Facebook App Review FAQs

This document covers many of the more common questions developers ask when submitting for review.

Recent App Review Changes

On May 1, 2018 we announced a new App Review process that is required for Facebook Login (extended permissions) and 6 APIs (Pages, Messenger, Business Manager, Instagram, Groups and Events). App Review submission for these APIs/permissions is required before August 1, 2018 in order to maintain access to those APIs.

On July 2, 2018, we announced additional APIs that require app review: Marketing API and Lead Ads Retrieval. App Review submission for these APIs is required before February 1, 2019 in order to maintain access. You can read more about the due dates here.

The need for app review is based on the App ID level. Each individual app using those permissions or features must be submitted for review.

A business only needs to be verified once. Contracts only need to be signed once at a business level. Subsequent app submissions will require app review, but not verification.

For more details, visit this page. The process will give you the opportunity to provide details on which permissions you need, and how they will be used. Facebook will review the use case and determine if it is permissible under our policy. After permission review, depending on the API/permission we may have additional requirements such as business verification and contract signing.

All existing apps that are calling Facebook Login extended permissions and the 6 APIs (Pages, Messenger, Business Manager, Instagram, Groups and Events) would need to submit to the new App Review flow, which includes business verification and signing of contracts. App Review doesn't need to be completed by this date, just submitted. If a submission is not made before August 1, 2018, then access to those APIs will be lost on August 2, 2018.

All existing apps that are calling the Marketing API and Lead Ads Retrieval API need to submit to the new App Review flow which includes business verification and signing of contracts before February 1, 2019.

Yes, test apps will inherit reviewable permissions from parent apps.

As new APIs become available, these will need to be requested through App Review. Business Verification however, is only required once per Business Manager entity, so Business Verification will not be required again if new permissions or APIs are required for an app.

You only need to verify the Business Manager which the app is connected to.

As part of the review process, you may be asked for business information such as the legal name of the business, address and phone number. In addition, you may be requested to provide business documentation such as utility bills, licenses, certificates of formation, or articles of incorporation.

At the moment we are dealing with increased volume. The entire process may take up to several weeks.

  • Permission review may take up to several weeks. Our latest update on timelines can be found here.
  • Business verification should take a few days, however it will depend on the quality of documentation.
  • Contract signing can be completed as soon as you have your designated officer sign the contract.

We will send you notifications throughout the process to let you know what action is needed.

The person signing the contract must be able to legally represent the business and bind the contract with the business (e.g. Officers of the business).

The app should be linked to the Business Manager for the business that ultimately owns the app and has access to the data being generated from the app. This business should be the one who goes through the business verification process.

App review must be performed per app. We recommend that you review your app dashboard to get the specific list of permissions that require review.

Business Verification is required once per Business Manager. If you choose to associate all your apps with the same Business Manager, then you will only need to go through business verification once.

We give developers the opportunity to provide specific test users in case there’s additional configuration, whitelisting or test user profile information they want us to use. If they don’t provide a test user we will just use one of our own. The field should be marked as optional and not completing shouldn’t block them.

If you already have a Business Manager account, we recommend that you connect the app to the existing Business Manager.

If there are multiple Business Manager accounts that belong to the business, we recommend determining the rationale for multiple Business Manager accounts and aligning the app with the most appropriate Business Manager. If the business has a credit line set up through the Business Manager, we recommend that you connect the app with the one that has the credit line.

No. The App Review process refers only to apps that require certain API permissions. You can read about the permissions required for review here.

You can provide a screencast of your integration, or if your app does not have an end user experience, you can provide a minimum of 2 screenshots which show the settings view of your page, your CRM or Business Manager as well as provide a Page ID for a page you'll be using through these products.

Our Server-to-Server Apps document also provides guidelines for completing app review for apps that have no user interface.

Lead Ads specific guidance:

You will need to request the leads_retrieval and manage_pages permissions.

If the clients are also the "owner" of the app, then they, themselves go through the process as direct developers. If the clients have a third party developer as the "owner" of the app, then it's the developer who will go through the review.

Graph API v3.0

Yes. Apps that access content of public pages need to request Page Public Content Access feature and require review by Facebook.

Yes. In v3.0, all Messenger Platform APIs are included under Pages_messaging permission and require review.

The publish_actions permission is deprecated in Graph API v3.0. Apps can still post stories via mediated experiences like the Facebook Share Dialog on the web, or the Share Sheets for iOS and Android. Apps can publish to groups through the publish_groups permission, which requires an app go through review.

The user_managed_groups permission is deprecated in Graph API v3.0. Apps can use the new Groups API, along with the publish_groups and read_groups_user_data permissions in its place. The new API and permissions require apps go through review by Facebook.

In Graph API v3.0, apps that access events need to use the user_events permission. Apps that use that permission will need to be reviewed by Facebook.

The Instagram API is not affected by Graph API v3.0. However, all apps that use the Instagram API need to be reviewed by Facebook.

