Browse files

Update docs

  • Loading branch information...
devongovett committed Oct 31, 2013
1 parent 97042ee commit 7d6de75e9f7d3cdbc48186e78798bec127bbf683
Showing with 8 additions and 0 deletions.
  1. +8 −0
@@ -65,6 +65,14 @@ More details below on the __express app__ section
+### Securing API calls
+Facebook [recommends]( adding the
+`appsecret_proof` parameter to all API calls to verify that the access tokens are coming from a valid app.
+You can make this happen automatically by calling `graph.setAppSecret(app_secret)`, which will be used on
+all calls to generate the `appsecret_proof` hash that is sent to Facebook. Make sure you also set the
+access token for the user via `graph.setAccessToken`.
## Extending access token expiration time
If you want to [extend the expiration time]( of your short-living access token, you may use `extendAccessToken` method as it is shown below:

0 comments on commit 7d6de75

Please sign in to comment.