Facebook JavaScript/Android/iOs SDKs lets the client to authenticate the users. Once the user is authenticated with facebook, your clients can send the accessToken through a HTTP POST over https.

This is what I have done in a similar situation,

At backend,

Create API endpoint to authenticate user by validating their accessToken,

POST /auth/

Use this endpoint to verify the accessToken sent by the client. The token should be validated calling Facebook services with your app secret. Once done validating, return a response as a JSON detailing the status of the authentication and user identification details if successful.

on the request,

• body should contain accessToken as a key/or a header
• Content-Type header should be application/json
• any additional expected headers must be validated

on the request try to include

• status of the operation
• user identification detail if operation is success
• a JWT or some sorta token to identify the user which users can include in Authorization header, so that you can validate the request just buy validating the token against User. Set an expiry as the accessToken if JWT is expired, refresh accessToken at client side and validate again.

At Frontend.

Let the client do the following to authenticate themselves.

• send accessToken to /auth as a POST request.
• if authentication status is success, let them store the JWT in locally and use it on the upcoming requests.

at backend on upcoming calls,

• if token is expired or tampered, redirect client to authenticate with Facebook again.
• on logging out of user, delete the token from client.

So for the frontend developers,
Document your API properly and share it with them