Hi Joel, any thing you would recommend other devs who're connecting with facebook or any other social media API to look into? maybe you can share what you guys have learned reg: security and how to do it better from this
The best thing we've learned here is to enable a setting Facebook has called "Require AppSecret Proof for Server API calls". They actually have a lot of great security features which we've not been making use of.