Back to News for Developers

Clarifying Application Authorization Changes

June 4, 2008ByPete Bratach

Last week we announced the changes we're making to simplify how users first interact with new applications. We've received a lot of questions and concerns so we'd like to take some time to answer the most common questions.

How are sessions changing?

The Facebook Platform API will grant your application an active session key every time a user begins interacting with your application. This session key lasts for up to 1 hour after the user stops using the application. You can continue to use this key for any functions that require an active session. Any time the user returns to your application, we will automatically either grant a new session key or (if it's still active) extend the lifetime of the existing session key for that user. Additionally, many methods that require session keys today are changing so they no longer need them and you can call them without an active session.

What API methods can I call without a session?

We're keeping a running list of methods that no longer require a session key on the Developer Wiki. However, the list isn't complete as it doesn't include those API calls that we haven't changed yet. So here's the current list of API calls that won't require a session key as of July 15.

  • Auth.createToken
  • Auth.getSession
  • Fbml.refreshImgSrc
  • Fbml.refreshRefUrl
  • Fbml.setRefHandle
  • Marketplace.createListing
  • Marketplace.getCategories
  • Marketplace.getSubCategories
  • Marketplace.removeListing
  • Notifications.send
  • Notifications.sendEmail
  • Pages.getInfo
  • Pages.isAppAdded
  • Photos.addTag
  • Photos.createAlbum
  • Photos.upload
  • Profile.getFBML
  • Profile.setFBML
  • Users.hasAppPermission
  • Users.isAppUser
  • Users.setStatus

Please note that we’ll keep reviewing this list and may add more calls over time.

Also, bear in mind that we're still updating the code, so some of these calls currently need a session key to function in the sandbox. We'll let you know (in this blog and on the sandbox status page) when we make those changes.

You'll still need an active session when you want to publish an action on behalf of a user -- for example, to send a notification to one user on behalf of another user. But your application will be able to send a notification directly to a user without an active session.

How is the application installation process changing?

We're simplifying how a user interacts with your application for the first time. Rather than a complex set of choices required to add your application, we want to make simpler so the user can just make a one-time authorization of your application before using it. Once the user has authorized the application, it will always appear in her Applications list, so she can return to it any time. You will be able to publish Feed stories and send notifications as soon as she authorizes the application.

As the user engages with your application, she can integrate it more deeply into her profile by adding a profile box or a tab, and opting in to receive email. You can offer these integration points (which we described in greater detail last Friday) when a user is interacting with your application by using new FBML tags (which we’ll publish once they’re completed).

What happens to my existing users' settings and permissions?

Nothing – they stay the same. Profile boxes are migrated as described on the Developers Wiki. If a user currently receives email from your application, then you can continue to email that user.

Is the authorization screen you posted on the blog the final design?

The screen shot we included with Friday's blog post, like other screen shots we've posted these past few weeks, is a current work in progress and does not represent the final design. You can see how we're communicating the profile redesign to our users by checking out the Facebook Profiles Preview Page.

Contacting Us

We continue to want to hear from you about the new design and your experiences trying it out. Please report any bugs you see in the new design. Make sure you use the New Profile category. You can help us solve your issue faster by adding one of the following components to your report: Feed, Info Sections, Profile Boxes, Publisher, and Tabs.

You can send us your feedback and ask questions in the New Profile and Related Changes section of the Developer Forum.