Nav: (Display/Hide) - Home - About the Author / this page

Current Projects: Americana Engine (Game Engine Development)

Wednesday, February 20, 2013

Moving non-friends into Facebook friend lists

Custom coded Zuma Blitz friendlist that limits the share list to only friends and followers who are playing Zuma Blitz, preventing unnecessary spam to friends. (In reality, only 32 of those people in the list are my FB friends.)

On Facebook, although friend lists are designed to organize your friends, they can go past their intended purposes. The API can read lists and add / remove members to lists with the proper permissions, but nowhere in the documentation does it say that it's limited to adding friends.


The following applies to version 1 of the Graph API only.

  • Go to Graph API Explorer
  • Click on Get Access Token, on Extended Permissions check read_friendlist and modify_friendlist and click 'Get Access Token'.
  • Enter me/friendlists to get your friend lists, copy the id for the friend list you want to add people in replacing {friendlist_id} and {user} with the appropriate values, and press submit:
  • It returns true of succeeded, and some error message otherwise.
  • Check your list back on FB and it will have that person added.

This allows you to share stuff in a way similar to Google+ Circles (speaking of that, there is an unofficial Facebook Circles app that allows you to do this, but only for friends) by selecting a list of friends and non-friends (they won't be informed you are sharing stuff to them). If you allowed following on your profile they can like or comment on your stuff and will show up on their newsfeed if they are following you if you share a post using that list (the friends of friends privacy preset doesn't allow this). Note you won't see any posts from non-friends even though they're on that list, since you're technically not following their posts (this is on another request - the follow options are only presented to you when you send them a friend request or follow, and revoked if they reject), but this can be worked around somehow without sending them a request.

Practical Applications:

  • Given that I have a bunch of pending add requests from Zuma Blitz players (I have followers on), I can simply put them on a custom list to share related posts without having to confirm the request or show up on their leaderboard - I won't be able to share gifts to them but I don't do it anyways.
  • Facebook Games can use this as an additional filter when sending gifts or requests, since in my apps only half (the game friends) are actively playing and the rest (the real friends) aren't and I don't want to spam them. Currently I haven't seen this done anywhere.
  • A separate list called 'Untrusted' can be made, by placing people on that list and setting privacy settings to exclude that list, I can essentially prevent groups of people from seeing Friend of Friend posts (or posts for Friends but one of their friends are tagged) - whether they're friends or not.

Notes and Anomalies:

  • Directly posting to that list with that privacy setting is disabled. This does not stop you from posting on the newsfeed with the default share being that custom list.
  • Non-friends have a lower profile picture resolution when the list is browsed, and no profile pic showing at all when searching the list.
  • The order of friends on that list are no longer alphabetical.
  • People's public posts can appear on that feed during realtime updates, and are counted when it tells you how many of your friends were using an app (if their activity for that app was set to Public).


  • You can't add non-friends in the Restricted list in order to prevent them from seeing anything other than Public posts, which means anyone with at least a mutual friend can see a good deal of your stuff. (Or any list you didn't create yourself, for that matter.) This is probably a bad security practice at the very least and I would have to resort to blocking people.

Updates: (added 6/8/2014)

API v2.0 (and above) prevents any type of friend list management, such as viewing the friends of a friendlist (which returns a empty list, no errors), or adding / deleting friends from a list (it requires the manage_friendlist permission, which you cannot give to Graph Explorer). This can cause some apps (like the circles app mentioned above) to fail altogether. FB games that use that method as a means of creating custom send lists will need to be recreated via a separate database.

Although accessing a friendlist will not display any of your friends, the API will still display both user ids and names of people who were added using the above method.

Additional data might be needed in order to conclude whether a nonfriend on that list who declines the user_friendlist permission will affect this as well.


db said...

The Graph Explorer seems to be updated since this post, would it be possible for you to update your instructions?

Brendan Chan said...

It has been updated with info regarding the new API. Extensive testing has not been done on this, however.

bjorn said...

I used this to create a non-friend list of people to exclude from seeing some personal infos shared with 'friends of friends':

custom--> friends of friends except mynewlist

but from a friend of friend account that I have added to taht list I still can see that info