
API and Other Platform Product Changes - krausejj
https://developers.facebook.com/bugs/185630995395938/
======
krausejj
word of warning to anyone who wants to integrate with facebook. although their
blog posts say they are only removing select endpoints, as the comments in the
link above indicate, they have basically shut off access to core endpoints
well beyond what they listed. instead of errors, the endpoint returns empty
data.

this is extremely disappointing. our app was reviewed by FB (including source
code), we have thousands of impacted users, and FB gave no indication that
they would start doing this (and the issue was silent).

is a walled garden better than an API that lets users share their data? should
we shut down the entire graph because of a few bad actors? is this how FB
treats developers?

~~~
Analemma_
> is this how FB treats developers?

Yes?

Look, I hate to be "I told you so", but this shouldn't be a surprise: this is
how Facebook has treated partners all along.

Remember when the big thing that drove engagement on Facebook was games? Zynga
was making a mint on that. Until one day Facebook's metrics showed that the
constant "Help my farm!" updates were pissing people off; they flipped a
switch and games disappeared, and Zynga got kneecapped. I think it still
technically exists, but it's a shell of what it was.

Then it was all about sharing as many news articles as possible, and Facebook
built all these relationships with news publishers. That lasted until fake
news and Facebook deciding people want more status updates from friends, and
the publishers all got their traffic slashed with naught but a "I am altering
the deal. Pray I don't alter it further."

When your business lives on Facebook's platform, you exist at their whim. As
soon as they decide you're no longer useful, you're cut off. You really
should've had a plan for this.

~~~
SmellyGeekBoy
Not to mention the fact that that we've lived through all of this before with
Twitter. Entire businesses were built on their API and then were obliterated
in one fell swoop.

Time to move on to the next thing, unfortunately.

~~~
LeifCarrotson
I'm out of the loop, what is the next walled garden everyone's playing in
right now? Instagram? Snapchat? Youtube?

~~~
nkozyra
I'm hoping folks will have a "fool me twice" mentality with this.

No API is permanent and no service will ever be reliable in this regard.

~~~
AznHisoka
On the other hand, there's been a decent number of people who have made lots
of money because they were the first to build an useful product on a platform.

Examples being Buffer, Hootsuite, BuddyMedia

~~~
nkozyra
Sure but then you're in the boat where you have some n finite period of time
to slingshot from needing API Service to having a viable enough business to
live without it.

------
minimaxir
Some argue that the recent FB and Instagram API neuterings are in response to
the Cambridge Analytica scandal. However, last September, Facebook silently
neutered the ability for people to gather posts from _public_ Facebook pages
via the Graph API, which was damaging for FB Page research:
[https://developers.facebook.com/bugs/1838195226492053/](https://developers.facebook.com/bugs/1838195226492053/)

------
jrochkind1
The events API had already been pretty crippled some time ago, looks like it's
been made close to entirely useless now.

This is interesting to me, cause while I think their motivation was mostly
about PR (although who knows, it's just kremlinological speculation), events
are the main thing that keep many people I know from abandoning facebook --
it's the only way to find out about what's going on in many social circles. I
contemplated trying to make something that used API to keep you in the loop on
events on FB without having to actually use FB; it already wasn't really
possible, now _really_ not possible.

Although wait, there is still iCal feeds for at least some read-only
access.... okay, back to the my own research on the matter. :)

~~~
eertami
You can setup email notifications for event invites only.

It was the least effort way I found to not miss out on them without using the
site.

------
nyxtom
For reference, this is a temporary pause to review policies and make necessary
adjustments as per this status.

> Description We are pausing all new messaging experiences (including new
> authentications on approved apps) on the platform while we review our
> policies and make necessary adjustments. Learn more here:
> [https://messenger.fb.com/newsroom/messenger-platform-
> changes...](https://messenger.fb.com/newsroom/messenger-platform-changes-in-
> development/).

[https://developers.facebook.com/status/issues/10419771376351...](https://developers.facebook.com/status/issues/104197713763517/)

------
tibbon
I've tried to tell companies time and time again that building the core
foundation of the business on an external service like Facebook, Instagram,
Twitter is doomed in the end. This happened 10 years ago when Twitter locked
down a lot of their API access more, and is happening again now.

The CEOs and CTOs of those companies never listen, thinking "this time will be
different", and yet it isn't. People in those positions don't like hearing
truth that conflicts with their deeply held belief that they are different and
their product/service (or mining of user data) is special and will make it
through some loophole.

I wish I could monetize saving companies and investors millions of dollars
with this advice, but I haven't figured that out. No one likes to hear 'no'

~~~
onion2k
_No one likes to hear 'no'_

I don't think that's the whole story. "Don't build your core business around
that API" ignores the opportunity that's there _now_. Your advice to build a
business around something that can't be removed is sound if you care about the
long term, which is sensible, but it ignores the short term immediate gain.
You don't have to build a business that starts up and continues doing the same
thing forever; for some businesses adapting to things like an API being
removed is just another challenge to be met.

