Set age restrictions on Facebook apps with the Graph API

This one drove me nuts. Facebook allows developers to restrict applications based on a user’s age and location. This was a pretty important requirement for a recent alcohol brand application we were developing. The api method is called admin.setRestrictionInfo. It makes what would otherwise be a tedious process very simple. No ‘enter your birthdate’ screens, no worrying about posts created by the application soliciting underage users. The method even takes a special parameter called ‘type’ that can be set to ‘alcohol’ (currently the only option for this parameter) which blocks users based on their local drinking age.

Sounds perfect. Until you try implementing it.

The abysmal Facebook documentation provides no examples of how to make this call. In scouring the forums, I discovered that the method only needs to be called once, and this particular application made no use of server-side SDKs, so there wasn’t a convenient way to make the call. I started making calls to the API via simple browser get requests, knowing that the response would be ‘true’ if the call was successful (that, believe it or not, was actually specified in the documentation). I kept getting a variety of error responses. The structure of the request is:


I was getting the access_token from the “Access Token” string found on the application page in the developer dashboard. But for whatever reason, this method requires you to pass your application id pipe-delimited with your application secret. This is the url structure that ultimately returned ‘true’ when entered into the browser.


A very useful method with absolutely useless documentation. Hope this helps save someone else as much time as I wasted figuring this out…


  1. Peter says:

    Hi man, thanks for this info! Was a life saver for me today! :)

  2. Kshitij says:


    Im receiving the following error by running the above call in a REST client

    {“error_code”:104,”error_msg”:”Requires valid signature”,”request_args”:[{"key":"method","value":"admin.setRestrictionInfo"},{"key":"access_token","value":"[APP_ID]|[APP_SECRET]“},{“key”:”format”,”value”:”json”},{“key”:”restriction_str”,”value”:”{\”type\”:\”alcohol\”}”}]}

    Where am i wrong? Im planning to run this call via Android Facebook connect SDK

    • kettle says:

      Hi Kshitij:

      Can you first confirm that you’re actually entering your APP_ID and APP_SECRET? Note, those values should not be included in brackets and must be your application ID and Secret as listed in your application profile page from the Developer section of Facebook.

      If so, the error messages are typically accurate and verbose enough to get you moving in the right direction. Make sure you’re entering your app id and secret pipe-delimited.

      • Kshitij says:

        Hi Kettle,

        Im very sure im using the APP_ID and APP_SECRET. Im copying it from my facebook app setting screen. And yes without the square brackets with the pipe :)

        I agree that till now facebook API errors themselves point to their resolution but this time im really stuck.

  3. Floris says:

    Thank you for your answer kettle, but I’m really entering the right credentials. It’s really really weird. I’m implementing a custom age check anyway, so that’ll be the only check now.

  4. Ivan says:

    We are getting the true response, but we are not sure how to embed it in the actual code, any ideas what are we doing wrong?

    if ($user) {
    $logoutUrl = $facebook->getLogoutUrl();
    try {
    // Proceed knowing you have a logged in user who’s authenticated.
    $friends = $facebook->api(’100003107945247′);
    } catch (FacebookApiException $e) {
    $user = null;
    $loginUrl = $facebook->getLoginUrl(array(“scope”=>”friends_birthday”));
    echo “location.href=’”.$loginUrl.”‘;”;
    $access_token = “id|secret”; (of course we put the real secret and id)

    $age = $facebook->api(array(


  5. Ivan says:

    Hi Kettle,

    I understand that, but that’s why it is really strange as it doesn’t do the job which is supposed to do and under-aged people still can see the posts by their friends.

    Is it possible that we are describing this function wrong in the code I’ve posted earlier or smth? Is there any chance for you to take a look at the code. We could pay if you could solve the issue.

    My email:


Leave a Reply