In an effort to improve security and keep users’ information save, Facebook has this week announced a number of breaking changes to the Facebook and Instagram APIs that are sure to cause third-party developers major problems.

For example, access to Facebook Events information has been “deprecated” for endpoints including the events Feed, Comments and RSVP list. Changes to the Facebook APIs also affect Search, Pages, Groups and Friends Lists.

Usually, Facebook gives plenty of warnings when making API changes, and major changes are usually announced at least 90-days in advanced. However, in light of the Cambridge Analytica scandal, Facebook has decided to make immediate changes to its APIs, which will break third-party applications.

Facebook has also oddly used the word “deprecated” in it’s changelog, which usually means that the APIs are phased-out over a period so developers have time to migrate to the newer (or alternative) versions. In this case, the APIs below have been disabled completely, so there is no grace period for developers to migrate.

Furthermore, Facebook hasn’t created new or alternative APIs that replaces most of this functionality, which means some third-party apps will be permanently broken. For third-party Instagram apps, this is definitely the case as a large number of APIs have been disabled overnight.

The Facebook Platform Changelog has the following deprecations listed:

Events API


  • Endpoints that return data including /feed, /posts, /comments, and the RSVP list.

Groups API


  • User details have been removed from feed, posts, albums, videos and other groups endpoints.
  • Going forward, all apps will require explicit admin authorization.


  • /members and /admins endpoints have been removed.

Pages API


  • Apps cannot start using Page conversation APIs with new Pages.
  • Non-friends no longer appear in the Page plugin.
  • Endpoints including /agencies and /promotable_posts will require an access token associated with the Page.
  • Apps using the Page conversation API must migrate to a new thread_id in the next 90 days.


  • The /checkin_posts endpoint and webhook that shares checkins from a person’s timeline.
  • Endpoints that let apps get social context about a song, video, page, or place.

Instagram API Platform


Additional API Changes

Below is a summary of a few other APIs undergoing updates. Specific details are available in the changelog.

Search API


  • Support for finding pages, groups, events, users using search.

Games API


  • Changed Instant Games context.getPlayersAsync() to only include players who have played a game in the specified context (e.g. a Messenger thread or Facebook Group).


  • A number of Games APIs around scores and achievements. We are also removing the invitable friends API for Facebook web games, which allows an app to invite people who haven’t played the game before. App requests for existing players of a game will continue to function normally.

App Insights API


    • Support for reading aggregated, anonymized demographic data including age, gender, and country from app_event metrics.

Facebook Login

As part of our efforts to put additional protections in place, we are changing Facebook Login. Last week, we announced that access to a person’s list of friends who use the app now requires review. Today, we are going even further and protecting sensitive permissions like photos and likes. This data is powerful, so access to checkins, likes, photos, posts, videos, Events, and Groups, will require prior approval by Facebook.

In addition, the following deprecations are effective immediately and will return empty data as if a person didn’t fill in this information on their Profile.

  • Permissions: religion and political views, relationship status, relationship details, custom friend lists, about me, education history, work history, my website URL, book reading activity, fitness activity, music listening activity, video watch activity, news reading activity, games activity.
  • APIs: taggable friends and mutual friends APIs.

In the next week, if someone hasn’t used an app in 90 days, the app will be blocked from accessing that person’s data until they re-authorize the app. People will also be able to see their active apps in settings, and remove any apps they no longer want to use.