0

Is there a way to detect a callback request is from facebook or not as it seems like the request is not ajax.

Lix
  • 47,311
  • 12
  • 103
  • 131
insomiac
  • 5,648
  • 8
  • 45
  • 73

1 Answers1

1

From: http://developers.facebook.com/docs/credits/callback/

You can verify that the callback is being called by Facebook by decoding the signed_request.

{
   "signed_request":"PfjakldsFWWs...",
   "buyer":"221159",
   "receiver":"221159",
   "order_id":"9006136047935",
   "order_info":""fbhat"",
   "method":"payments_get_items"
}
DMCS
  • 31,720
  • 14
  • 71
  • 104
  • yeah, i can get the signed request from facebook, But is there any way i know that the call is done by facebook and not by someone else.. – insomiac Jan 13 '12 at 20:48
  • yes, by decoding the signed_request and validating the contents (that's what signed means...that you can verify the contents of the message by the signature that contains encryption by public/private keys). See http://developers.facebook.com/docs/authentication/signed_request/ – DMCS Jan 13 '12 at 21:03