APP_ID

APP_SECRET

ACCESS_TOKEN

Access token (short-lived or long-lived) obtained through Authorization Flow

POST_ID

TIMESTAMP

INPUT_TOKEN

Access token (short-lived or long-lived) associated with YOU, the Facebook App owner

OWNER_ACCESS_TOKEN

Owner's access token (short-lived or long-lived) obtained

CREATED_TIME

Facebook’s Graph API is the central means for programmatic access to Facebook data.  It is the entry point for reading and writing to Facebook’s “social graph”. 

This course begins with a discussion of the major concepts of the Facebook Graph API. You will learn basic concepts like authentication, authorization, and access tokens. Then, you will build out your mini-project step by step by deploying the "Login with Facebook"  web page. By the end, you will have a thorough understanding of how to build API integrations in your own projects.

Facebook Login and the Facebook Graph API

In preparation for accessing the Facebook Graph API on behalf of your users, there are a few core concepts that you will need to be familiar with. Getting a basic understanding of these concepts will help make sense of what is coming up in the next few lessons.

# Authentication versus authorization

As an application developer &mdash; regardless of whether you are building a desktop app, a mobile app, or a web app &mdash; it is important to understand the distinction between **authentication** and **authorization**. This distinction will prove to be particularly useful if we want to start using the Facebook Graph API. Let's make this distinction clear first, and then, we will talk about why it is important.

## What is authentication?

Authentication is the verification that somebody is who they say they are. In a real-world setting, a bank might ask to see a person's ID in order to verify if they are a certain person. A photo ID, however, is not the only way to authenticate someone. If you didn't happen to bring your photo ID, your bank might ask to see your bank card and have you enter a PIN number. The combination of having a bank card and entering a correct PIN number is sufficient enough for the bank to accept that you are who you say you are.

From a web application perspective, the most common example of authentication is when a user enters an email address and password. If a user has entered a correct combination of email address and password, we _assume_  that that user is the person who owns that email account. The information that the user provides is sufficient for us to authenticate the user.

Yes, it's possible for you to give your bank card and PIN number to your spouse or your friend, and that person could potentially impersonate you (and do so successfully). In the same way, you could give somebody else your account credentials for a website, and that person could log in as you.

At its core, though, authentication is simply the verification of a person's identity.

Learn the difference between authorization and authentication along with their importance.


__default

Accessing the Graph API on Behalf of Your Users

Authentication versus authorization

What is authentication?