Create the Facebook Application

Create a Facebook Application using the Facebook Developer Tool.

After creating the app go to the application settings and get the values of the parameters saying App ID and App Secret, we will have to use them later.

Authenticate Your Application

As Facebook Graph API uses OAuth for authorization, so we need to authenticate the application for the permissions of some Graph API calls we gonna use. To do this, lets jump to a new tab in your browser and copy and paste the following url into the address bar.

after you hit enter in your browser to goto the url you’ve just specified, this will ask you to login to facebook (if needed) and after you login, you'll be asked to login using your facebook app.

After you allow your app to be used with your facebook account you will be redirected to the redirect_uri you specified before, with a code sent to that page in get parameter. This url will look something like the one below:

We will need this code to request an access_token, which will be used each time we gonna query the Graph API.

Getting the access_token

Now you have the authentication code to query the Graph API. This will return you an access_token which we will need to provide with each API call. The following code segment gets the access_token from the Graph API using php:

function callFb($url)
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt_array($ch, array(
    	CURLOPT_URL => $url,

	$result = curl_exec($ch);
	return $result;

$url = "";
$access_token = callFb($url);
$access_token = substr($access_token, strpos($access_token, "=")+1, strlen($access_token));

Here we’re querying the API url with the client_id (the App ID), redirect_uri (the url of your current PHP page/website), client_secret (the App Secret) and code (the code value achieved from previous steps). This request will return the access_token in the following format:


So to get the access_token value we take the sub-string after the equal (=) sign.

Get the search results

Now we have the access_token, we can request the search API. The following code segment will show you how to do that (assuming your html form's textfield name is search and using the post method):

$url = "$access_token&q=".urlencode($_POST['search'])."&type=user";
$ret_json = callFb($url);
$users = json_decode($ret_json, true);

Here we are querying the API url with the access_token. This call will return a json formatted output which can then be decoded into a php array for further processing.

For example you can access the name of the first user by accessing $users[data][0][name], or the user’s facebook id through $users['data']['0']['id']. You may also show the user’s profile picture like the following:

<img src="<? echo $users['data']['0']['id'];?>/picture?type=large" alt="" />;

Here the type parameter can have values square, small or large.