If users should only be allowed to chat with their friends, you should hide the list of online users in the chatbar (chatbar→hide[“chatTab”]) and in the instant messenger (im→hide[“searchMenu”]).
<script type="text/javascript"> var TOKSTA_CONFIG = { app_id: "your-application-id", user_id: "the-user-id", user_hash: "the-user-hash", user_data: "the-user-data", generated: "current-unix-timestamp", //needed adjustments chatbar: { hide:["chatbTab"] }, im: { hide["searchMenu"] } //---- }; </script>
If you want to prevent any backdoors you should additionally use the Simple API. There you can use the is_blocked call to check if a message between two user can be sent. If your Simple Api returns a “0” the message as well as the chat invitation will not be sent to the other user.
Example for a Simple API in php
... if ( $_GET['op'] == 'is_blocked' ) { if ( isFriends($_GET['from_user_id'], $_GET['to_user_id'] ) === true ) { echo '1'; } else { echo '0'; } } ...