Facebook Platform Updates: Frictionless Requests 2.0, OAuth 2.0 and HTTPS Deadlines Tomorrow, FBML Ending June 2012Posted by Josh Constine, under Development, Facebook, graph api, Requests, Security
Yesterday, Facebook announced updates to the Requests 2.0 including the introduction of frictionless requests that don’t require users to complete a Requests dialog. This could get users to send more Requests, helping apps gain new users and reengage existing users. However, some users might opt in to frictionless requests without fully understanding the feature’s implications, and later be surprised to find out their in-app actions have been sending Requests to their friends
It also set the deprecation schedule for FBML. Support will be discontinued on January 1st, 2012, and apps using FBML will cease to work on June 1st, 2012. Last week’s Platform Update also noted additions to the Graph API, a change to setAutoResize, and a new way for developers to have their apps indexed. Finally, tomorrow is the migration deadline for OAuth 2.0 and HTTPS.
Requests 2.0 Updates
Previously, developers had to force users through a Requests dialog every time they want to send a Request. Developers can now enable frictionless requests, which allows them to automatically send Requests on behalf of its users when a user opts to send a Request to a friend they’ve already sent one to.
If enabled, when users go to send their first request to a specific friend, they’ll see a checkbox for “Don’t ask again before sending Requests to [this friend] from this app.” Next time they opt to send a Request to that same friend from that same app, the Request will be automatically sent without interrupting usage of the app.
As Requests are an important driver of growth and retention for apps, making it easier for users to send Requests should help apps increase their user counts. Frictionless Requests may also be compatible with Facebook’s forthcoming HTML5 mobile app platform, which will allow users to send Requests that are delivered as notifications.
In 90 days on January 1st, 2012, all apps will be opted into both Requests 2.0 Efficient and Upgrade to Requests 2.0. Developers should make sure they’re ready to prevent breakage. New apps are now opted into both these migrations and cannot opt out. Apps are also now responsible for deleting old Requests. Details for making the migration are available in the Requests documentation.
On January 1st, 2012 Facebook will stop supporting FBML and cease to fix bugs except for those related to privacy and security. On June 1st, 2012, Facebook will remove all FBML endpoints and any apps built on the language will stop functioning. The deprecation will make Facebook app development more accessible as programmers won’t have to use a proprietary language.
The two main parts of FBML that remain useful to developers are Requests and Static FBML. Requests can now be handled with Requests 2.0, and Static FBML can be replaced with iframe apps. Several Facebook Preferred Developer Consultants offer free iframe app builders, including Wildfire Interactive. Facebook has also worked with Wildfire to offer a FBML to iframe migration tutorial. XFBML will not be deprecated.
As detailed in a Platform Update, problems with FB.Canvas.setAutoResize have forced Facebook to rename the call for controlling how an app is displayed on the Canvas page. The function is now named FB.Canvas.setAutoGrow and only works for increasing the size of an app. To shrink an app, Facebook recommends using “FB.Canvas.setSize with a height parameter to set the iframe height explicitly.” FB.Canvas.setAutoResize will be deprecated on January 1st, 2012.
Mutual friends between two users can now be retrieved from the Graph API with the call:
The following information about an application can now be pulled from the Graph API:
To do so, developers can use the call
To simplify how apps are indexed by Facebook’s internal search engine, now when apps reach 10 month active users they are queued to be indexed in the next index rebuild which happens ever two to four weeks. Developers no long need use the setting page’s Submit to Search link. This will make sure apps that are gaining users aren’t accidentally left out of search.
OAuth 2.0 and HTTPS Migration Deadline Tomorrow
In May, Facebook announced that developers would eventually need to migrate to a more secure way to pass access tokens and allow users to browse their apps over a secure HTTPS connection. This followed a security issue where apps were found to be leaking permissions tokens that could give third-parties unauthorized access to user data. The migration becomes mandatory tomorrow, October 1st, 2011.
Developers must use OAuth 2.0 for authentication, encrypt access tokens, and have an SSL certificate and provide a secure browsing URL. To assist developers, Facebook has released admin.setAppProperties which allows the necessary settings changes to be made programmatically. FBML apps must also have SSL certificates and secure browsing URLs.