Session Secret and API Methods
From Facebook Developer Wiki
The following lists specify which API methods require your application secret (which Facebook provides when you create your application), and which ones you can call with a session secret.
You should not use your application secret in the code for your desktop applications, Facebook Connect sites, and Facebook Connect for iPhone apps, as a malicious user can decompile the code and determine your secret, compromising your application.
Methods that Require the Application Secret
- Data Store API
- data.createObject
- data.updateObject
- data.deleteObject
- data.deleteObjects
- data.getObject
- data.getObjects
- data.getObjectProperty
- data.setObjectProperty
- data.getHashValue
- data.setHashValue
- data.incHashValue
- data.removeHashKey
- data.removeHashKeys
- data.defineAssociation
- data.undefineAssociation
- data.renameAssociation
- data.getAssociationDefinitions
- data.setAssociation
- data.setAssociations
- data.removeAssociation
- data.removeAssociatedObjects
- data.getAssociatedObjectCount
- data.getAssociatedObjectCounts
- data.getAssociations
- fbml.*
- intl.getTranslations
- The Permissions API
- users.getStandardInfo
Methods You Can Call with a Session Secret
- auth.expireSession
- auth.revokeAuthorization
- batch.run
- comments.add
- comments.remove
- connect.getUnconnectedFriendsCount
- data.getCookies
- data.setCookie
- Events API
- fbml.*
- feed.*
- fql.multiquery
- fql.query
- friends.*
- groups.get
- groups.getMembers
- intl.getTranslations
- intl.uploadNativeStrings
- links.get
- links.post
- message.getThreadsInFolder
- notifications.*
- pages.*
- photos.*
- profile.*
- status.get
- status.set
- stream.*
- users.*
- video.getUploadLimits
- video.upload
