Reputation: 4190
Best practice to handle the FB access token in custom API
I have developing a restful api where the client provides a facebook user id (let say myapi/get_user/123) and the API must retrieve user's public information like name, birthday, etc. That it's done.
Current code:
$fb = new Facebook\Facebook([
'app_id' => $fbSettings['app_id'],
'app_secret' => $fbSettings['app_secret'],
'default_graph_version' => $fbSettings['default_graph_version']
]);
$token = 'EAAD...';
try {
// Returns a `Facebook\FacebookResponse` object
$fbResponse = $fb->get('/' . $request->getAttribute('id') . '?fields=link, name, birthday', $token);
} catch(Facebook\Exceptions\FacebookResponseException $e) {
return $response->withStatus(500)->withJson(['msg' => $e->getMessage()]);
exit;
}
$user = $fbResponse->getGraphUser();
return $response->withJson($user);
My problem it's that I don't know what is the best way to handle the access token. Should the token be provided by the client? In that case, should pass as param in the same request (e.g: myapi/get_user/123?token=ABC123) or should do another api call (let say myapi/register_token/ABC123) breaking the principle of being stateless.
I looking for the best way (or the best practice) to handle the access token.
Upvotes: 0
Views: 177
Answers (1)
Reputation: 11830
The best way to pass access token is in authorization request header :
GET myapi/get_user/123 HTTP/1.1
Host: mysite.com
Authorization: <YOUR_ACCESS_TOKEN>
Upvotes: 1
Related Questions
- Facebook API Access token
- Using app-access token instead of user-access token
- How to work with Facebook App Access Tokens?
- Access Token for php facebook api
- Facebook PHP SDK dealing with Access Tokens
- Php Facebook API Page access tokens
- Get/store Facebook access token from REQUEST in PHP SDK 3.0
- Storing Access Token
- "default" access_token used by PHP SDK
- Proper use of access_token for Facebook Graph API