Frequently asked questions about App Review.
On May 1, 2018 we announced a new App Review processthat is required for FB Login (extended permissions) and the 6 APIs (Pages, Messenger, Business Manager, Instagram, Groups and Events). App Review submission for these APIs/permissions is required before August 1, 2018 in order to maintain access to those APIs. On August 1st, we will begin enforcing this deadline for inactive apps.
For active apps that require these permissions, we will auto-enroll apps into the app review process in the coming weeks. You can read more about this announcement here.
On July 2, 2018, we announced additional APIs that require app review: Marketing API and Lead Ads Retrieval. App Review submission for these APIs/permissions is required before February 1, 2019 in order to maintain access. You can read more about the due dates here.
As we announced earlier this year, all apps accessing the Pages API, Groups API, Events API, Business Manager API, Instagram Graph API, Messenger Platform, and Facebook Login were expected to submit for app review by August 1.
To help protect the integrity of our platform, we have removed API access for apps that require these permissions, have not gone through app review, and have not been active within the last 28 days as of July 31, 2018. If you still need access to our APIs, we encourage you to submit for review through your app's App Dashboard.
All active apps that require these permissions will be auto-enrolled in app review in the coming weeks. Developers will be notified if we require additional information to complete the app review submission. If responses are not received in the allocated timeframe, reviewable API access will be disabled.
Yes, if your apps have made calls to the Graph API in the last 28 days as of July 31, 2018 and require access to the reviewable permissions with an August 1st deadline, your app will be auto-enrolled in the app review process. We will notify you when we have a process available to send us the additional information needed to complete the review process.
Yes, ALL apps that leverage permissions that require review (Pages API, Groups API, Events API, Business Manager API, Instagram Graph API, Messenger Platform, extended Facebook Login permissions, Marketing API and Lead Ads API) must submit for app review in adherence with the communicated deadlines.
Active apps that leverage permissions with an August 1st deadline (Pages API, Groups API, Events API, Business Manager API, Instagram Graph API, Messenger Platform, extended Facebook Login permissions) and have not yet proactively submitted for review will be auto-enrolled in the review process. You can accelerate the App Review process by submitting your app for review prior to auto-enrollment. This will give you more control over when your app is reviewed and what information is used for the review.
The need for app review is based on the App ID level. Each individual app using those permissions or features must be submitted for review.
For more details, visit this page. The process will give you the opportunity to provide details on which permissions you need, and how they will be used. Facebook will review the use case and determine if it is permissible under our policy. After permission review, depending on the API/permission we may have additional requirements such as business verification and contract signing.
As new APIs become available, these will need to be requested through App Review. Business Verification however, is only required once per Business Manager entity, so Business Verification will not be required again if new permissions or APIs are required for an app.
As of August 1, 2018, you only need to verify the Business Manager which the app is connected to.
As part of the review process, you may be asked for business information such as the legal name of the business, address and phone number. In addition, you may be requested to provide business documentation such as utility bills, licenses, certificates of formation, or articles of incorporation.
At the moment we are dealing with increased volume. The entire process may take up to several weeks.
You can always find the status of business verification and contracts and steps to take in the business verification panel found in the app review tab of the app dashboard. We will send you notifications throughout the process to let you know what action is needed.
The person signing the contracts must have the legal authority to bind your business. For example, an officer or other authorized signatory of your business.
The app should be linked to the Business Manager for the business that ultimately owns the app and has access to the data being generated from the app. This business should be the one who goes through the business verification process.
App review must be performed per app. We recommend that you review your app dashboard to get the specific list of permissions that require review.
Business Verification is required once per Business Manager. If you choose to associate all your apps with the same Business Manager, then you will only need to go through business verification once.
If you already have a Business Manager account, we recommend that you connect the app to the existing Business Manager.
If there are multiple Business Manager accounts that belong to the business, we recommend determining the rationale for multiple Business Manager accounts and aligning the app with the most appropriate Business Manager. If the business has a credit line set up through the Business Manager, we recommend that you connect the app with the one that has the credit line.
The App Review process refers to apps that require certain API permissions. You can read about the permissions required for review here. Setting up the SDK itself does not require app review. However, the SDK does enable apps to make calls to Facebook APIs, and if those APIs require review, the app will need to submit for app review.