You're clearly quite cautious and like to plan far ahead. Other people don't
do that. That doesn't make them wrong.

~~~
Yetanfou
It doesn't make them wrong but it does make them careless. If you build
something on a weak foundation, knowing it will all come tumbling down sooner
or later you'd better make sure beforehand where to go when the floor gets
pulled from under you. With that I do not mean 'the Bahamas' but rather an
alternative for the external dependency which can take over its role with as
limited an impact for customers as possible. Doing so is not just good
stewardship but it might also reveal new opportunities which otherwise would
have been overlooked. By making things like Facebook optional you both reduce
your own dependency on their antics as well as Facebook's power. The former is
good for your own personal well-being, the latter is good for everyone else.

~~~
mygo
> It doesn't make them wrong but it does make them careless.

No, it doesn’t necessarily make them careless. It could simply make them agile
and adaptable. A bird can perch on a dying limb, grow, and fly away when it
breaks off.

~~~
Yetanfou
...but a bird which builds a nest on a dying limb leaves its dependants
hanging in the cold.

------
xer0x
Many of our apps have broken from these changes. We didn't receive any clear
communication from Facebook that this would happen.

The
[https://developers.facebook.com/status/](https://developers.facebook.com/status/)
page says this has been an issue since March 21st.

------
scotchio
Kind of nice to get to step away to be honest.

Here's an example of what happens if you try to request something:

[https://imgur.com/hOR7lbK](https://imgur.com/hOR7lbK)

------
dasil003
Time to circle the wagons and protect the core business. Collecting
information and selling ads is their bread and butter. Giving third parties
access to that data in order to build things gave them great marginal gains on
their way to the top (sort of like Twitter), but in the current political
climate the risks _far_ outweigh whatever incremental gains they could realize
going forward.

Don't expect the API back any time soon.

~~~
reaperducer
>Giving third parties access to that data in order to build things gave them
great marginal gains on their way to the top

Without Pieces of Flair and Farmville, Facebook would be MySpace.

~~~
JetSpiegel
That was when Facebook was growing. They are the incumbent now, time to kick
the ladder.

~~~
reaperducer
> That was when Facebook was growing

Yes. Since I was replying to a comment which included the phrase "on their way
to the top."

------
ihuman
>friendlists is deprecated

Will this stop me from seeing Facebook friends that also use an
application/service from within that application/service? For example, getting
friend suggestions in Blizzard's or Epic Games launcher for Facebook friends.

~~~
munk-a
That would be awesome.

Initially friends list matchers like that were an opt-in voluntary thing, but
more recently applications have been more insistent on getting FB information
to gather network data.

I'd love to see that sort of an offering die off, it's not like you can't post
"Hey world, really into Overwatch right now, anyone want to join up?" on your
feed yourself.

~~~
ihuman
> it's not like you can't post "Hey world, really into Overwatch right now,
> anyone want to join up?" on your feed yourself

My main problem with that is method that I can't guarantee that friends that
play Overwatch will see my post. The timeline algorithm is too inconsistent.

------
rawrmaan
Holy shit, I'm not even using the Facebook API at the moment but this was
infuriating to read. Please, someone make an FB alternative with wide open
APIs where users can monetize their own data. If someone's already working on
this, I'd love to know.

