Facebook Login Best Practices

The onboarding experience is one of the most important user experiences in your app. Facebook Login lets people start using your app quickly and easily, and they'll enjoy more personalized and meaningful experiences.

In this doc, we offer some tips and considerations to optimize your login flow. A high quality onboarding experience can lead to conversion rates above 80%.

  1. Prompt people to log in at the right time.
  2. Only ask for the permissions you need.
  3. Ask for permissions in context and explain why.
  4. Use the button that comes with our SDKs.
  5. Avoid having people login from a WebView.
  6. Provide a way to log out.
  7. Test and measure.
  8. Follow the Facebook Platform Policy.
  9. Submit your app for Login Review.

Best Practices

1. Prompt people to log in at the right time

If your app is well known and understood, you might be able to put your login button on the initial screen and still see decent conversion rates. If you do this, be sure the intro screen has a clear, succinct and compelling statement about what it has to offer:

A better option is to provide a glimpse of the content available to people prior to logging in, like the background photo in this example:

If your app requires additional education, you may want to offer a multi step demo above your Login button. This gives people the option to either log in immediately or learn more first.

The best experience is to let people use your app and see its content before prompting them to log in. For example, many ecommerce sites such as Zulily don't require people to log in until after they're ready to check out.

2. Only ask for the permissions you need

Only ask for the permissions you need. The fewer permissions you ask for, the easier it is for people to feel comfortable granting them. We've seen that asking for fewer permissions typically results in greater conversion.

You can always ask for additional permissions later after people have had a chance to try out your app.

An additional benefit of asking for fewer permissions is that you might not need to submit your app for Login Review. You only need to submit for Login Review if you're requesting permissions other than public_profile, user_friends and email.

3. Ask for permissions in context and explain why

You should trigger permission requests when people are trying to accomplish an action in your app which requires that specific permission.

For example, the Facebook app only asks for Location Services when people explicitly tap on the location button when updating their status.

Asking for permissions in context is especially important when your app is asking for publish permissions. We recommend that you ask for publish permissions after people click a share, post, or publish option in your app. If your app only needs basic sharing functionality (e.g., sharing one item at a time, no custom composer), you can use our share dialog for iOS and Android.

In addition, people are most likely to accept permission requests when they clearly understand why your app needs that info to offer a better experience.

4. Use the button that comes with our SDKs

The Facebook Login button that comes with our SDKs is easy to integrate and includes built-in education that ensures a consistent design and experience:

But if you decide to build your own, follow the recommendations in the User Experience Guidelines.

5. Avoid having people login from a WebView

Logging in from a WebView works only if people have the Facebook App installed on their mobile device. Because you cannot predict whether people will have the app installed, it's better not to have them login from a WebView.

6. Provide a way to log out

Once people are logged in, you should also give them a way to log out, disconnect their account, or delete it all together. In addition to being a courtesy, this is also a requirement of our Facebook Platform Policy.

The dating app Tinder, for example, gives you the option to log out or to delete your account entirely.

7. Test and measure

It's incredibly important to test your Facebook Login flow under a variety of conditions. We've built a robust testing plan for you to follow here. It's also a good idea to run qualitative usability tests to understand how people are reacting to what they see.

Once you've tested your Login flow and are ready to launch, we suggest using an analytics program to understand if people are completing the process and their overall conversion rates. Best practice apps can see conversion rates of over 80%. Facebook Analytics lets you monitor your conversion rates for free.

8. Follow the Facebook Platform Policy

To avoid potential problems later on, do a quick check to make sure your Login integration adheres to the login section of our policies.

9. Submit your app for Login Review

You only need to submit your app for Login Review if you're requesting permissions beyond public profile, user_friends and email. We recommend you submit your app for review as early as possible in your development lifecycle after you've integrated Facebook Login. You'll receive transparent feedback during the Login Review process, including feedback on changes you can make to get a denied permission approved if appropriate. For existing apps, going through Login Review will not affect your current app.

You can learn more about Login Review in our docs.