DEV Community

loading...

[Rant] Facebook API: avoid at all costs

Paweł Świątkowski
・4 min read

I have been in charge of developing and maintaining integration with Facebook Marketing API for more than half a year now. It has been nothing but the pain so far. I decided to come from the shadow and list some of the things I encountered so you know how big companies develop their APIs with complete disrespect for developers. BE WARNED! If you can avoid integrating with Facebook, don't integrate.

1. Documentation

At the first sight, Facebook docs are really nice and clean. And they are pretty good. However, the feature I needed is Custom Audiences. And here's a funny thing: there is an intro to Custom Audiences available in the docs, however, there is no link to actual endpoint reference there. This does not mean that the document does not exist. It's there, but you can only access it from Google or their internal search. Took me over a week to accidentally stumble upon that.

2. Versioning

When you go to Graph API's changelog page you can see a beautiful table listing how long different versions of API should be available. And it's nice because the grace period is really long - two years after the introduction of a newer version. This is the way it should be...

... except it's not exactly true. All requests to Facebook API must be done via an application created in their Development Portal. And when the app is created, it can only use API in the most recent version at the time of creation or newer. While it sounds like something making sense, it not exactly is in our case. We only serve as a proxy between a real customer (who are in charge of their Ad Account, Application etc., they just give us a correct access token). This means that we always need to be on the most recent version of API because a new app can be created at any time by the customer.

While it might be OK for Facebook to not support our use case, it could really be mentioned clearly in the docs. I'd waste at least two weeks less trying to figure out why requests are failing only for part of customers.

3. Error messages

It happened at some point that we introduced a regression – when creating a new Custom Audience, we sent a payload with empty name parameter. What the result should be? Some validation error, you think? I thought that too. That's why I checked many permission-related things and did not look at the payload after seeing an error message like this:

{"message": "(#2654) Failed to create custom audience", "type": "OAuthException", "code": 2654, "fbtrace_id": "xxxxyyyy"}
Enter fullscreen mode Exit fullscreen mode

It's pretty obvious that when you get OAuthException it means that a required field in the payload is empty. Right? RIGHT?

Best thing? I actually reported that to Facebook. Their response? "Since this isn't really a bug (the error is intended), I can't assign it from this report but I will be sure to pass your feedback to the relevant engineering team to at least get their thoughts on this". Yep. That's a WONTFIX.

4. Temporary removing things

Around Christmas last year (yep, the best time for huge breaking changes) Facebook removed an estimated count for custom audiences in their system. What is it? Basically, when you upload a list of users to Facebook Marketing API, you never know how many users will be matched with the Facebook database. If you upload 1000 hashed emails, it may happen that all will be matched, or zero, or any number between. Approximate count served the purpose of letting you know how many people were more or less matched.

So, suddenly on Christmas it started to always show -1. This was a "temporary fix" because apparently some people were using those counts for something fishy and illegal. The fix was not announced anywhere. People came back from their holidays and started receiving frightened calls from customers that their audiences stopped work and show -1 as size.

Go ahead, try to explain to them what I wrote above.

Of course, now it's 8 months later and this temporary workaround is still in force (I think they no longer refer to it as temporary at least).

5. Changing API without any notice

But lately they really outdid themselves.

Sometimes you need to delete people from your custom audience. Oh, did I say "sometimes"? You need to do it all the time because people opt-out from your system and you need to delete them from all synchronizations. They can also revoke a consent or anything. There are literally tens of reasons to do it.

On the other hand, audiences need to have a correct size to be operational on Facebook side. The reason for that is to avoid "sniping" users with very specific and precise ads directed to one or two persons. However, as you have read in point 4, you never know how big your audience actually is. When it happens that its size drop below "safety threshold", the audience becomes unusable and campaigns based on it stop, until you add some users again, when it resumes operation.

Sounds like it makes sense? It did. But not anymore.

According to this report it stopped working like that at August 8th. Now when you are deleting users and it would make its size too small, few things happen:

  • Request returns error. Of course it's Facebook, so the error is Permissions error
  • It also returns "error_subcode": 1870047. It's not mentioned anywhere, especially not on a page with all error codes that API might return.
  • Request fails, meaning that users are actually not deleted. They are still there, violating your agreements.

As you probably might have guessed, the report was quickly closed, because it's "valid behaviour".

Maybe they introduced that with new API version? No, I don't think so. The last version was released on July 26th, so almost two weeks earlier. Also, the changelog does not mention any of that.

Yes. The request which was perfectly fine started to return error overnight. And no one seems to see a problem on Facebook side. This is a stable API after all.

Final remark

If you have a chance to talk your managers out of integrating with Facebook, DO IT AT ALL COSTS. You'll thank me later.

Discussion (17)

Collapse
preece profile image
Casey Clyde

Thank you! I have to work with the Facebook API all day (among 20 other APIs) and it is in many ways the worst. Glad someone else hates them too.

Collapse
oliverhuynh profile image
oliverhuynh

Totally agree. One more point for you guys:

  • The permissions review process is painful. Your app can be declined later even it's approved before. My case. I don't try to resubmit again since it was painful for me a lot.

Just choose another project and resume your energy.

Collapse
thinkjrs profile image
Jason R. Stevens, CFA

To also /rant and pile on here: their Python client facebook-business API just might qualify for the ugliest client library ever. I'd be nicer if nearly all of the underlying business's profits weren't generated this API.

