First, you can usually act on behalf of the app (depending on the API provider and what they support). For OAuth 1 providers, this is commonly known as 2-legged OAuth; for OAuth 2 it's known as Client Credentials Grant. In both cases, you essentially exchange your application key and secret for an access token that can only be used to do non-user-oriented actions. I know that Facebook supports Client Credentials Grant, but not all providers will.
To help me put some meat on this question, is there a particular Facebook API endpoint that has you concerned? Ultimately, this is all academic unless we can tie it to a specific endpoint that you'd like to access.
Spring Social Project Lead