A lot of do-it-yourself small business owners and amateur web developers may be in for a surprise on Facebook come October 1st. Their DIY apps and welcome tabs could fail to work according to a very tiny notice on the Facebook Developer API.
The other day I was setting up a welcome tab for a client when a notice caught my eye.
Like much of Facebook’s non-existent help, this notice is not even visible unless you click the help icon – or question mark – next to one of the optional fields you fill in when developing your app.
Here’s a screen capture of this inconspicuous but very important notice.
The optional field is for a Secure Page Tab URL and the help pop-up states that it is for “Content pulled from secure base URL for users on HTTPS (required by October 1).”
First, let’s understand why this is going to be a requirement.
Facebook has been taking a lot of heat over the lack of security. Because of this, Facebook has been making it a point to stress that users start logging in using the ‘https’ version – or secured login URL.
When a user logs in using the https – or secured login – they cannot see the content that is not secure. This is added protection from rogue app developers, viruses and malware producers. Therefore, you can see why it’s in Facebook’s best interest that you use the secure login. It’s far more cost effective to have users login securely than it is to tie up staff resources policing app developers and content.
Understanding that make it easy to see why apps will be required to have secure page URLs.
This does however bring up an interesting point for do-it-yourselfers, small developers and small businesses. You’re going to have to have an SSL certificate in order to have content fed to your app from your website or your developers website after October 1st.
To Facebook’s credit, the concept of requiring secured URLs will provide more protection for its users and help keep malware at a minimum.
But, when was Facebook planning to tell everyone this? On October 1st when all the apps fail for secured users?
A side effect to this change could also mean that hosted apps will increase in price as the developer has to incur the cost of carrying the SSL certificate.
So here’s a heads up to all readers who have apps and custom tabs on Facebook, ask your developer if this is going to affect you. And if you are a DIY app developer, get the security certificate installed before October 1st so you have the secure URL.
Debbie Mahler is CEO of Internet Tech Specialists, which specializes in solutions to enhance the online presence of solopreneurs and small businesses. She is the host of a bi-weekly radio show, and teaches for Ed2go, a division of Cengage Learning. You can find more information at http://InternetTechSpecialists.com
Facebook actually announced this on May 10, 2011 on their developer blog ( http://developers.facebook.com/blog/post/497/ )
I also seem to recall getting a few email notifications about since I am their dev list. All the same it is good info to get out there because it will impact apps.
Another change occurring Oct. 1, 2011 is that all apps must have migrated to OAUTH 2.0 on this date. Meaning that if your app has been in use for a while it may stop working if you haven't updated it.
I think Debbie meant to alert the people who are not developers of the change. I am not on their dev list and still build Welcome pages for clients and friends. Thanks for the update on the OAUTH 2.0.
Thanks for that update Adam. I'm not on the developers list either so I was very surprised by this!
Can you please share how to get the certificate? Thanks for sharing this. We are a small business jst trying to get by right now.
This might be a workaround for small businesses that doesn't involve purchasing certificates, but the Google Sites footer will be visible on the tab – http://www.labnol.org/internet/create-custom-face… h/t Denis Baranov in DC Social Media group on Facebook – http://www.facebook.com/groups/dcsocialmedia/?vie…
Lisa, Most web hosting companies can tell you how to get one and they usually have better pricing than buying one on your own. Comodo is about the cheapest, but since their breach, people are a bit afraid to get that one. Thawte and Verisign are two others, but Verisign is very pricey for the small business owner. Not sure how Thawte is doing in prices but I am going to check because I do need one!
So will FB upgrade Photos, Events, Notes and Links to be viewable on HTTPS or not is what I need to know