The Callback Page

I find it rather annoying that one of the first, most fundamental areas you need to learn about Facebook application development is so poorly documented: the calls made from Facebook to your ‘callback’ page.

This messy page is the best documentation I’ve found so far: Your Callback Page and You

Most Facebook documentation involves the large variety of ways that your server can talk to Facebook, but at the beginning I am much more interested in just handling the request sent from Facebook to my server that actually displays something to the user. I.e. “Hello world!” These parameters are parsed and thinly disguised by the various client libraries, but really warrant a close look when you begin developing Facebook apps.

First of all, check fb_sig_in_canvas to make sure that this call is actually a pageview (a user views an application page on Facebook, and a sub-request is made to your server to get the canvas page). I assume that this will be false when Facebook is sending asynchronous updates to your server. (BTW, contrary to what the above wiki page says, I didn’t receive the “installed=1” callback from Facebook when adding my application.)

fb_sig_added tells you whether the person viewing an application page on Facebook has added your application. If you want them to add your application before viewing a canvas, return this FBML:

<fb:redirect url=”http://www.facebook.com/add.php?api_key=YOUR_APPS_API_KEY”&gt;

(Note: Some of this may be different when using iframes, which I haven’t tried yet.)

tells you who is viewing the page. Keep in mind from the very beginning that there are usually two users you want to be aware of in every single transaction: the Visitor and the Author. Only paying attention to the Author is one of the reasons that there are so many security flaws in Facebook apps.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: