Facebook Login Best Practices

The onboarding experience is one of the most important user experiences in your app. Facebook Login lets people start using your app quickly and easily, and they'll enjoy more personalized and meaningful experiences.


Something Went Wrong
We're having trouble playing this video.

Best Practices

1. Prompt people to log in at the right time

If your app is well known and understood, you might be able to put your login button on the initial screen and still see decent conversion rates. If you do this, be sure the intro screen has a clear, succinct and compelling statement about what it has to offer:

A better option is to provide a glimpse of the content available to people prior to logging in, like the background photo in this example:

If your app requires additional education, you may want to offer a multi step demo above your login button. This gives people the option to either log in immediately or learn more first.

The best experience is to let people use your app and see its content before prompting them to log in. For example, many ecommerce sites such as Zulily don't require people to log in until they're ready to check out.

2. Only ask for the permissions you need

Only ask for the permissions you need. The fewer permissions you ask for, the easier it is for people to feel comfortable granting them. We've seen that asking for fewer permissions typically results in greater conversion.

You can always ask for additional permissions later after people have had a chance to try out your app.

An additional benefit of asking for fewer permissions is that you might not need to submit your app for App Review. You need to submit for App Review if you request any permissions other than public_profile and email.

3. Ask for permissions in context and explain why

You should trigger permission requests when people are trying to accomplish an action in your app which requires that specific permission.

For example, the Facebook app only asks for Location Services when people explicitly tap on the location button when updating their status.

In addition, people are most likely to accept permission requests when they clearly understand why your app needs that info to offer a better experience.

4. If you don't use the Facebook SDKs, regularly check whether the access token is valid.

Although access tokens have a scheduled expiration, tokens can be caused to expire early for security reasons. If you don't use the Facebook SDKs in your app, it is extremely important that you manually implement frequent checks of the token validity — at least daily — to ensure that your app is not relying on a token that has expired early for security reasons.

5. If data access for someone has expired, put them through the reauthorization flow

6. Use the button that comes with our SDKs

The Facebook Login button that comes with our SDKs is easy to integrate and includes built-in education that ensures a consistent design and experience:

However, if you do decide to build your own, for best results follow the Facebook Platform Policy and the recommendations in the User Experience Design topic.

7. Avoid having people login from a WebView

Logging in from a WebView works only if people have the Facebook app installed on their mobile device. Because you cannot predict whether people will have the app installed, it's better not to have them log in from a WebView.

8. Provide a way to log out

Once people are logged in, you should also give them a way to log out, disconnect their account, or delete it all together. In addition to being a courtesy, this is also a requirement of our Facebook Platform Policy.

The dating app Tinder, for example, gives you the option to log out or to delete your account entirely.

9. Test and measure

It's incredibly important to test your Facebook Login flow under a variety of conditions, and we've built a robust testing plan for you to follow. It's also a good idea to run qualitative usability tests to understand how people are reacting to what they see.

Once you've tested your Login flow and are ready to launch, we suggest using an analytics program to understand if people are completing the process and their overall conversion rates. Best practice apps can see conversion rates of over 80%. Facebook Analytics lets you monitor your conversion rates for free.

10. Follow the Facebook Platform Policy

To avoid potential problems later on, do a quick check to make sure your Login integration adheres to the login section of our policies.

11. Implement a Data Deletion Callback

To give people control of their data, implement a data deletion callback to respond to people's requests to delete data your app has from Facebook about them.

12. Submit your app for App Review

You only need to submit your app for App Review if you're requesting permissions beyond public profile and email. We recommend you submit your app for review as early as possible in your development lifecycle after you've integrated Facebook Login. You'll receive transparent feedback during the App Review process, including feedback on changes you can make to get a denied permission approved, if appropriate. For existing apps, going through Login Review will not affect your current app.

You can learn more about App Review in our docs.