1

I need to show ads in the Facebook instant game, the company I belong to hope get adID through communication with game server to meet the audition. From Facebook link (https://developers.facebook.com/docs/games/instant-games/guides/bots-and-server-communication#backend), the game can only work like the following:

FBInstant.player.getSignedPlayerInfoAsync('custom_payload_supplied_with_request')
  .then(function (result) {
    // The verification of the ID and signature should happen on server side.
    SendToMyServer(
      result.getPlayerID(), // same value as FBInstant.player.getID()
      result.getSignature(),
      ... //any additional parameters required for your server call
    );
   });
eisbehr
  • 12,243
  • 7
  • 38
  • 63
Siguang Zhang
  • 29
  • 3

1 Answers1

1

You can use any fetch/XMLHttpRequest based method of accessing your backend systems in Instant Games, however you may not (according to Facebook's developer policy) use third-party ad networks. Audience Network is the only supported ad network for Instant Games.

Siguang Zhang's comment below has more details, copied here for future reference:

  1. web end must support https;
  2. web end must support CORS to cross domain (html5rocks.com/en/tutorials/cors);
  3. XMLHttpRequest can be requested through nearly every place, not limited by FBInstant.player.getSignedPlayerInfoAsync
Chris Hawkins
  • 764
  • 4
  • 15
  • What error did you get? I recommend using a remote debugging tool like Sentry.io or Console.re if you're debugging on device. – Chris Hawkins Aug 08 '18 at 04:23
  • Chris, Thanks a lot. Stop! TjxLeSTG7Jd.js:172 This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or "hack" someone's account, it is a scam and will give them access to your Facebook account. TjxLeSTG7Jd.js:172 See https://www.facebook.com/selfxss for more information. – Siguang Zhang Aug 08 '18 at 07:33
  • I use XMLHTTPRequest for a GET request, the target url is https://test-ge-console.appcloudbox.net/goldeneye/adsconfig/v1/get/223?content=%7B%22serialized_data%22%3A%5B%5B%22app_version%22%2C%22%22%5D%2C%5B%22bundleid%22%2C%22net.h5.facebookgame%22%5D%2C%5B%22goldeneye_id%22%2C%22223%22%5D%2C%5B%22os_version%22%2C%22%22%5D%2C%5B%22platform%22%2C%22H5%22%5D%2C%5B%22region%22%2C%22US%22%5D%2C%5B%22sdk%22%2C%221.0.0%22%5D%5D%7D&sig_kv=goldeneye_h5&signature=064d487a328089f0e053a2c8be5341cc0205f5ec6dc35e8db1d14155fc3199e7&cten=p – Siguang Zhang Aug 08 '18 at 07:43
  • I wonder why Facebook think such a url is scam. In fact the request is similar to iOS/Android in our apps. We don't collect any sensitive information. Thanks. – Siguang Zhang Aug 08 '18 at 07:59
  • By the way, the signature I used in the above URL was not from FB, just an result by SHA256. – Siguang Zhang Aug 08 '18 at 09:19
  • 1
    @SiguangZhang That's not the right error, we post that in all console sessions on Facebook, it isn't related to your request. – Chris Hawkins Aug 08 '18 at 23:49
  • I can't open that in my browser, I get an error saying that the site can't provide a secure connection. There must be something wrong with your SSL configuration, and that's what is causing requests from Instant Games to fail. – Chris Hawkins Aug 08 '18 at 23:50
  • By the way, when I `curl` your domain I get `error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol` – Chris Hawkins Aug 08 '18 at 23:52
  • thanks. In fact the original scheme is http, I changed to https, but I did not test it(you know both schemes in aws for file service are available, I take it for granted for other requests), I will prompt server dev to support https and report the result later. Thanks. – Siguang Zhang Aug 09 '18 at 03:01
  • The XMLHTTPRequest succeeded in the Facebook Instant Game after Chris detailed help. To help newbies for JS for similar needs, I make a summary: 1. web end must support https; 2. web end must support CORS to cross domain (https://www.html5rocks.com/en/tutorials/cors/); 3. XMLHTTPRequest can be requested through nearly every place, not limited by FBInstant.player.getSignedPlayerInfoAsync or any others; – Siguang Zhang Aug 09 '18 at 11:55