clarify docs

howdyai · Dec 20, 2016 · 3182544 · 3182544
1 parent e5900ce
commit 3182544
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/readme-facebook.md b/readme-facebook.md
@@ -57,12 +57,12 @@ When you are ready to go live, consider [LetsEncrypt.org](http://letsencrypt.org
 ## Validate Requests - Secure your webhook!
 Facebook sends an X-HUB signature header with requests to your webhook. You can verify the requests are coming from Facebook by enabling `validate_requests: true` when creating your bot controller. This checks the sha1 signature of the incoming payload against your Facebook App Secret (which is seperate from your webhook's verify_token), preventing unauthorized access to your webhook. You must also pass your `app_secret` into your environment variables when running your bot.
 
+The Facebook App secret is available on the Overview page of your Facebook App's admin page. Click show to reveal it.
+
 ```
 app_secret=abcdefg12345 page_token=123455abcd verify_token=VerIfY-tOkEn node facebook_bot.js
 ```
 
- The Facebook App secret is available on the Overview page of your Facebook App's admin page. Click show to reveal it.
-
 ## Facebook-specific Events
 
 Once connected to Facebook, bots receive a constant stream of events.