The terms were updated in April 2014 to restrict the data new developers could get hold of, including to people’s friends’ data, but only after four years of access to the Facebook firehose. Companies that plugged in before April 2015 had another year before access was restricted.

Source: ‘A grand illusion’: seven days that shattered Facebook’s facade
By creating multiple apps, where each individual app collected only a little bit of data, software developers were able to collate limited data from each multiple app into all the data about you. This was a major privacy failure on the part of Facebook, a failure that may have been deliberate. As others note, Facebook is a surveillance business and ad agency – but wanted desperately to be seen as a genuine tech company.
To change the perception of Facebook, they tried to position their product as a “platform” upon which others would add value. Windows and the iPhone are examples of platforms – third party application developers create products that make Windows and iPhone more valuable. Facebook wanted app developers to make Facebook more valuable – and by so doing, turn Facebook into a platform. That in turn would make Facebook look more like a real tech company than a surveillance and ad agency.
Thus, Facebook created a programming interface to the Facebook surveillance database. Giving access to the surveillance data provided value and incentive to developers to create new products.