FAQs

Answers to frequently asked questions about the App Review process.

General

Please visit our App Review for Login examples page for useful submission tips and tricks, and Please visit our Sample App Review Submission page for example screen recordings. You can also watch our introduction to App Review video.

Refer to our test apps document to learn how to create a test app.

Please visit our Server-to-Server Apps document.

Note: Server-to-server apps are used when your app has no user interface as it exchanges data directly with our APIs. As such, these apps are only approved for business-facing data permissions (i.e. ads_management), never with user permissions. For a sample submission see Sample App Review Submission for Server-to-Server Apps.

The need for app review is based on the App ID level. Each individual app using those permissions or features must be submitted for review.

For more details, visit this page. The process will give you the opportunity to provide details on which permissions you need, and how they will be used. Facebook will review the use case and determine if it is permissible under our policy. After permission review, depending on the API/permission we may have additional requirements such as business verification and contract signing.

Yes, test apps will inherit reviewable permissions from parent apps.

As new APIs become available, these will need to be requested through App Review. Business Verification however, is only required once per Business Manager entity, so Business Verification will not be required again if new permissions or APIs are required for an app.

As of August 1, 2018, you only need to verify the Business Manager which the app is connected to.

As part of the review process, you may be asked for business information such as the legal name of the business, address and phone number. In addition, you may be requested to provide business documentation such as utility bills, licenses, certificates of formation, or articles of incorporation.

At the moment we are dealing with increased volume. The entire process may take up to several weeks.

  • Permission review may take up to several weeks. Our latest update on timelines can be found here.
  • Business verification should take a few days, however it will depend on the quality of documentation.
  • Contract signing can be completed as soon as you have your designated officer sign the contract.

You can always find the status of business verification and contracts and steps to take in the business verification panel found in the app review tab of the app dashboard. We will send you notifications throughout the process to let you know what action is needed.

The app should be linked to the Business Manager for the business that ultimately owns the app and has access to the data being generated from the app. This business should be the one who goes through the business verification process.

App review must be performed per app. We recommend that you review your app dashboard to get the specific list of permissions that require review.

Business Verification is required once per Business Manager. If you choose to associate all your apps with the same Business Manager, then you will only need to go through business verification once.

If you already have a Business Manager account, we recommend that you connect the app to the existing Business Manager.

If there are multiple Business Manager accounts that belong to the business, we recommend determining the rationale for multiple Business Manager accounts and aligning the app with the most appropriate Business Manager. If the business has a credit line set up through the Business Manager, we recommend that you connect the app with the one that has the credit line.

The App Review process refers to apps that require certain API permissions. You can read about the permissions required for review here. Setting up the SDK itself does not require app review. However, the SDK does enable apps to make calls to Facebook APIs, and if those APIs require review, the app will need to submit for app review.

You can provide a screencast of your integration, or if your app does not have an end user experience, you can provide a minimum of 2 screenshots which show the settings view of your page, your CRM or Business Manager as well as provide a Page ID for a page you'll be using through these products. You can read more about this option here.

Facebook Login

Please visit our Best Practice guide, and our Facebook Login Button UX guide for tips on how you can best implement Facebook Login in your app.

Lead Ads

You will need to request the leads_retrieval and pages_manage_ads permissions.

If the clients are also the "owner" of the app, then they, themselves go through the process as direct developers. If the clients have a third party developer as the "owner" of the app, then it's the developer who will go through the review.

Permissions and Features

Please see our Permissions Reference guide for reference on acceptable usage scenario. You can also find information for the Instagram Basic Display API at Instagram Platform Permissions, as well as the Marketing API for Ads Management Standard Access at Marketing API Access and Authentication.

Screen Recordings

Please visit our Screencasts page for an overview of how to submit a screencast to support your App Review.

Terms and Policies Violations

If you are violating any policies, Facebook will send you a Dev Alert by email, notifying you which of our platform policies are being violated. You can also see all of the dev alerts and violations in your developer dashboard under the Alerts tab on the left for your app.

Before You Submit

Apps that use mediated sharing products like social plugins, share dialog and share sheets, or a subset of Facebook Login do not have to be reviewed by Facebook. To learn more about what requires review, please see our App Review documentation.

We review your app to ensure a high-quality Facebook experience across apps. In general, people must be aware that they are logging in and posting to Facebook. People should be able to control the info they share with your app or back to Facebook.

Note: People who are listed in your app's Roles tab will have access to extended permissions without going through review (for example, user_posts). However, when the app goes public it must go through App Review to access information even for people with roles on the app.

All app capabilities should be available when your app is in Development Mode but you will only be able to access your data, your test user's data, or your pages data. If you wish to take your app public, even if you are the only user, it must go through app review .