I will officially never try to use any Facebook API in the future.

~~~
demachina
There's Mastodon, but last time I was there it was only really big with a
slightly creepy Japanese anime crowd. There just wasn't that much interesting
English content to read.

Mastodon's API's are mostly open source standards which means they tend to be
messy and inconsistent.

As far as user monetization the main strategy was predictable pleas for
Patreon donations and some people constantly begging for money with a new
crisis/excuse each day or various forms of victim hood.

I still like Twitter because it has high signal to noise ratio news feeds and
power users, once you find them. Not sure how usable its going to be once they
gut their Stream API in a month though.

To be honest, all social networks look like they are in various stages of epic
FAIL and the perennial search for the new one that is going make it all better
is probably in vain.

There are a slew of inherent structural problems in social networks many of
which arise out of the fact that crowds, tribes, herds tend to bring out and
amplify the worst in human nature. Its recommended you read up on mimetic
theory before you play:

[https://www.ravenfoundation.org/faqs/#dialog](https://www.ravenfoundation.org/faqs/#dialog)

There is also a fundamental, difficult to resolve, conflict between the two
forms of free speech identified in Ancient Greece, isegoria and parrhesia.

[https://www.theatlantic.com/politics/archive/2017/12/two-
con...](https://www.theatlantic.com/politics/archive/2017/12/two-concepts-of-
freedom-of-speech/546791/)

Either you allow largely unconstrained free speech and your network turns in
to an abusive cess pool, or you constantly police and suppress it and it turns
in to China. There isn't really an easily identified middle road.

~~~
skinnymuch
I haven’t been able to find a ton on Mastodon yet but I saw enough tech posts
to not think it’s just anime stuff. Others here who cheer on Mastodon have
found similar results. When’s the last time you used or tried Mastodon?

------
danso
> _Facebook continues to make real-time improvements to its platform to
> protect people 's data. We are making the following changes to maintain
> trust with people who use our products._

"real-time* is probably not the best buzzword to use when trying to spin the
rapid changes as a positive thing.

~~~
return1
they should go with the classic "move fast and break things"

------
downandout
Much of this data can still be obtained through scraping without the API.
Depending on official APIs for data collection has never been a great idea, as
they are often governed by very low rate limits etc. The Facebook API has been
useless for social apps since the 2014 changes anyway, so they have made
something that was already useless even more useless. Hopefully everyone here
saw the writing on the wall in 2014 and isn’t relying on the Facebook API for
business processes or revenue in 2018.

~~~
sooheon
What happened in 2014?

~~~
boudin
They shut down what was used by the company which I forgot the name to harvest
the data that was used by Cambridge Analytica.

I don't have the details, but it was mainly around app having access to a lot
of your friends data as soon as you would give the app access to your Facebook
account, without any concent from your friends

------
adz_6891
A lot of the changes FB made were breaking changes that occured overnight a
few weeks back that they didn't warn any developers about... That's a pretty
good indication of how much they care about their developer ecosystem.

I wonder if this will hurt them more than they gambited for though. They've
clearly thrown a lot of resources at the messenger API to encourage third
parties to make bots. It also seems like WhatsApp's strategy to monetize is
increasly focused on businesses somehow integrating with the platform.

As a developer, though I know WhatsApp still operates as a separate entity
it's still ultimately owned by FB. And even though FB and WhatsApp still have
incredibly dominant market share, stuff like this makes them look like very
flaky foundations for third parties to build anything over... GDPR is going to
hit FBs bottom line in europe and all their growth is coming from developing
markets where user ARPUs are tiny... Long story short, I don't think times are
going to be sweetness and light for FB in the near term, and so this is a time
where they'll want as many friends as possible. But stunts like this won't win
them any friends in developers!

------
nurettin
Why can't we view the content without logging in?

~~~
wheelerwj
so much this

------
whataretensors
This is why you should never cooperate with these people. Now the organization
can't push back and keep apis up without feeling scared.

------
geuis
Can anyone copy the content of the announcement into a comment so we aren't
forced to login to read it?

------
return1
If your app depended on getting user data from facebook, you should have moved
away from that anyway, they made so many pointless changes and limitations
over the years that the fuss was not worth it. you can still use the feed
dialogs for viral engagement.

------
product50
Damn they do. Damn they don't.

------
outside1234
So now they are just going to directly sell this information?

------
oh-kumudo
Can't blame them, it is a tricky business now.

------
M2Ys4U
>You must log in to continue.

Can somebody post what the actual problem is?

~~~
downandout
I’m curious if all the privacy zealots on here see the irony in someone asking
others to publicly share content that is only supposed to be accessed by a
private group of people (Facebook users, in this case). Does this not violate
the privacy of the person or organization that made these posts, who intended
it for a specific audience?

