If you’re unlucky, you may have a few users who like to spoil the fun for all the other users using your application on Facebook or even Facebook-connected apps. Luckily, the Graph API lets you easily ban or unban users from using your application. In order to ban or unban a user, you need to use your application access_token and know the user’s Facebook User ID.
Application Access Token
Your application access_token is made up of the App ID and App Secret used to access the API. You can get your details from the Facebook Developer Portal.
To create your App access_token, just append the App Secret to the App ID, separated by the pipe character (‘|’), e.g. 1234567890|abcdefghijklmnopqrstuvwxyz.
Accessing the Existing Banned User List
To see which users have already been banned, make a API call to endpoint: {app_id}/banned/ using your App access token. Or in PHP as follows:
Banning / Unbanning Users
Banning a user is just as easy, and simply required a POST call to the Graph API with a comma separated list of User IDs you want to ban. In PHP, you can do the following to ban one or more users:
The code for unbanning a user is also included in the above example. To unban, you need to make a DELETE API call to the {app_id}/banned/{user_id} endpoint using the app access_token.
What Banned Users See
If the banned user tries to access your application, they will be prompted with the below error message on login (when using the JavaScript SDK). Your application should also check if the user has been banned during runtime, in the case that they’ve already logged in, but didn’t logout since the ban took effect.
