September 29, 2009

Facebook ActionScript API - intro/gotchas

After delving into the Facebook-ActionScript API for the last few months, and finally getting an app listed in the application directory, I was kindly asked to give an overview/presentation of my thoughts on Facebook/Flash integration at the Adobe User Group on 9/29.

It was a one-hour overview, so there's way too much for a single blog post. So for this first posting in the series, here are a few gotchas/considerations to make before integrating a Flex/Flash application with Facebook:

1) You can't send invites or requests.
The ActionScript API for Facebook just doesn't contain calls to these methods. The closest thing you can do is send a notification using the sendNotification() api call that takes in an array of Facebook userids, and your text message or hyperlink. If you're not sure what a Facebook notification is, it's that little sign icon down at the bottom right of all Facebook pages, to the right of the Facebook chat window.

2)Autoplay is always set to false when embedding a .swf using FBML.

This is by design. I'm sure the reason for it is for Facebook to distinguish itself from MySpace with all the auto-launch junk on many pages. You are allowed to specify a placeholder image, so that needs to be part of your design decisions. Hopefully this isn't a show-stopper.

3)Security issues when accessing external XML files.
If your swf references an external XML file, within Facebook you will get a security violation. The suggested workaround is to reference it using a parent PHP container. Or you could embed the xml in your .swf, but I imagine it's external for application update-ability purposes, and that would defeat the purpose.

4)Inability to make the Sessionless API calls
There are a variety of Facebook calls that can be made without having a session key however, when making these calls via the ActionScript API, you will receive an 'invalid signature' error message if you do not have a valid session because the api calls via session.facebook require a valid session key (ie: the user must allow access to your application before you can make any calls). I am still investigating this... any other insights are most welcome. It would be nice to be able to forestall the "ALLOW ACCESS" prompt to you user as long as possible.

Well, now that all this negativity is out of the way, in the next post we'll walk through how to set up a new Facebook application.

Share |