Facebook JavaScript API: I want that!

For the past couple of weeks the Facebook team has been rolling out a JavaScript API. This is the first client-side API to be officially released by Facebook. They’ve had something they call “FBJS” for a while now, and it’s a great tool when you’re working on embedded pages using FBML (which can be an awesome time saver and styling tool). But if you know me well enough you know that JavaScript sucks! Ok, it’s better than not having JavaScript but one of the reasons I left the browser arena is because of the frustrations of that language. I can’t deny its popularity and I don’t think that Facebook is doing a bad thing by introducing the API, but I want the same thing in MY language.

I’ve been working on my FB AS3 API for a while now. It’s getting pretty close to being done, but there is still one thing that I think will keep it from being taken seriously. The security of the API (as well as every other client side FB AS3 API) is pretty lax. I don’t want to give any secrets away (pun intended) but Flash apps that use the API aren’t very hard to hack. The JavaScript API, however, uses the idea of session only authentication and doesn’t rely on using the secret the way a server-based API (such as Java or PHP) does. Instead it relies on the callback settings for the application to keep things secure. This article on the Facebook Wiki gives better details about the authentication model for the JavaScript API.

So hopefully, as the work on the API winds to a close, I’ll be able to implement some of the logic of the JS API to make ActionScript secure as well. If you’ve got any ideas on how to proceed then please leave a comment or drop me a line.

-Jason Crist