Facebook app evaluate the 'Stream post URL security' flag from another facebook app -

i have 2 facebook apps 'a' , 'b' associated domain_a , domain_b respectively; 'a' has activated 'stream post url security' flag.

i need post content fanpage x using "facebook sdk 4.0 php" app 'b', problem post success disabling a's stream post url security flag; otherway facebookrequest throws exception:

one or more of given urls not allowed stream post url security app setting. must match website url or canvas url, or domain must subdomain of 1 of app's domains.

it makes no sense, why facebook api checks flag in app a?

i have double check ids , secret keys, maybe has open session permanently facebook users in navigators?

this code:

facebooksession::setdefaultapplication($api_id_b,api_secret_key_b); facebooksession::enableappsecretproof(false);  $session = facebooksession::newappsession($api_id_b,api_secret_key_b);  try {     $post_id = (new facebookrequest(         $session,         'post',         '/' . $fanpage_id_x . '/feed',         array(             'access_token'  => $fanpage_token_x,             'message'       => $message_post,             'link'          => $link_inside_domain_b,             'caption'       => $caption_post,             'name'          => $link_inside_domain_b,             'description'   => $description_post,             'published'     => true )         )     )->execute()->getgraphobject()->asarray();     echo 'post shared!'; } catch (facebookrequestexception $e) {     echo 'error! ' . $e->getmessage(); } catch (exception $e) {     echo 'error! ' . $e->getmessage(); } 

any appreciated, thanks.

@wizkid right, real problem turned out $fanpage_token_x generated a, policies applied, when b initiated session.