Facebook now has official document describing the AppSecret Proof

According to Facebook,

You can reduce your exposure to malware and spammers by requiring server-to-server calls to Facebook’s API be signed with the appsecret_proof parameter.

And in short, the app secret proof is a sha256 hash of your access token, using the app secret as the key.

You can get more information by referring to the Facebook Documentation on Securing Graph API Calls.

This entry was posted in Authentication and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *