Deeplink to a sub-page within a Facebook iframe app

24th May, 2015 - Posted by david

Facebook have long had the ability for developers to write custom apps and embed them as tabs in people’s or company’s Facebook profile pages. What I’m talking about here is when you write your own HTML app and host it at e.g., which is then embedded into profile pages via an iframe. These apps then have URLs like, where 123456789 is your app ID within Facebook.

I’ve written one such app, in PHP, which has sub-pages, so while the root is, using the app will call pages such as Seeing as this is within an iframe, the URL within the browser remains at while you browse around the app. I recently had a request from a client on how they could link to a sub-page from within a post on their profile page, so they wanted to post something like ‘Check out my product at <link>’, where clicking on the link will load up the iframe app and bring them to the specific product. This is achievable, but it’s not exactly straight-forward and requires some work on the developers behalf. In an ideal world the link would simply be!

The way I managed to achieve this was using Facebook’s app_data parameter. Here, you can pass any data you want to the variable and it’ll end up as part of the signed_request variable in $_REQUEST at . The way we’re going to structure these deeplinks is to pass a JSON object to app_data containing a page key, with the sub-page we want, in this instance products/1, so our deeplink is going to look like{page:products/1} . Not exactly elegant but it’ll have to do! You could simply set app_data to products/1, but there may come a time when you want to pass other data in addition to the page, so I opted to go down the JSON route.

Now that we know what to expect, we need to decode $_REQUEST['signed_request'] (which should be available to your, json_decode app_data from the result, validate page, then redirect the browser accordingly.

To decode $_REQUEST['signed_request'] I used Facebook’s PHP SDK. Once we have the signed request as an array, we decode the JSON from app_data. Then, we check for the presence of page, validate it (I’ll leave the validation code up to yourself!) and send them on their way. This is pretty straight-forward, so is probably best illustrated with some code:

// index.php
require_once 'base_facebook.php';
$fb = new Facebook(array(
  'appId'  => 'YOUR_APP_ID',
  'secret' => 'YOUR_APP_SECRET',
$req = $fb->getSignedRequest(); // parses $_REQUEST['signed_request']
$app_data = json_decode($req['app_data'], true); // true to ensure an associative array
if (!empty($app_data['page']) && valid_page($app_data['page'])) {
  header('Location: /'.$app_data['page']);

// rest of regular index.php

Pity it’s not more straight-forward, but this is the way I got it to work. Hope this helps!

Tags: facebook php | david | 24th May, 2015 at 14:19pm | No Comments

No Comments

Leave a reply

You must be logged in to post a comment.