dce/davideisinger.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4012b4dc030299dcad8eada8dd4b25162d4e1ad3
davideisinger.com/content/elsewhere/social-media-api-gotchas/index.md
David Eisinger f86f391e82 copy-edit viget posts
2023-10-24 20:48:09 -04:00

71 lines
3.2 KiB
Markdown
Raw Blame History

---
title: "Social Media API Gotchas"
date: 2010-09-13T00:00:00+00:00
draft: false
canonical_url: https://www.viget.com/articles/social-media-api-gotchas/
---
I've been heads-down for the last few weeks developing the web site for
the new [PUMA Social](http://www.puma.com/social) campaign. A major part
of this site is a web-based game that rewards users for performing
activities on various sites across the internet, and as such, I've
become intimately familiar with the APIs of several popular web sites
and their various --- shall we say --- *quirks*. I've collected the most
egregious here with the hope that I can save the next developer a bit of
anguish.
## Facebook Graph API for "Likes" is busted
Facebook's [Graph API](https://developers.facebook.com/docs/api) is
awesome. It's fantastic to see them embracing
[REST](https://en.wikipedia.org/wiki/Representational_State_Transfer)
and the open web. That said, the documentation doesn't paint an accurate
picture of the Graph API's progress, and there are aspects that aren't
ready for prime time. Specifically, the "Like" functionalty:
- For a page (like
[http://www.facebook.com/puma](https://www.facebook.com/puma)), you
can retrieve a maximum of 500 fans, selected at random. For a page
with more than 2.2 million fans, this is of ... *limited* use.
- For an individual item like a status update or photo, you can
retrieve a list of the people who've "liked" it, but it's a small
subset of the people you can view on the site itself. You might
think this is a question of privacy, but I found that some users who
are returned without providing authentication information are
omitted when authenticated.
- For individual users, accessing the things they've "liked" only
includes pages, not normal wall activity or pages elsewhere on the
web.
## Facebook Tabs retrieve content with POST
Facebook lets you put tabs on your page with content served from
third-party websites. They're understandably strict about what tags
you're allowed to use --- no `<script>` or `<body>` tags, for example
--- and they typically do a good job explaining what rules are being
violated.
On the other hand, I configured a Facebook app to pull in tab content
from our Ruby on Rails application and was greeted with the unhelpful
"We've encountered an error with the page you requested." It took a lot
of digging, but I discovered that Facebook retrieves tab content with
`POST` (rather than `GET`) requests, and what's more, it submits them
with a `Content-Type` header of "application/x-www-form-urlencoded,"
which triggers an InvalidAuthenticityToken exception if you save
anything to the database during the request/response cycle.
## Twitter Search API `from_user_id` is utter crap
Twitter has a fantastic API, with one glaring exception. Results from
the [search
API](http://apiwiki.twitter.com/Twitter-Search-API-Method:-search)
contain fields named `from_user` and `from_user_id`; `from_user` is the
user's Twitter handle and `from_user_id` is a made-up number that has
nothing to do with the user's actual user ID. This is apparently a
[known
issue](https://code.google.com/p/twitter-api/issues/detail?id=214) that
is too complicated to fix. Do yourself a favor and match by screen name
rather than unique ID.
Reference in New Issue View Git Blame Copy Permalink