Yes. Apps can access only a user's name, email address, and profile picture without App Review. All other permissions will require review by Facebook.

There are no changes to Facebook's App Review policy that affect app using Facebook's Marketing API. For changes to the actual API, please see the Graph API Changelog.

There are no changes to Business Manager APIs in Graph API v3.0. Apps requiring access to Business_Management permissions will require review by Facebook.

Before You Submit

Apps that use mediated sharing products like social plugins, share dialog and share sheets, or a subset of Facebook Login do not have to be reviewed by Facebook. To learn more about what requires review, please see our App Review documentation.

We review your app to ensure a high-quality Facebook experience across apps. In general, people must be aware that they are logging in and posting to Facebook. People should be able to control the info they share with your app or back to Facebook.

Note: People who are listed in your app's Roles tab will have access to extended permissions without going through review (e.g. manage_pages). However, when the app goes public it must go through App Review to access information even for people with roles on the app.

All app capabilities should be available when your app is in Development Mode but you will only be able to access your data, your test user's data, or your pages data. If you wish to take your app public, even if you are the only user, it must go through app review .

Due to changes to the review process and the high volume of submissions expected, it may take several weeks for submitted apps to complete review.

Please provide as much info as possible to help the reviewer, including clear screenshots, detailed step-by-step instructions and a screencast recording of your app and its Facebook integration.

You'll need to explain exactly how to test each permission or feature in your app so that we can make sure it works and follows our policies. We can't approve your app if we can't fully test how it integrates with Facebook. Giving detailed instructions makes it less likely that you'll have to resubmit for review.

For each permission you request, list reproduction instructions in a step-by-step format. All instructions must be in English.

Your instructions should not:

  • Reference instructions from other submissions or documentation
  • Summarize what your app does instead of giving instructions
  • Provide technical details of how your APIs work

Here's a good example of step-by-step instructions:

  1. Press the Settings button on the left hand menu.
  2. Select Login with Facebook
  3. Complete the third step
  4. Complete the fourth step

If you're still not sure about what to include, please see more examples in our examples section for App Review.

No, you don't need to submit for review to run mobile app install ads. You just need an app that is live in the iTunes App Store or Google Play Store. You can follow our guide to creating mobile app installs ads.

To test a new feature or permission, after your app has been reviewed and published, use the Create Test App feature in the App Dashboard to create a clone of your production app. In the Dashboard of your production app, click the down arrow next to the app name in the upper left navigation pane and click Create Test App. The app clone, created with In Development status, allows all app roles access to all features and permissions.

In certain cases, you may need the reviewer to reproduce a certain behavior or experience available only to a specific test user. If this is the case, you can add this user to your submission on the App Review page. In the Items in Review section, you'll see a Test User (optional) section that allows you to type the name of the user you wish to be used in your review.

The only test users available here are those listed as Test Users in the Roles section of your app. Please do not share Facebook login credentials for users in your review instructions.

Learn more about how to create a test user.

Before approving your request for user_likes, your reviewer will need to confirm that your app provides a unique experience to users based on the like info it receives from them. To do this, our review team will test your app with a variety of test users, each with a different set of likes and interests.

When submitting a request for user_likes, you should write detailed instructions that include:

  • A clear explanation of why you're requesting user_likes and how it improves a person's experience in your app.
  • A list of sample Pages for our reviewer to like to verify your use of user_likes. Please give direct links to the Pages that our reviewer should like before they test your app.

If you're using user_likes as part of an algorithm, it's important that the reviewer can see the result of this algorithm and how it influences content shown to people.

Our review team will actually test how your app uses each permission on every platform you have listed in the settings section of your app. Your reviewer ensures that your Facebook Login integration works correctly and that each permission requested adheres to our principles and utility guidelines while providing an enhanced user experience.

Please see our principles and utility guidelines for more info.

You don't need to go through review for your app to publish to your Profile or Facebook Pages that you own. Anyone listed in the Roles section of your app's dashboard can grant permissions without review. If you want a small number of additional people to have this ability, we recommend you add them as developers or testers in the Roles section of your app's dashboard.

If your app is a game and has a presence on Facebook Canvas

You can invite new players to your game by using either the:

  • Requests dialog. When using the requests dialog you can set 'filters=app_non_users' to filter the dialog to only show people who don't use your app. If your app has a Canvas presence, you may also use the Requests Dialog on iOS and Android.
  • Invitable Friends API. If your app is a game, and want to build your own multi-friend selector, you may use the Invitable Friends API, which returns a ranked list of the person's friends who do not use the app. Once a person has selected a number of friends to invite, you may pass the tokens returned by the Invitable Friends API to the to field of the Requests Dialog which will then let the person send an invite to those friends.

If your app does not have a presence on Facebook Canvas

You can use the Message Dialog on iOS and Android, or the Send Dialog on Web. These products let a person send a message directly to their friends containing a link to your app.

