How to respect RESTful with Data synchronized from Facebook

Question

I’m trying to build a web-app with integration of some Facebook data. (Facebook Events in particular).

I would like to know what are the best practices/recommandations to handle synchronization.

Here is my current thought: In my database, I need to have:

• User: with Facebook ID, and list of friends
• Event: with list of User

In mongoose syntax it means the following schema:

var UserSchema = new Schema({
  id: { type: String, default: '' },
  friends: [{type : Schema.ObjectId, ref : 'User'}]
})
mongoose.model(‘User', UserSchema )

var EventSchema = new Schema({
  eid: { type: String, default: '' },
  users: [{type : Schema.ObjectId, ref : 'User'}]
})
mongoose.model('Event', EventSchema)

For now, I’m using Passport-Facebook to handle authentication and Facebook-Node-SDK (https://github.com/Thuzi/facebook-node-sdk) to make graph call. So I can set my accessToken during my Passport FacebookStrategy:

passport.use(new FacebookStrategy({
  clientID: config.facebook.clientID,
  clientSecret: config.facebook.clientSecret,
  callbackURL: config.facebook.callbackURL
 },
 function(accessToken, refreshToken, profile, done) {
   FB.setAccessToken(accessToken); //Setting access token
   User.findOne({ 'id': profile.id }, function (err, user) {
      //handling creation in case of error 
      //then synchronization of friends
   })
]);

Once the user is logged, I redirect him to an URL which first call a static method which synchronize FB events of current user then redirect him to the following route:

app.get('/events', events.index)

But this is not compliant with RESTful standards? For example, with my method I didn’t need route like this:

app.post('/events', events.add)
app.put('/events', events.update)
app.del('/events', events.destroy)

In fact, I don’t see how to proper implement this kind of syntonization and I’m worry with the future integration of front-end solution.

Can someone point me what I am missing and eventually give some advices/link to handle this situation? Is it better to handle the listing of event on client-side with Official Facebook SDK and just give to my API the IDs needed? In this case, how to secure the data?

Update: It's an extand of this question Web app integration with facebook ( architecture issues ) Regarding the answer, I can't figure it out with my particular case.