Developer news
Platform Updates: Operation Developer Love

This week we announced the availability of App Insights in the Dev App to make it convenient for developers to access the analytics and app settings in the same place. We also made more Graph API methods available.

Breaking Changes now only on the 1st of every month

We recently announced our 90 day breaking change policy where moving forward, all changes that could cause an error in your app (e.g. a breaking change) will be announced 90 days before the actual change goes into effect.

Based on feedback from the community we will now ensure that all breaking changes go out only on the 1st of any month. This means that if the 90 day period ends on 15th Oct we will set the breaking change date to Nov 1st. This ensures that developers only have to worry about breaking changes on one day in a month. We have updated our Roadmap to reflect this change.

We will also provide reminders in our Friday round-up blog posts for all the breaking changes planned for the end of the month.

Reminder: Breaking Changes coming on Oct 1st

The following breaking changes are slated to go into effect on the 1st of October:

  1. OAuth 2.0 Migration

    All apps must migrate to OAuth 2.0 for authentication. The old SDKs, including the old JavaScript SDK (FeatureLoader.js) and old iOS SDK (facebook-iphone-sdk) will no longer work.

  2. Apps on Facebook authentication and security migration

    All Canvas and Page tab apps must convert to process signed_request (fb_sig will be removed) and obtain an SSL certificate for use in Secure Canvas URL and Secure Page tab URL (unless you are in Sandbox mode).

  3. Auth.promotesession deprecation

    Auth.promotesession will be removed on Oct 1st. Details on support for OAuth 2.0 for XMPP below.

  4. manage_pages permission required to access user accounts (/me/accounts)

    We are modifying access to the FQL page_admin table and the endpoint. Previously, with basic permissions granted, an app could go to this endpoint or the FQL table to access the list of a users’ apps and Pages. We are going to require that apps have the manage_pages permission in order to obtain access to this information.

OAuth 2.0 for XMPP

To enable XMPP developers to migrate to OAuth2.0 we are today announcing support for OAuth 2.0 with XMPP. With the new changes you do not need to use the session_key and sig parameters anymore and instead should use the access_token parameter which takes the access_token obtained when the user logs into Facebook with the xmpp_login extended permission. Note that this needs to be over SSL or you will get an error.

For more information and a full sample to make this work with php, please refer to our chat documentation.

Enable support for 960px uploads in the photos.upload API

We launched 960px photo uploads to our users recently, meaning that if a user uploads a photo on, it'll be stored on our servers at 960px resolution, and when someone views that photo on, it'll be shown in that same resolution. We are now enabling the same thing via the Graph API. Specifically, users who upload photos through apps will now see those photos on at 960px resolution.

Note: There are no API changes, and there are no changes to the sizes of photos returned through the API or FQL (those photos will be scaled down to 720px, to match current developer expectations).

FB.Canvas.SetUrlHandler to enable Apps on Facebook to handle clicks inline

When user clicks on any story or bookmark on the Canvas Page, today by default we redirect the user to the related URL. We now allow the app being currently used, to optionally register a callback so that clicks to the app can now be handled by the app to display details within the app instead of redirecting user to a different page. This is especially valuable when users click on a ‘your move’ request for the app, and the app can take the user directly to that play, or if a user clicks on an achievement story, the app can show it in-line without the unnecessary redirect.

Here is an example of how to handle it in your app

    <title>FB.Canvas.SetUrlHandler Example</title>

 <body style="margin:0; padding:0; border:0; background-color:#555555">
    <div id='fb-root'> </div>

    <script src="">
     <script type="text/javascript">
           appId  : 'YOUR_APP_ID',
           oauth  : true,

       function onUrl(data) {
           if (data.path.indexOf("games.achieves") != -1) {
              console.log('I will process some achievement now.');
            }  else if (data.path.indexOf("request_ids") != -1) {
              console.log('I will process some request now.');
            }  else {
           // default behaviour
          window.location = data.path;



For more information please read our documentation.

Detecting visibility of Flash objects in Canvas apps

Update: We have made some changes to the JavaScript SDK to add additional support for hideFlashCallback. For up to date documentation and best practices please see this blog post.

For Flash applications on, we recommend using wmode=”opaque” whenever possible. If you must use wmode=”window”, it is possible that Flash objects can become hidden when popup occur, and then redisplayed when pops are dismissed.

We’ve now added the ability to detect and customize this behavior (e.g. show an image when this happens). To do this, pass in a callback function to the hideFlashCallback property passed in to FB.init. For example, here is the HTML for a Canvas app that replaces the Flash object with an image on a popup event (e.g. clicking the notifications icon):

    <title>Fluid Width Flash Example</title>

    <div id="allContent">
      <div id="flashContent">
        <h1>Example SWF</h1>
        <p>Alternative content</p>
         <a href="">
          <img src=
          alt="Get Adobe Flash player" />
      <div id="hiddenContent" style="display: none;">
        <img src="facebook.jpg" width="360" height="360"/>

    <div id="fb-root"></div>
    <script src=""></script>
    <script type="text/javascript">
      function onFlashHide(info) {
        if(info.state == 'opened') {
         document.getElementById('exampleSWF').style.display = 'none';
         document.getElementById('hiddenContent').style.display= 'block';
        } else if(info.state == 'closed') {
          document.getElementById('exampleSWF').style.display= 'block';
          document.getElementById('hiddenContent').style.display= 'none';

        appId  : 'APP ID',
        oauth: true,
        hideFlashCallback : onFlashHide

      //Flash display
      var flashvars = {};
      var params = {
        menu: "false",
        scale: "noScale",
        allowFullscreen: "true",
        allowScriptAccess: "always",
        bgcolor: "#3B5998"
      var attributes = {


package {
  import flash.display.Sprite;
  import flash.text.TextField;
  import flash.text.TextFormat;

  public class Main extends Sprite {
    private var _textBox:TextField = null;
    public function Main():void {
      if (stage) {      
      else {            
        addEventListener(Event.ADDED_TO_STAGE, init);
    private function init(e:Event = null):void {
      removeEventListener(Event.ADDED_TO_STAGE, init);
      this._textBox = new TextField();
      this._textBox.x = 10;
      this._textBox.y = 50;
      this._textBox.textColor = 0xFFFFFF;
      this._textBox.width = 200;
      this._textBox.text = &quot;Hello Facebook - Flash&quot;;
      var myTextFormat:TextFormat = new TextFormat(null, 16);

Check out the FB.init documentation for the full details.


We updated the FQL documentation for the following tables:

73 docs are under review.


Bugzilla activity for the past 7 days:

  • 153 new bugs were reported
  • 17 bugs were reproducible and accepted (after duplicates removed)
  • 7 bugs were fixed (1 of which was reported this week)
  • As of today, there are 1245 open bugs in Bugzilla (down 36 from last week)

Facebook Stack Overflow Activity

Activity on this week:

  • 614 questions asked
  • 338 replied, 55% reply rate
  • 182 answered, 30% answer rate