Menu
I am working on an open source web-based application that communicates with Facebook. One of the files contains the Facebook API id and secret key. Is it fine to share this information with the rest of the world?
961
It is extremely important that you never share your app secret. Your app ID is completely unimportant and available to anyone who goes to your Facebook apps profile page, but the app secret is a completely different story. It could compromise any data stored within your application and allow third parties to call specific APIs on your behalf without your knowledge. This is bad for you and for your users.
If you have accidentally shared your app secret (this can happen when it's embedded in client binaries or code) then you can reset it really quickly through the Facebook developer app: https://developers.facebook.com/apps goto Settings -> Edit and then click reset beside the app secret. This will have the effect of invalidating any access tokens that have been previously been granted by your app.
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
