In three words: server-side validation. FB itself will throw an error when you use a key that’s incorrect for the given site. The API key is not supposed to be secret (as opposed to the secret key).
In three words: server-side validation. FB itself will throw an error when you use a key that’s incorrect for the given site. The API key is not supposed to be secret (as opposed to the secret key).