问题
If I enable the option giving in Advanced Settings is gives me BAD Request or error code 400
If I enable this option, what is the required value of AppSecret_Proof parameter?
回答1:
If you visit github and have a look at their PHP SDK's code, you'll find how they generate appsecret_proof's value.
This part was recently added so you have to refer to the latest version of PHP SDK. To activate/inactivate, as you already know, you have to visit App Dashboard > Setting > Advanced.
EDIT: 2013-08-09
Now they have official document.
回答2:
From the documentation article Securing Graph API Requests:
The app secret proof is a sha256 hash of your access token, using the app secret as the key. Here's what the call looks like in PHP:
$appsecret_proof = hash_hmac('sha256', $access_token, $app_secret);
来源:https://stackoverflow.com/questions/16678300/no-documentation-about-appsecret-proof-for-server-api-calls