How to use FB.Event.Subscribe securely to call webservice

I'm looking at using the FB.event.subscribe method to get a notification whenever someone leaves a comment in the FB comment plugin.

However, I want to use Ajax to call a webservice I've exposed on my server to keep track of (a) What was commented on (b) who left the comment.

I have the following questions and was hoping to get some help:

1. Does the what information does the FB.event.subscribe give me to my function? The FB documentation is totally anemic and doesn't give enough detail. For example, I want to know WHO left the comment.
2. If I call a webservice, say 开发者_高级运维to insert a row in my DB to keep track of comments, such as what the comment is and what datetime it was left. If I use Ajax to just call a web service, how do I do it securely? Since it's ajax, anyone can view source and see the endpoint I'm calling. I can't use a token since that's exposed.

Answer to question 1:
You can do below snippet to find out what you get from facebook api while firebug's console window is opening.

FB.Event.subscribe('comment.create', function(response) {
    console.log(response);
});

Answer to question 2:
You might need to implement your own security mechanism to secure the webservice you have. It can be done by checking a token when it be called or whatever something else.