Posted by theharmonyguy in Facebook | 2 comments
Microsoft’s Facebook Export
Uno de Waal noted yesterday that Microsoft’s new contact exchange system lets you export e-mail addresses from Facebook, a feature not available to other developers and not available in any other form to users.
Intrigued by this new setup, I checked the code to find out what exactly was happening. Microsoft’s site loads a Facebook iframe that launches a login window. The Facebook login page then returns a session key to the iframe, which passes it on to Microsoft. You’re then forwarded to another Microsoft page which lists your friends’ e-mail addresses.
So how does Microsoft get the data? I’m fairly confident Facebook has an Ajax interface which requires the session key to return results. It’s possible that another technique is being employed, but an Ajax request seems to be one of the simplest methods to implement, and the code seems to point towards it. But the request is apparently made server-side, so I don’t have a URI for the interface. If someone could figure out what URI is accessed, the feature could probably be leveraged by other developers, albeit unofficially.
I do find it interesting that Facebook has allowed Microsoft to use this feature but no one else – not even users wishing to download their contact list.
Yeah that’s the thing… Is it a case of Facebook saying: “Ok Microsoft, we’ll give you access to the supersecret API”?
That’s pretty much the way it seems. I already know of several Facebook URIs that return HTML fragments or JSON data for various pages, so I figure there’s an undocumented one being used here.
I do find it odd that Facebook would give Microsoft this much access and not even let users download the addresses. For applications I can understand avoiding spam, but what about an approved friend who already has access to people’s profiles?
Who knows what Facebook may have in the works, though. They just added that “People You May Know” feature, and yesterday as I was exploring some code, I encountered a page with several JS files I hadn’t seen before… and a little later, they had disappeared form the source again. They do involve iframes and cookies, so perhaps they’re related to the sort of API Microsoft is using.