~~~
slenk
Whether you have an account or not, Facebook is collecting information about
you. They should at least tell everyone what they are allowing developers to
do with the data

~~~
downandout
Developers aren’t allowed to do anything with data that Facebook collects
while you are not logged in. They _never_ have. The information in those
private posts intended for a private audience is only relevant to people that
have Facebook profiles and are either developers or have a Facebook account.

Further, even if they did allow developers to use this data, it’s still a
private discussion behind an authentication wall. I have seen it argued that
taking such posts and publicly posting them is a violation of GDPR, and it may
well be because of how broadly this law is written.

Live by the sword, die by the sword. It isn’t OK to ask people to violate the
GDPR just because it suits you in a given situation.

~~~
remram
Maybe I'm confused, but how this announcement from Facebook contain personal
data?

~~~
downandout
It is a post that was directed to a private group - that group in this case is
Facebook account holders. So by taking that information and posting it here,
it may run afoul of the GDPR. I have seen arguments that even forwarding a
group email to someone not on the original recipient list is a violation, so
this wouldn’t be any different. It’s a communication that is behind an
authentication wall for a reason.

~~~
M2Ys4U
Those arguments are wrong.

The GDPR deals with processing[0] of personal data[1], not data about anything
else any entity wants to remain somehow restricted. Other legal regimes may
deal with disclosures of that kind, but _not_ the GDPR.

[0] ‘processing’ means any operation or set of operations which is performed
on personal data or on sets of personal data, whether or not by automated
means, such as collection, recording, organisation, structuring, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction;

[1] ‘personal data’ means any information relating to an identified or
identifiable natural person (‘data subject’); an identifiable natural person
is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number, location
data, an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that
natural person;

------
dan1234
For those who can't/won't login to see this:

Facebook continues to make real-time improvements to its platform to protect
people's data. We are making the following changes to maintain trust with
people who use our products. These changes are never easy, but by focusing our
efforts, we can put stronger protections in place to combat potential abuse.
Please find a quick summary of these changes below:

Facebook Login:

App review required to ask users to share checkins, likes, photos, videos,
events, and groups

Following fields are now deprecated and will return empty data:
relationship_status, religion, political, friendlists, education, work, about,
website, interested_in

Following Open Graph permissions are also deprecated and will return empty
data: books, fitness, games, music, news, video

Taggable friends and mutual friends APIs are now deprecated

Pages API:

App review required

Page conversations will receive a new thread identifier

Require a Page access token with a matching Page for specific endpoints:
/agencies, /canvases, /instagram_accounts, /leadgen_forms,
/page_backed_instagram_accounts, /promotable_posts, /page/userpermissions

Deprecated /checkin_posts API and webhook

Remove social context elements: /friends_who_like, /friends_tagged_at,
/video_watch_friends, /music_listen_friends

App review required to use the following edges: GET /page/events and GET
/me/events

Events API:

App review required

Deprecated content edges on all events: /feed, /posts, /comments, /pictures,
/videos, /live_videos, /photos

Deprecated user edges on all events: /attending, /interested, /declined,
/maybe, /noreply

See User Node and Page API sections for details of /events edges on these
nodes

Groups API:

App review required; API use must meet a specific group admin need

Removed some fields returned by edges on groups: to, from, likes, reactions,
name_tags, message_tags, with_tags, tags, admin_creator

Deprecated APIs that share data about people in groups, including /members,
/admins, /owner and a number of undocumented endpoints: /member_requests,
/moderators, /former_members, /insights, /links, /tagged

Search API:

Deprecated Search API for pages, groups, events, and users

Games:

Updated Instant Games context_fetchPlayers API to limit users returned to
those who have played in the specified context

Deprecated Scores API, Achievements API, /taggable_friends, and
/invitable_friends

Deprecated /{app-id}/staticresources

App Insights API:

Removed age, gender and country information from the app_event metric

Instagram API Platform:

Instagram is accelerating the previously announced deprecation of the
Instagram API Platform and has lowered rate limits

User Node

The following User node fields will no longer return information: about,
education, friendlists, interested_in, political, relationship_status,
religion, website, work.

GET /user/groups and GET /me/groups - This edge no longer returns any fields
that contain User identifying information. This applies to all app Users, even
app Admins querying their own User ID.

App review required to use the following edges: GET /user/events and GET
/me/events (apps with user_events permission granted will still require re-
review)

------
nopacience
still doesnt show who visits your profile.