Due to changes to the review process and the high volume of submissions expected, it may take several weeks for submitted apps to complete review.

Please provide as much info as possible to help the reviewer, including clear screenshots, detailed step-by-step instructions and a screencast recording of your app and its Facebook integration.

You'll need to explain exactly how to test each permission or feature in your app so that we can make sure it works and follows our policies. We can't approve your app if we can't fully test how it integrates with Facebook. Giving detailed instructions makes it less likely that you'll have to resubmit for review.

For each permission you request, list reproduction instructions in a step-by-step format. All instructions must be in English.

Your instructions should not:

  • Reference instructions from other submissions or documentation
  • Summarize what your app does instead of giving instructions
  • Provide technical details of how your APIs work

Here's a good example of step-by-step instructions:

  1. Press the Settings button on the left hand menu.
  2. Select Login with Facebook
  3. Complete the third step
  4. Complete the fourth step

If you're still not sure about what to include, please see more examples in our examples section for App Review.

No, you don't need to submit for review to run mobile app install ads. You just need an app that is live in the iTunes App Store or Google Play Store. You can follow our guide to creating mobile app installs ads.

To test a new feature or permission, after your app has been reviewed and published, use the Create Test App feature in the App Dashboard to create a clone of your production app. In the Dashboard of your production app, click the down arrow next to the app name in the upper left navigation pane and click Create Test App. The app clone, created with In Development status, allows all app roles access to all features and permissions.

In certain cases, you may need the reviewer to reproduce a certain behavior or experience available only to a specific test user. If this is the case, you can add this user to your submission on the App Review page. In the Items in Review section, you'll see a Test User (optional) section that allows you to type the name of the user you wish to be used in your review.

The only test users available here are those listed as Test Users in the Roles section of your app. Please do not share Facebook login credentials for users in your review instructions.

Learn more about how to create a test user.

Before approving your request for user_likes, your reviewer will need to confirm that your app provides a unique experience to users based on the like info it receives from them. To do this, our review team will test your app with a variety of test users, each with a different set of likes and interests.

When submitting a request for user_likes, you should write detailed instructions that include:

  • A clear explanation of why you're requesting user_likes and how it improves a person's experience in your app.
  • A list of sample Pages for our reviewer to like to verify your use of user_likes. Please give direct links to the Pages that our reviewer should like before they test your app.

If you're using user_likes as part of an algorithm, it's important that the reviewer can see the result of this algorithm and how it influences content shown to people.

Our review team will actually test how your app uses each permission on every platform you have listed in the settings section of your app. Your reviewer ensures that your Facebook Login integration works correctly and that each permission requested adheres to our principles and utility guidelines while providing an enhanced user experience.

Please see our principles and utility guidelines for more info.

Currently, apps do not require App Review if they are only used by Users who have a role on the app, and who are only publishing to their own timelines or Pages. Starting on August 1, 2018, however, apps can no longer publish to User timelines, and any apps that allow Users to publish to Groups or Pages must go through App Review.

If your app is a game and has a presence on Facebook Canvas

You can invite new players to your game by using either the:

  • Requests dialog. When using the requests dialog you can set 'filters=app_non_users' to filter the dialog to only show people who don't use your app. If your app has a Canvas presence, you may also use the Requests Dialog on iOS and Android.
  • Invitable Friends API. If your app is a game, and want to build your own multi-friend selector, you may use the Invitable Friends API, which returns a ranked list of the person's friends who do not use the app. Once a person has selected a number of friends to invite, you may pass the tokens returned by the Invitable Friends API to the to field of the Requests Dialog which will then let the person send an invite to those friends.

If your app does not have a presence on Facebook Canvas

You can use the Message Dialog on iOS and Android, or the Send Dialog on Web. These products let a person send a message directly to their friends containing a link to your app.

This type of message is a great channel for communicating with a smaller number of people in a direct way. The Message Dialog and the Send Dialog both include a typeahead which lets the person easily select a number of friends to receive the invite.

No. Once you've been approved for a permission, you can use it across any version of your app on any platform.

If you expand and develop your app on a new platform, this will not need to be submitted for review. You only need to resubmit for review if you want to request a new permission - for example, when you add a new feature to your app. Changing and submitting your App Details or Open Graph actions will not affect the permissions you've been approved for.

After You Submit

Please visit our App Review Rejection Results Guide for tips on how to have a successful App Review.

Before submitting an appeal, please make sure to read through the App Review Rejection Results Guide as well as the Enforcement FAQ to ensure that any violations are fixed before you resubmit your app for review.

Once fixed, you can appeal the decision using the Developer Appeals form.

