App to User Communication

[swang30]

I was originally going to post this in the Facebook forums, then I discovered that basically all of the APIs out there has this "problem", and so perhaps it's something I don't understand about social networks in general.

So I can create connections fine, and act on behalf of User X. Get their social networks, and send messages on behalf of User X. So I can send messages to the effect of:
"Hi User Y, User X has done Action A to you in App Z, if you want to reply, click on this <link>."

However, to send something to the effect of:
"Hi User X. App Z needs to notify you of Action Y for which you have signed up to be notified."

I would have to create a User on the social network (and in my own app) called AppZ (or something like it), authorize that "user" with a auth code, and send on behalf of AppZ to User X. None of the social networks (that I've looked at so far: Facebook, Twitter, LinkedIn, Google) allow me to send a message TO user X from my app. Facebook and Google let's you get the Email address, so you can finesse it that way, but Twitter and LinkedIn apparently does not.

This seems to be a generic commonality between social networks. Is there a particular reason I must act on behalf of the user, and can't act on behalf of my own app? (assuming the right permissions/scope have been set...)

thanks for any insights
Jeff

[habuma]

First, you can usually act on behalf of the app (depending on the API provider and what they support). For OAuth 1 providers, this is commonly known as 2-legged OAuth; for OAuth 2 it's known as Client Credentials Grant. In both cases, you essentially exchange your application key and secret for an access token that can only be used to do non-user-oriented actions. I know that Facebook supports Client Credentials Grant, but not all providers will.

To help me put some meat on this question, is there a particular Facebook API endpoint that has you concerned? Ultimately, this is all academic unless we can tie it to a specific endpoint that you'd like to access.

[swang30]

Well let's take a look at the 4 APIs I've worked with so far (the 3 "core" ones FB, Twitter, and LI, plus Google) and evaluate them on the capability to send to a user from an app, and act as a user to send messages to another. (for each, both public messages and private messages.

FB -
Send to User - publicly, status/wall posts, privately, not available (although FB gives Primary Email information if the scope is set correctly, and the field is set.)
Send as User - publicly, comments status/wall posts, privately, can be done via their dialogue API, but not through Spring Social.

Twitter -
Send to User - publicly, Tweets, privately, none
Send as User - publicly, none, privately, DirectMessage

LinkedIn -
Send to User - publicly - none, privately, none
Send as User - publicly - none, privately sendMessage

Google -
Send to User - publicly - none, privately none (via Email, from profile)
Send as User - publicly - none, privately none (via Email, from contacts)

So while features vary between social networks, NONE of them allow you to send a message to a user from an app. (at least through the curently implemented Spring Social APIs.) Is this just something that most people don't need, or it's there, and I just don't know how to use it?

Jeff

[habuma]

Okay, so I understand that you want your app to send messages to users (as opposed to users sending messages to other users). And I did some quick review of the various APIs and I believe you are correct that sending messages on behalf of an application is either (1) not supported or (2) not obvious...with a leaning toward #1. That said, a more detailed review of the APIs might turn up something to satisfy your needs.

Why do they not support this? I can't speak for them, but my guess is that the reasons might include: (1) this isn't an often needed feature, (2) these are social networks and having apps send messages doesn't fit the "social" model, and (3) the potential for abuse (e.g., spam) are enormous. In fact, I'd wager that the potential for abuse is the primary reason.

That said, I'm aware of endpoints in these APIs that aren't covered by Spring Social's API bindings. If there are any that would help you accomplish your goal, please let me know and I'll be sure to get it covered as soon as possible.