Facebook and Instagram have announced a set of API shutdowns and changes designed to stop developers from being able to pull your data or your friends’ data without express permission, drag in public content or trick you into sharing. Following its recent spate of disasters, Facebook seems to be attempting to make good on Mark Zuckerberg’s promise to prioritize user safety and data privacy over its developer platform. Some of these changes go into effect immediately, and others roll out on August 1, so developers have some time to comply. For context, APIs or Application Programming Interfaces are a software layer that allows applications to access features or data from a platform like Facebook.

Apps can no longer post from your account

One of the biggest changes will impact apps that use a Facebook Login (Facebook Login API), going forward all new apps will no longer have permission “to publish posts to Facebook as the logged in user.” For existing apps, this permission will be revoked on August 1st. Up until now, users could give permissions to certain apps to post on their behalf, for example, certain games on Facebook would make a post from your profile if you unlocked a new level or obtained a new virtual item. More often than not these posts were spam, ads that tried to get your friends to sign up for the app. Facebook offered users the option to opt out but this was not feasible for all apps, some required this condition in order to use them. In that case, users could change the visibility settings so that only they could see any posts published by the app. But now the invasive and unnecessary feature is finally dead.

Other changes

  • The Events API will no longer allow apps to RSVP to events for you, and two analytics tools will no longer offer app event metrics or exports from the analytics app.
  • On Instagram, developers won’t be able to use the Graph API to pull the name and bio of users who comment on posts anymore; usernames and comments though will still remain open to scraping.
  • Apps that publish to Pages via the Live API will be restricted to approved partners only. Developers have until the 1st of August to apply to the approved partner system. This will be required to keep publishing Live and video on-demand to Pages. This may impact pages which use third party apps to publish Facebook Live videos.
  • Organic targeting, based on gender and language will also be stopped for posts made with a third-party app. Some age-gating will still be allowed in a limited way.
  • Apps won’t be able to attach their name or logo to images in Messenger.
  • Developers will also no longer be able to call for information on locations tagged in users’ photos.

Facebook’s attempt at redemption

Facebook is clearly trying its best to gain user trust back following the Cambridge Analytica incident. In fact, it is admirable that the company is following up on a promise made by CEO Zuckerberg to put users over its developer platform, something commentators were doubtful about. While it can’t retroactively change the fact that 87 million of its users were impacted because of its failure to safeguard their data, at least Facebook can limit the permissions of third-party apps going forward.