If your current submission requires additional information, you will have 30-days from receipt of the request to resolve and resubmit for review. During those 30-days you may be asked to provide more information by the App Review team. Please note that the 30-day window will not reset with each resubmission during this period.

Our review team uses multiple test users when reviewing submissions, and we don't always use the test user you provide. If your submission does need to be reviewed using a specific test user please let us know in your review instructions.

If you provide a test user, make sure you've correctly created the test user and attached the user with your submission.

Our review team will use the instructions you provide to test your app's Facebook integrations.

If you feel our reviewer has incorrectly rejected your app, you should resubmit for review with updated review instructions that provide more info for the reviewer.

The review process is the best way to communicate with your reviewer by updating your notes to address the feedback you've received.

Your Facebook App ID created for your Instant Game cannot be used for any other platform. You can find more info in our documentation.

A screencast is a great way to guide us through your app and show us how you're using the requested permissions. Here's some best practices and third party resources for creating a screencast.

Your video should show how your app uses each permission it requests. If you're requesting publish_actions, it should also show how content from your app is created and shared to Facebook.

To approve your app submission, our review team will need to log into your app and check all Facebook integrations.

If your reviewer has been unable to load or use your app, please make sure that:

  • The App URL is publicly accessible and not configured as a localhost
  • You've provided the username and password needed to access your development or staging site
  • Your site's security certificates are up to date and not causing errors for new users
  • You're able to login and use your app as a newly created test user
  • The items you submitted for review are built out and working in your app

If you're rejected again for the same reason, update your Review Instructions or Add Notes section to ask your reviewer for some clarity and additional info.

Our review team may need additional login credentials for your app in order to complete your review.

If your app requires a secondary login before or after Facebook Login, please be sure to provide a username and password for this. This may include login credentials for a testing or demo server, secondary login for your app or an e-mail registration flow.

Apps hosted on staging or development servers may require an additional login to access your server. Please provide all necessary login credentials for this also.

If you're still not sure what credentials are missing, you can provide a video with your next submission that shows the Facebook Login option and all relevant Facebook integrations you're submitting for.

It's against Platform Policy 4.5 to incentivize people to use social plugins or to like a Page. This includes offering rewards or gating apps or app content based on whether or not a person has liked a Page. User_likes will not be approved for this purpose.

To ensure quality connections and help businesses reach the people who matter to them, we want people to like Pages because they want to connect and hear from the business, not because of artificial incentives. We believe this policy will benefit people and advertisers alike.

If you're using the Share Dialog or any other social plugin to publish content back to Facebook, you don't need to submit for review. If you're still not sure, you can find more info in our general review documentation.

To be approved for App Center, your App will need to meet our eligibility requirements. Apps eligible for the Facebook App Center must use Facebook Login or have a Facebook Canvas app.

App eligible to be listed in App Center are:

Your text assets and promotional images must also meet our guidelines.

Your review response will include a clear explanation for why your app wasn't approved, as well as the next steps you should take. We want to get you through the process as quickly as possible, so be sure to read this feedback carefully. Once you make the necessary changes, you can submit for review again.

If your app uses a permission in a way that isn't approvable, your feedback will explain this and you shouldn't resubmit for review.

The App Review process involves loading your app on each supported platform, logging in with Facebook, and using every Facebook integration that you're requesting in review. This often results in what we call 'general issues.' These are errors or bugs relating to loading your app, logging into your app or the general functionality of your app. This means we weren't able to test the permissions you request in your submission.

Since these are issues that prevent us from reviewing your Facebook functionality, we can't comment in detail about how your app uses the Facebook functionality you've submitted for review. Because of this, we reject with 'General Issues' and provide feedback about this on each platform.

If you receive a 'General Issues' rejection, please carefully read all of the feedback. Each platform will receive individual feedback that should explain what issues were experienced in review.

During the review process, our review team follows your instructions to reproduce how permissions are used within your app. If we can't reproduce this experience - for example, because we can't follow your instructions, or we can't log into your app - then we also can't approve the submission.

To avoid this, please:

  • Provide a working version of the app that uses the permission
  • Make sure your instructions in the Add Notes section are clear
  • Make sure that the requested login permissions personalize the user experience and comply with our principles

In particular, for the publish_actions permission, please confirm that your app's publishing functionality is configured correctly. We need to be able to publish your app's content back to Facebook during the review process.

The following are reasons why your app has lost permissions after initial approval:
  • The app is moved to a different unverified business. All previously approved permissions will be blocked.
    • If the app is then moved back to the verified business, the permissions will be unblocked.
  • The app is marked as Provide services to other businesses but is then moved to a different business which has not been verified.