At the Forge - Facebook

Learn how to connect your Web applications to Facebook, the highly popular social-networking suite.

Last month, I described a growing trend in the world of Web/database development. No longer are developers content to create interesting new applications for people to consume. Rather, more and more companies are looking to create service-based platforms, upon which other developers can create new and interesting applications.

For example, many of us think of eBay as a Web site that handles on-line auctions. And it's true; at the end of the day, what pays the bills at eBay is the fact that many people are buying and selling things. But eBay has been especially successful because it offers not a particular application, but rather an infrastructure upon which buyers and sellers can create their own applications. Many of those applications might be invisible to the average user, but they exist nonetheless. There already are many software packages that help vendors price, track and sell their wares, and there are similar packages designed for buyers.

It's pretty easy to differentiate between an application and a platform. The former might have a great deal of functionality, but changes and additions all come from a central group of developers. By contrast, a platform includes software libraries and/or APIs designed to make it easy for developers to expand and modify the core functionality independently. As a platform grows in popularity and developers make use of the API, a small software ecosystem takes root, making it harder to compete with the ecosystem, because so many people have a vested interest in keeping it going.

One of the biggest platform successes of the last few years is Facebook. Facebook originally was meant to be a small, Web-based version of the book that newcomers to Harvard (and MIT, for that matter) are given when they first arrive. Facebook quickly took off, offering a growing amount of functionality, and expanded to students at other universities. Facebook then invited everyone—students and nonstudents alike—to become members. Then, in mid-2007, the Facebook team unveiled F8, the Facebook development platform and API. Now there are tens of thousands of Facebook developers, and although many of them are creating trivial or silly applications, some are creating interesting and profitable ones. Moreover, many people now prefer Facebook to rivals, such as LinkedIn, partly because their friends are on Facebook, but also because there is a large library of Facebook applications they can install and use.

To Web developers, of course, Facebook provides not only a library of applications that we can use, but also an infrastructure on which we can create our own applications. This month, let's dip our toes in the waters of Facebook application development, create our own simple application and see how it can hook into Facebook.

A Souped-Up Proxy

If you have been developing Web applications for a while, you might wonder how it is that Facebook allows people to add their own code to a running Web site. Do you upload your code to a virtual server? Do you run it through a Web service? Do you write it using a macro language within the Facebook system?

The answer turns out to be simpler than any of these possibilities. You run your Web application on your own server, write it in whatever programming language you choose and include whatever functionality you want. When someone invokes your application via Facebook, the Facebook server then makes a request to your Web application. The output from your application is passed along to Facebook, which then integrates it into the page and finally sends the output to the user's browser. In other words, you can think of Facebook as a proxy HTTP server, one that you can configure to allow people to visit your site.

But, of course, things are a bit more complicated than that. When it is invoked by a user, your Web application has access to information about that user and about that user's Facebook friends and networks. Thus, it's possible that Facebook will invoke your application on behalf of a user—and that before it returns any output, your application will send a number of queries to Facebook to learn more about the current user. This back and forth is surprisingly fast, at least on the Facebook end, but it does mean you need to think about what information you really want to request from Facebook, if you want to ensure that your application runs at top speed.

Setting Things Up

The first step in creating a Facebook application is to add the Developer application by going to . (When you create your own application, people then will have to add it in a similar way.)

You will be asked if you want to add the Developer application. Every application on Facebook has a unique name; I suspect that over time, people will hoard application names, just as they have done with domain names. Notice that you need to agree to add an application explicitly, and that Facebook provides you with a number of options to protect your privacy. So, you can allow (or forbid) the application to access information about you, to put a link in your navigation list or even to publish stories in the “feed” on your home page. This last item is particularly important; when checked, it allows applications to write to your personal feed, which then is picked up and displayed on your friends' home pages.

Once you have added the Developer application, you now can create your own applications. Note that only those Facebook users who want to create new applications need to add the Developer application; if you only want to use applications, there isn't really any need for it.

Now, it's time to create a new application. If you have just added Developer, you will be presented with a link asking if you want to create your first application. If you already have added Developer, go to the Developer home page ( and click on see my apps. In either case, you'll be given a chance to create a new application. Each developer can create almost any number of applications, and it is free of charge—so don't think that you need to skimp on the number of applications you create.

To create an application, click on the link that says “create one”, or if you already have an application, click “apply for another key”. The simplest possible application has nothing more than a unique name. But, in general, you should fill in a number of the optional fields associated with an application. Thus, although you could create an application by entering its name and checking the “I have read the terms” box, you probably want more. So, click the optional fields link, and enter the following information:

  • The support e-mail address should be yours, at least for the time being.

  • The “callback URL” should be a URL on your server that is connected to a Web application framework. In our case, we're going to use a development system for Ruby on Rails for our server application. Thus, the callback URL will be

  • The “canvas page URL” should be where you enter the application's unique name again. I used rmlljatf for mine, because this is my Facebook application for my column (At the Forge) in Linux Journal. You will need to choose a different name.

You can ignore a number of the settings, such as whether you should use FBML (the Facebook Markup Language, a superset of HTML) or iframes, and whether you want a Web or desktop application (in this case, we want the former).

We do want people to be able to add our application on Facebook. However, we don't want the new application to be displayed in our feed, and we also want to restrict the application to developers who are working on it. So, although we will click the yes check box that allows people to add the application, we also should click the developer mode check box farther down and the private installation check box below that.

When you finish filling out this form, press Submit. If the form contains no errors, you will be told that your application was created successfully. Moreover, your new application now will be on your developer page. Among other things, your application has an API key and a secret. These are 32-character strings that Facebook uses to ensure that your application and the Facebook server are allowed to communicate.