You can provide a screencast of your integration, or if your app does not have an end user experience, you can provide a minimum of 2 screenshots which show the settings view of your page, your CRM or Business Manager as well as provide a Page ID for a page you'll be using through these products. You can read more about this option here.
You will need to request the
Yes. Apps that access content of public pages need to request Page Public Content Access feature and require review by Facebook.
Yes. In v3.0, all Messenger Platform APIs are included under Pages_messaging permission and require review.
publish_actions permission is deprecated in Graph API v3.0. Apps can still post stories via mediated experiences like the Facebook Share Dialog on the web, or the Share Sheets for iOS and Android. Apps can publish to groups through the
publish_groups permission, which requires an app go through review.
user_managed_groups permission is deprecated in Graph API v3.0. Apps can use the new Groups API, along with the
read_groups_user_data permissions in its place. The new API and permissions require apps go through review by Facebook.
In Graph API v3.0, apps that access events need to use the
user_events permission. Apps that use that permission will need to be reviewed by Facebook.
The Instagram API is not affected by Graph API v3.0. However, all apps that use the Instagram API need to be reviewed by Facebook.
Yes. Apps can access only a user's name, email address, and profile picture without App Review. All other permissions will require review by Facebook.
There are no changes to Business Manager APIs in Graph API v3.0. Apps requiring access to Business_Management permissions will require review by Facebook.
Apps that use mediated sharing products like social plugins, share dialog and share sheets, or a subset of Facebook Login do not have to be reviewed by Facebook. To learn more about what requires review, please see our App Review documentation.
We review your app to ensure a high-quality Facebook experience across apps. In general, people must be aware that they are logging in and posting to Facebook. People should be able to control the info they share with your app or back to Facebook.
Note: People who are listed in your app's Roles tab will have access to extended permissions without going through review (e.g. manage_pages). However, when the app goes public it must go through App Review to access information even for people with roles on the app.
All app capabilities should be available when your app is in Development Mode but you will only be able to access your data, your test user's data, or your pages data. If you wish to take your app public, even if you are the only user, it must go through app review .
Due to changes to the review process and the high volume of submissions expected, it may take several weeks for submitted apps to complete review.
Please provide as much info as possible to help the reviewer, including clear screenshots, detailed step-by-step instructions and a screencast recording of your app and its Facebook integration.
You'll need to explain exactly how to test each permission or feature in your app so that we can make sure it works and follows our policies. We can't approve your app if we can't fully test how it integrates with Facebook. Giving detailed instructions makes it less likely that you'll have to resubmit for review.
For each permission you request, list reproduction instructions in a step-by-step format. All instructions must be in English.
Your instructions should not:
Here's a good example of step-by-step instructions:
If you're still not sure about what to include, please see more examples in our examples section for App Review.
To test a new feature or permission, after your app has been reviewed and published, use the Create Test App feature in the App Dashboard to create a clone of your production app. In the Dashboard of your production app, click the down arrow next to the app name in the upper left navigation pane and click Create Test App. The app clone, created with In Development status, allows all app roles access to all features and permissions.
In certain cases, you may need the reviewer to reproduce a certain behavior or experience available only to a specific test user. If this is the case, you can add this user to your submission on the App Review page. In the Items in Review section, you'll see a Test User (optional) section that allows you to type the name of the user you wish to be used in your review.
The only test users available here are those listed as Test Users in the Roles section of your app. Please do not share Facebook login credentials for users in your review instructions.
Learn more about how to create a test user.
Before approving your request for user_likes, your reviewer will need to confirm that your app provides a unique experience to users based on the like info it receives from them. To do this, our review team will test your app with a variety of test users, each with a different set of likes and interests.
When submitting a request for user_likes, you should write detailed instructions that include:
If you're using user_likes as part of an algorithm, it's important that the reviewer can see the result of this algorithm and how it influences content shown to people.
Our review team will actually test how your app uses each permission on every platform you have listed in the settings section of your app. Your reviewer ensures that your Facebook Login integration works correctly and that each permission requested adheres to our principles and utility guidelines while providing an enhanced user experience.
If your app is a game and has a presence on Facebook Canvas
You can invite new players to your game by using either the:
If your app does not have a presence on Facebook Canvas
This type of message is a great channel for communicating with a smaller number of people in a direct way. The Message Dialog and the Send Dialog both include a typeahead which lets the person easily select a number of friends to receive the invite.
