source and utm_medium query parameters and they will be displayed as the referral source. utm_source is where you would put your myappname parameter and utm_medium should probably be set to referral unless you are charging per click then it is usually set to cpc.
I need a script that will add my phone with Twitter for All latest notification.
I found this page Twitter but i need to create script for my own application.
I goggled but i didn't get any solution For this.Please Help me to find this answer.
Thanks a lot in advance.
First Edit
This is a twitter's new feature Send notification to Phone. Actually I want to create an app that will allow users to register there phone with twitter via my application. Ie I need a script to implement send notification to phone.
The question that others are asking you Pankaj is what platform is your application being written for. You keep saying you want a "script" to do this, but what kind of script?
Giving us more insight to what your application is (a console application written in C#, or an ASP.NET web application) would lend more detail and raise the chances of someone being able to help you. :)
Regardless of your app's platform though, you're probably going to need to look into the Twitter API for setting this up. This is the normal method to interact with Twitter from 3rd party applications. So all the suggestions above, specifically the list of API's available, is probably what you're looking for.
Hey, can you give some more information? What kind of Phone are you developing for?
Maybe that helps solving your Problem.
If you are just searching for a way connecting your Phone to Twitter, here is the Twitter FAQ for Phone connecting:
http://support.twitter.com/articles/14014-twitter-phone-faqs
Maybe it helps, or give you more keywords for your search.
I don't believe there's a way to get or set the notification phone number using the API, however if a phone is already setup on the profile you want to configure, you can do the following to get notification from all user friends.
The user will need to authorize your application to access her account. This flow uses OAuth, and begins here:
http://api.twitter.com/oauth/request_token
Once the user has granted your app access, and your application has all the required OAuth credentials, turn on notifications using account/update_delivery_device:
http://api.twitter.com/1/account/update_delivery_device.json?device=sms
Next, fetch all the IDs for your user's friends using the friends/ids API call. Be sure to study the documentation; this call uses cursors, so you will have to manage those if the user has over 5,000 friends. Store these IDs for use in the next step. Here's an example call:
http://api.twitter.com/1/friends/ids.json?cursor=-1
Once you have all of the friend IDs, you can call notifications/follow repeatedly to enable notifications on your mobile device whenever your friend makes an update:
http://api.twitter.com/1/notifications/follow.xml?user_id=12345
This approach will burn one API call for each user that you enable notifications for; there's no way currently to manage notifications en masse.