Skip to main content Skip to search

user deletion

<?php

header(‘Content-Type: application/json’);

$signed_request = $_POST[‘signed_request’];

$data = parse_signed_request($signed_request);

$user_id = $data[‘user_id’];

// Start data deletion

$status_url = ‘https://www.<your_website>.com/deletion?id=abc123’; // URL to track the deletion

$confirmation_code = ‘abc123’; // unique code for the deletion request

$data = array(

‘url’ => $status_url,

‘confirmation_code’ => $confirmation_code

);

echo json_encode($data);

function parse_signed_request($signed_request) {

list($encoded_sig, $payload) = explode(‘.’, $signed_request, 2);

$secret = “appsecret”; // Use your app secret here

// decode the data

$sig = base64_url_decode($encoded_sig);

$data = json_decode(base64_url_decode($payload), true);

// confirm the signature

$expected_sig = hash_hmac(‘sha256’, $payload, $secret, $raw = true);

if ($sig !== $expected_sig) {

error_log(‘Bad Signed JSON signature!’);

return null;

}

return $data;

}

function base64_url_decode($input) {

return base64_decode(strtr($input, ‘-_’, ‘+/’));

}

?>

This produces a JSON object that looks like this, in which user_id is the relevant field for your callback.

{

“oauth_token”: “{user-access-token}”,

“algorithm”: “HMAC-SHA256”,

“expires”: 1291840400,

“issued_at”: 1291836800,

“user_id”: “218471”

}