iaaaan: so you would have two layers of authorization at the minimum:
1) facebook account friendship
2) a key that must be generated which requires some minimum difficulty to be considered valid

optionally you cn allow users to specify the minimum difficulty of a key they want to accept messages from