Typical garbage "C" programmed in the Python language. I think there's few things that set off a Python dev more than that. Oh, yes, please provide me a getter for a static attribute without using properties. It's ridiculous incompetence.

Further, doing it right, and in a reasonably Pythonic style, would take a decent team just a weekend. It's not all that big an api considering the repetitious boilerplate throughout. However, maintaining that lib versus their "graph" REST api would need an entire army's attention, day and night!

What a sham.

If you're from the future and planning to use the facebook-business client api in Python, don't. Grab the HTTP params and do what you need to manually in requests.

Collapse
ben profile image
Ben Halpern

Lol this does not surprise me at all.

Collapse
xowap profile image
Rémy 🤖

That's why I consider that anything made by Facebook is irrelevant. Except maybe Yarn.

Collapse
jason_espin profile image
Jason Espin

I'd hardly consider React irrelevant.

Collapse
xowap profile image
Rémy 🤖

Thanks for pointing it out, that was precisely the meaning of my message. To be fair, I have not used React extensively and so it's likely that I'm wrong on some points below yet I had much better time with other tools (Vue.js to be specific) and not found the need to explore React this much.

  • There is HTML in JS. This is very consistent with the coding style of the server-side of Facebook which is made in PHP apparently à-la-Wordess. I think that more of a decade of PHP frameworks made the point that this was a bad idea.
    • If anyone is thinking "Facebook is huge and works so it must be a good way to work" I'll refer you to the above article

  • There is no way to tie CSS to components like you can do in a .vue component
    • I'm just talking about putting the code in the same file, which is convenient for many reasons. I'm not talking about intermixing JS and CSS code which would be as bad as mixing JS and HTML (hope I'm not giving bad ideas to anyone here)

  • The learning curve is pretty steep and in fact the tooling required to master React is one of the big factors behind the "JS fatigue"

  • The way JSX does loops using JS functions... That looks smart but that is not legible (especially in the middle of HTML) which is a serious problem
Thread Thread
jason_espin profile image
Jason Espin

I've also used Vue.js and to be honest a lot of the points above are incorrect.

HTML is JS. I found this week's at first but if you understand the way that React works with the virtual DOM this actually makes a lot of sense.

One of the main features of React is that your CSS for a component is independent of other components just like Vue.

React is probably the easiest library to pickup. I say library because unlike Angular and Vue it does not control its own routing etc.

There are multiple ways to achieve looping. It is likely you have just seen one (sounds bad) variant.

Collapse
ben profile image
Ben Halpern

I feel like their OSS is different then their business platforms, though I'd love to hear more about your thoughts if you think otherwise.

Collapse
shayd16 profile image
Shayne Darren

I had to change a part of my thesis due to how unusable their API was. Never again.

Collapse
rileyseaburg profile image
Riley Seaburg

I'm working on the API certification process now for the FMP-TS program.

I have acknowledged the issues you stated above.

One thing I can tell you is in every disappointment is an opportunity if you know how to manage expectations.

This is a huge opportunity for any developer trying to crack into the industry.

I just got this email from them yesterday.

On a holiday mind you, at night...

From the Program Marketing Manager.

We have noticed a significant uptick in advertiser requests for API-related work. Because of this, many partners not certified for API work have reported seeing a decrease in leads due to being filtered out of the partner matching options when API work is selected. In fact, more than half of all requests in recent months have included API work.

We want to make sure you are set up to potentially receive this new demand, so we are asking select partners to pass the Advertising API Developer Blueprint Certification as quickly as possible, ideally by November 15. If interested, please request a voucher by October 15, 2020 so we can send you next steps. You can find more information below. If you are lacking the capabilities to pass this certification but are interested, please let us know so we can work to support your growth.

This is a great opportunity to ensure you’re set up to support this increased demand for API work. Advertising API Developer grants you access to leads including:
Offline Conversions API
Marketing API
Conversions API
Potential new APIs in the future

Collapse
zerquix18 profile image
I'm Luis! \^-^/

Just to add something:

  • they reduced the api limits without any notice and broke everyone's code
  • they banned thousands of people from Instant Articles, without any notice and after a month of reported bugs (and they confirmed it as a bug), then they finally said it was a massive ban. -If you wanna create something based on the Facebook API, you need to be a legal business. This is a recent change, now if you're not a company, you can't request permissions, and if you don't have those permissions, you can't make a full product!
  • Instagram'public API was closed with no previous notice as well. Basically Facebook enjoys breaking your code.
  • their app review will take from weeks to months to confirm some permissions, letting your users down. In the end they may reject your request because the app reviewer didn't understand how to use your app, no matter how good you tried to explain it (with a Screencast included)
Collapse
3642066 profile image
David Augustus

Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .
Facebook enjoys breaking your code .

Collapse
zerquix18 profile image
I'm Luis! \^-^/

It was supposed to be a small addition but I think I needed to spit this out somewhere

Collapse
osainaz profile image
duke osain • Edited

Thanks for the post,
Am trying to use facebook graph API to fetch data and displace on my app , am building an app with reactjs, i want to get data from the graph API but am not really sure how to call the request. I want events on facebook base on a particular location, this is the documentation

Any recommendation will really be appreciated
Thanks

Collapse
maclulich profile image
Jason MacLulich

This is a great post and sums up some of the issues we've had using FB's poorly documented and ever changing API.

Collapse
skatkov profile image
Stanislav(Stas) Katkov

Not to mention that all their client libraries are generated by autogen tool and code is close to unreadable.