The development process will vary depending on your app's needs, but the basic flow begins with reading the documentation for each of the products, SDKs, and APIs that your app will rely on. All of our products are showcased on developers.facebook.com/products, and all of our documentation can be found at developers.facebook.com/docs.
Once you have identified and read any relevant doc sets, the next step is to make changes to your app's codebase and configure any App Dashboard settings that may be required by the products, SDKs, and API calls that you are implementing. If other people will be helping you develop and test your app, you can assign them app roles so they will be able to configure settings and grant your app permissions while it is in Development mode.
Finally, to verify that you have implemented everything correctly, you can test your app using your own Facebook developer account or with test users that simulate real Facebook users.
As a starting point, most Facebook apps use the Graph API to get data in and out of Facebook. Graph API endpoints require permissions, which apps can request from app users by implementing Facebook Login. Since getting data in and out of the Graph API is a common action, we have a set of SDKs to make calling Graph API endpoints easier. So, many developers start with those four doc sets.
In order to access an app user's data, the app user must first grant your app individual API permissions. App modes control which permissions your app can request from users, and which users can grant those permissions.
An app in Development mode can request any permission, but only from users who have a role on the app itself. Apps in Live mode can request permissions from anyone, but only permissions that have been approved through the App Review process.
All newly created apps start out in Development mode and you should avoid changing it until you have completed all development and testing. Note that app types also affect which permissions are available to an app. For example, user-related permissions are not available to Business apps, and business-related permissions are not available to Consumer apps. Also, apps that have chosen the Business app type do not have app modes at all and instead rely on access levels, which behave similarly.
Learn more about app modes.
Test Users are test accounts that you can sign into in order to simulate real Facebook users when testing your app. Test users cannot interact with real Facebook users and any content or interactions generated by test users are only visible to other test users and anyone who has a role on your app.
Learn more about test users.
Test pages are pages created by test users that you can use to simulate real Facebook Pages when testing your app. Test pages are not discoverable by real Facebook users and can only be interacted with by other test users, or by people who have a role on your app.
Learn more about Test Pages.
If you have implemented Facebook Login, or if your app is typed as either a Consumer or Instant Game app, you must implement a Data Deletion Callback before it can be switched to Live mode. We will call your app's data deletion callback URL anytime one of your app users requests that you delete their data.
Learn more about the Data Deletion Callback.