No. Once you've been approved for a permission, you can use it across any version of your app on any platform.
If you expand and develop your app on a new platform, this will not need to be submitted for review. You only need to resubmit for review if you want to request a new permission - for example, when you add a new feature to your app. Changing and submitting your App Details or Open Graph actions will not affect the permissions you've been approved for.
If your current submission requires additional information, you will have 30-days from receipt of the request to resolve and resubmit for review. During those 30-days you may be asked to provide more information by the App Review team. Please note that the 30-day window will not reset with each resubmission during this period.
Our review team uses multiple test users when reviewing submissions, and we don't always use the test user you provide. If your submission does need to be reviewed using a specific test user please let us know in your review instructions.
If you provide a test user, make sure you've correctly created the test user and attached the user with your submission.
Our review team will use the instructions you provide to test your app's Facebook integrations.
If you feel our reviewer has incorrectly rejected your app, you should resubmit for review with updated review instructions that provide more info for the reviewer.
The review process is the best way to communicate with your reviewer by updating your notes to address the feedback you've received.
A screencast is a great way to guide us through your app and show us how you're using the requested permissions. Here's some best practices and third party resources for creating a screencast.
Your video should show how your app uses each permission it requests. If you're requesting publish_actions, it should also show how content from your app is created and shared to Facebook.
To approve your app submission, our review team will need to log into your app and check all Facebook integrations.
If your reviewer has been unable to load or use your app, please make sure that:
If you're rejected again for the same reason, update your Review Instructions or Add Notes section to ask your reviewer for some clarity and additional info.
Our review team may need additional login credentials for your app in order to complete your review.
If your app requires a secondary login before or after Facebook Login, please be sure to provide a username and password for this. This may include login credentials for a testing or demo server, secondary login for your app or an e-mail registration flow.
Apps hosted on staging or development servers may require an additional login to access your server. Please provide all necessary login credentials for this also.
If you're still not sure what credentials are missing, you can provide a video with your next submission that shows the Facebook Login option and all relevant Facebook integrations you're submitting for.
It's against Platform Policy 4.5 to incentivize people to use social plugins or to like a Page. This includes offering rewards or gating apps or app content based on whether or not a person has liked a Page. User_likes will not be approved for this purpose.
To ensure quality connections and help businesses reach the people who matter to them, we want people to like Pages because they want to connect and hear from the business, not because of artificial incentives. We believe this policy will benefit people and advertisers alike.
To be approved for App Center, your App will need to meet our eligibility requirements. Apps eligible for the Facebook App Center must use Facebook Login or have a Facebook Canvas app.
App eligible to be listed in App Center are:
Your text assets and promotional images must also meet our guidelines.
Your review response will include a clear explanation for why your app wasn't approved, as well as the next steps you should take. We want to get you through the process as quickly as possible, so be sure to read this feedback carefully. Once you make the necessary changes, you can submit for review again.
If your app uses a permission in a way that isn't approvable, your feedback will explain this and you shouldn't resubmit for review.
The App Review process involves loading your app on each supported platform, logging in with Facebook, and using every Facebook integration that you're requesting in review. This often results in what we call 'general issues.' These are errors or bugs relating to loading your app, logging into your app or the general functionality of your app. This means we weren't able to test the permissions you request in your submission.
Since these are issues that prevent us from reviewing your Facebook functionality, we can't comment in detail about how your app uses the Facebook functionality you've submitted for review. Because of this, we reject with 'General Issues' and provide feedback about this on each platform.
If you receive a 'General Issues' rejection, please carefully read all of the feedback. Each platform will receive individual feedback that should explain what issues were experienced in review.
During the review process, our review team follows your instructions to reproduce how permissions are used within your app. If we can't reproduce this experience - for example, because we can't follow your instructions, or we can't log into your app - then we also can't approve the submission.
To avoid this, please:
In particular, for the publish_actions permission, please confirm that your app's publishing functionality is configured correctly. We need to be able to publish your app's content back to Facebook during the review process.
If your question not answered here get help in the Facebook Developer Community group. The group is active with both our talented community members and also Facebook staff. If you have additional questions about the review process try post them in the group.