"can I use the same access_token that is used in FB api to provide access security to DB on appery" - their token doesn't havy any relation to our db.You may proxy access to the database through the server code by passing a FB token in the server code. And making the actual query to the database only after the validity of verification of FB token. But I think it's pretty hard to do.