This type of message is a great channel for communicating with a smaller number of people in a direct way. The Message Dialog and the Send Dialog both include a typeahead which lets the person easily select a number of friends to receive the invite.

No. Once you've been approved for a permission, you can use it across any version of your app on any platform.

If you expand and develop your app on a new platform, this will not need to be submitted for review. You only need to resubmit for review if you want to request a new permission - for example, when you add a new feature to your app. Changing and submitting your App Details or Open Graph actions will not affect the permissions you've been approved for.

After You Submit

Our review team uses multiple test users when reviewing submissions, and we don't always use the test user you provide. If your submission does need to be reviewed using a specific test user please let us know in your review instructions.

If you provide a test user, make sure you've correctly created the test user and attached the user with your submission.

Our review team will use the instructions you provide to test your app's Facebook integrations.

If you feel our reviewer has incorrectly rejected your app, you should resubmit for review with updated review instructions that provide more info for the reviewer.

The review process is the best way to communicate with your reviewer by updating your notes to address the feedback you've received.

Your app will be reviewed on each of the platforms you list in the Settings section of your App Dashboard. If you don't want a certain platform to be reviewed, including if you don't yet have a working version of your app on a specific platform, please remove it from your Settings page.

You can find more info in our documentation on platforms.

A screencast is a great way to guide us through your app and show us how you're using the requested permissions. Here's some best practices and third party resources for creating a screencast.

Your video should show how your app uses each permission it requests. If you're requesting publish_actions, it should also show how content from your app is created and shared to Facebook.

To approve your app submission, our review team will need to log into your app and check all Facebook integrations.

If your reviewer has been unable to load or use your app, please make sure that:

  • The App URL is publicly accessible and not configured as a localhost
  • You've provided the username and password needed to access your development or staging site
  • Your site's security certificates are up to date and not causing errors for new users
  • You're able to login and use your app as a newly created test user
  • The items you submitted for review are built out and working in your app

If you're rejected again for the same reason, update your Review Instructions or Add Notes section to ask your reviewer for some clarity and additional info.

Our review team may need additional login credentials for your app in order to complete your review.

If your app requires a secondary login before or after Facebook Login, please be sure to provide a username and password for this. This may include login credentials for a testing or demo server, secondary login for your app or an e-mail registration flow.

Apps hosted on staging or development servers may require an additional login to access your server. Please provide all necessary login credentials for this also.

If you're still not sure what credentials are missing, you can provide a video with your next submission that shows the Facebook Login option and all relevant Facebook integrations you're submitting for.

It's against Platform Policy 4.5 to incentivize people to use social plugins or to like a Page. This includes offering rewards or gating apps or app content based on whether or not a person has liked a Page. User_likes will not be approved for this purpose.

To ensure quality connections and help businesses reach the people who matter to them, we want people to like Pages because they want to connect and hear from the business, not because of artificial incentives. We believe this policy will benefit people and advertisers alike.

If you're using the Share Dialog or any other social plugin to publish content back to Facebook, you don't need to submit for review. If you're still not sure, you can find more info in our general review documentation.

To be approved for App Center, your App will need to meet our eligibility requirements. Apps eligible for the Facebook App Center must use Facebook Login or have a Facebook Canvas app.

App eligible to be listed in App Center are:

Your text assets and promotional images must also meet our guidelines.

Your review response will include a clear explanation for why your app wasn't approved, as well as the next steps you should take. We want to get you through the process as quickly as possible, so be sure to read this feedback carefully. Once you make the necessary changes, you can submit for review again.

If your app uses a permission in a way that isn't approvable, your feedback will explain this and you shouldn't resubmit for review.

The App Review process involves loading your app on each supported platform, logging in with Facebook, and using every Facebook integration that you're requesting in review. This often results in what we call 'general issues.' These are errors or bugs relating to loading your app, logging into your app or the general functionality of your app. This means we weren't able to test the permissions you request in your submission.

Since these are issues that prevent us from reviewing your Facebook functionality, we can't comment in detail about how your app uses the Facebook functionality you've submitted for review. Because of this, we reject with 'General Issues' and provide feedback about this on each platform.

If you receive a 'General Issues' rejection, please carefully read all of the feedback. Each platform will receive individual feedback that should explain what issues were experienced in review.

During the review process, our review team follows your instructions to reproduce how permissions are used within your app. If we can't reproduce this experience - for example, because we can't follow your instructions, or we can't log into your app - then we also can't approve the submission.

To avoid this, please:

  • Provide a working version of the app that uses the permission
  • Make sure your instructions in the Add Notes section are clear
  • Make sure that the requested login permissions personalize the user experience and comply with our principles

In particular, for the publish_actions permission, please confirm that your app's publishing functionality is configured correctly. We need to be able to publish your app's content back to Facebook during the review process.

Facebook Developer Community Group

Get help from community members and Facebook staff.

If your question not answered here get help in the Facebook Developer Community group. The group is active with both our talented community members and also Facebook staff. If you have additional questions about the review process try post them in the group.