Deleting requests 2.0 for unauthenticated users

Asked 28/2, 2012 at 14:3 Answered 5/3, 2012 at 17:17

According to Facebook documentation the application is responsible to delete requests once users had accepted them. According to Facebook the application needs to combine the request-id with the user-id in order to delete the request. However, if the user has not authenticated the application yet, it is not possible to get their user id.

How should one approach this problem?

Hoahoactzin answered 28/2, 2012 at 14:3 Comment(3)

If the user didn't authorize the application then he'll delete the request on his own so no need to do anything. – Purvis 28/2, 2012 at 14:14

Thanks! Is there any formal source or documentation which states that? – Hoahoactzin 28/2, 2012 at 14:24

Another thing you can try is to get the request id from the query string (it's passed when the user clicks accept) and manipulate it using an APP ACCESS TOKEN. – Purvis 3/4, 2012 at 11:27

The Facebook documentation states:

When a user is directed to your app by clicking accepting a Request you must delete the request after it has been accepted... thus it is the developer’s responsibility to clear them once they have been accepted

Notice the 'after it has been accepted' part - this means that it's your responsibility to delete the request ONLY if it has been accepted.

Purvis answered 28/2, 2012 at 14:29 Comment(3)

The fact that the user had accepted the request doesn't mean he/she is logged in and I'm able to retrieve their user ID. That's exactly my problem. – Hoahoactzin 28/2, 2012 at 14:39

The way I see it if a user clicks on a request but then doesn't allow access to the application is equal to not accepting the request. Think of what you would do if you accept a request but then leave the application without connecting because you don't want to give your info - you would go and delete the annoying request yourself, or not? – Purvis 28/2, 2012 at 14:46

The request is removed from the user's list once they click accept or decline. But Facebook instructs developers to delete the request using graph API once it was accepted. In our app, for example, users are not immediately being prompted to login. They land in our website and can either login or not. So the question is still - How should the case where a user accepts a request but he or she are not logged in? – Hoahoactzin 28/2, 2012 at 16:41

Per the documentation it is your responsibility to delete them.

The docs say you can user either your app access token or a user access token. So if the user is logged in just use their user access token. If the user is not logged in use the app access token.

 DELETE https://graph.facebook.com/[<REQUEST_OBJECT_ID>_<USER_ID>]?
       access_token=[USER or APP ACCESS TOKEN]

Cycloplegia answered 5/3, 2012 at 17:17 Comment(4)

Thanks for your answer. If the user is not logged in, how can I know the <USER_ID> portion of the above code? – Hoahoactzin 6/3, 2012 at 6:50

At some point they accepted/auth'd your application right, otherwise, why delete the request? When they do auth your appp, collect their user id and store it alongside the request id in your database (which is part of your responsibility to use app requests). So when you code does get around to deleting the request (maybe a batch job you have setup to run at specific times of the day), you have both the request ID and the user id. – Cycloplegia 6/3, 2012 at 18:7

If, as a Facebook user, I receive and accept a request I would expect the request to be removed even if I never auth'd the launched app. If I don't authorise the app, how will I ever remove that game request? Am I stuck with it forever? This seems like a terrible user experience. – Wane 23/7, 2015 at 10:24

As of 2012 that answer was correct. I don't know what they have available now for you to use. Please research the API docs. Or if you cannot find an answer, please ask as a new S/O question. – Cycloplegia 19/4, 2016 at 20:46

Recommended topics

Hot tags