In April 2014, a new version of Facebook API was published. You can find their upgrade guide from v1.0 to the new version v2.0 here. The change is huge, and obviously aims to tighten security and abuse prevention. However, this change also brings a surprising amount of pain and misery to developers. Let me start with a simple scenario: basically search for people I know and contact them. I went through a lot of trouble just to do that! So, I’d like to share my frustration in trying to adopt this new Facebook API. If you agree, commiserate in the comments below.
Lack of Information
First, a great deal of my irritation comes from the fact that there’s not a lot of new information about this change online. As this is a major change in functionality, most tutorials, examples, and documentation are outdated, and on top of that, many answers on forums only add a small, unhelpful disclaimer: “Will work until the end of April 2015.” So, collecting information on this new change is pretty frustrating and tedious.
Limiting Potential Use of Facebook API
I do get the concept of authorization. If I want to have an application that performs user actions, I need the user to authorize that application. However, I expected this step to simply give the application the same permissions the authorizing user has (for example, the app could do the same thing as the user can in the browser.) But it doesn’t work this way. Unlike the browser interface, the API protects profiles by preventing you from getting information about anyone who hasn’t authorized your app. It’s an honorable idea to protect users from abuse, but this drastically limits the potential use of the API.
Let’s take a look at this using an example. From my browser, I’m able to search for people, and I can look at their friends if they haven’t chosen to explicitly hide them. However, I cannot do the same thing with my app via the Facebook API. Why? Apparently, any operation involving a user (e.g. the person showing up in search results or listing friends) only works if that user has authorized your app.
Moreover, the “friends” (/[user_id]/friends) API method no longer returns all friends as you would expect, but only those who have subscribed to your app! Also /[user_id]/mutualfriends call has been deprecated.
Or take this case: Based only on a list of people’s names, I might want to identify my friends there by checking whether we have any mutual friends. This again is no longer possible.
Future Plans and Troubles
The situation is getting even worse when you look at the way the API changes are planned. Version v1.0 will stop working in about a year, on April 30, 2015. You may think that’s fine; you can use the old API until then, leaving you plenty of time to either abandon Facebook or do your work differently. But you’d be wrong. Although the deprecated version 1.0 is still available, it’s only for applications registered before April 30, 2014. This means you can use the old API only if you were lucky enough to have registered your application before that date. All newly registered apps will default to version 2.0 without the option to go to v1.0.
Really, Facebook? This is the way you’ve decided to improve your API – by making it less social? I’ve always thought the main purpose of authorizing an application was to give the application some permissions. Why can’t I give permission to an application to be able to do what I can do in a web browser? It seems like Facebook tried to solve prevalent abuse problems by dramatically restricting their API, but is this the right way to do it? Increase restrictions and decrease usability of the API? Hundreds of angry and disappointed developers are screaming (like here).
If I am in fact missing something, please let me know in the comments. I really hope I’ve just overlooked something important in Facebook’s documentation. However, according to reactions I’ve seen about it online, I doubt it. So, good luck to all developers using version 2 of the API. I myself find it very limited and hard to use.