Should I pass access token when using FB.api()?

Question

I'm just a little confused as to how to pass my access token into FB.api() when making requests for protected things.

I'm getting my app to login and authenticate fine, but how do I use FB.api() with the access token I have?

app.accessToken = response.authResponse.accessToken; // This is a valid access token.

FB.api('/me/friends?access_token='+app.accessToken, {fields: 'name,id,location,picture,installed'}, function(response) {
    console.log(response);
});

Is that the correct way to pass in the access token to FB.api()?

In this case, my response comes back with the friends name,id,location,picture but it doesn't seem to have the 'installed' data as that is protected.

Am I doing this right?

Answer 1

Although I see why some users are saying you may not need to pass access token due to your specific use.

Generally, there are cases where you do need to pass an access token through FB.api()

The way this is done is by passing it in the parameter object, as such:

FB.api('/{fb-graph-node-goes-here}/, {
  access_token: "TOKEN GOES HERE"
  //other parameters can go here aswell

}, function(response) {
  console.log(response);
});

Answer 2

You do not need to pass the token, if the user logged in (with FB.login, for example). In fact, by using the JavaScript SDK (or PHP SDK), you almost never need to deal with the (user) access tokens.

So, your call would just be like this:

FB.api('/me/friends', function(response) {
   console.log(response);
});

Getting the info if the user installed the app:

• Test if user has application installed with Graph API
• How to fetch a list of the current users' friends who also use my app?

Answer 3

That is how I did it:

Pass access_token as a parameter.

FB.api("/me", { access_token : response.authResponse.accessToken }, {fields: ['last_name', 'first_name', 'name']},
        function (response) {
            console.log(response);
            console.log('Name: ' + response.name);
        }
      );