This article is more than 1 year old

Facebook dynamites its own APIs amid data slurp scandals, wrecks data slurp applications

And quietly cancels plan to gobble hospital patient info

In response to widespread concern about the misuse of Facebook user data, the social ad network on Wednesday hobbled its Graph API and Instagram API, breaking apps sustained by that data in the process.

Mike Schroepfer, Facebook's CTO, outlined the changes in a blog post, some of which took effect immediately.

The Graph API, as Facebook describes it, "is the primary way to get data into and out of the Facebook platform."

It allows developers of apps utilizing the Facebook Platform to make a network request to an endpoint like user_friends and get back a list of friends of the specified user. Or it did until word got out that a researcher had taken several hundred thousand app users and queried the API for their many millions of friends and then made the data available to Cambridge Analytica.

There are other ways to get Facebook data, such as scraping it – CEO Mark Zuckerberg on Wednesday acknowledged that Facebook users who made their email and phone details part of their public profiles could expect their data had been collected in this manner.

But the Graph API serves as the official mechanism for dispensing data on Facebook users; recall that Facebook operates under a Data Use Policy rather than a Privacy Policy.

Also affected is the Instagram API (built on the Graph API), where scheduled deprecations – by which APIs were to be phased out – turned into immediate revocations and reductions in the number of API calls allowed.

The API changes qualify as "breaking changes" because they break apps that haven't implemented checks to catch errors arising from unexpected API behavior.

Developers who relied on these APIs have begun wondering why their code no longer works.

Dating app Tinder also took a hit, thanks to its implementation of Facebook Login. The company acknowledged the issue in a tweet on the same day as Facebook's API changes took effect.

In the email to The Register on Thursday, a Tinder spokesperson said, "A technical issue prevented some users from accessing Tinder earlier today. We found a resolution and quickly resumed service. We ask our users to ensure that they have updated the app and are running the most recent version."

Unpredictable behavior of this sort is what alienated developers from Twitter several years ago. Facebook's reach and the scope of its data may limit the damage however. There just aren't a lot of equivalent alternatives for marketers.

The following parts of the Graph API are being changed:

  • App Insights API
  • Events API
  • Facebook Login
  • Games
  • Groups API
  • Invitable Friends API
  • Messenger Platform
  • Open Graph
  • Pages API
  • Search API
  • Taggable Friends
  • Tagged Users
  • User Node

The specifics are too numerous to detail here but generally they limit the availability of information that could be abused or require greater scrutiny from Facebook reviewers.

It's not immediately clear how large companies like Salesforce that participate in the Instagram Partner Program and presumably have negotiated special access terms will be affected.

Expect these issues to get some attention at Facebook's F8 developer conference next month. But staunching the data that has been bled from Facebook hasn't put an end to the company's trauma.

On Thursday, the Privacy Commissioners of Canada and of the Canadian province of British Columbia said they will investigate Facebook and AggregateIQ, a firm linked to Cambridge Analytica.

And next week, Mark Zuckerberg is scheduled for a government grilling by the US Congress. ®

More about


Send us news

Other stories you might like