Each permission has its own set of requirements and suggested use cases. All these permissions, except the default, public_profile, require that you have Client OAuth Login enabled for your app on the Facebook Login tab of your app dashboard.
Basic permissions, (public_profile and email) do not require Review, but all other permissions do. Access to the Public Feed API is restricted to a limited set of media publishers and usage requires prior approval by Facebook.
Please see the details for each permission to learn more about how to use it in your app. Remember, all use of these permissions are subject to our Platform Policies and your own privacy policy.
The following permissions, public_profile and email, do not require login review.
public_profile (Default)Provides access to a subset of items that are part of a person's public profile. A person's public profile refers to the following properties on the user object by default:
idage_rangecontextcovercurrencydevicesfirst_namegenderlast_namelinklocalenamepicturetimezoneupdated_timeverifiedOn the web, public_profile is implied with every request and isn't required, although the best practice is to declare it. On iOS and Android, you must manually request it as part of your login flow.
age_range can be accessed only for app-scoped IDs.
gender & locale can only be accessed if:
appsecret_proof argument with the call.timezone & verified can only be accessed if:
Your app may use this permission without review from Facebook.
emailProvides access to the person's primary email address via the email property on the user object.
Do not spam users. Your use of email must comply with both Facebook policies and with the CAN-SPAM Act.
Note, even if you request the email permission it is not guaranteed you will get an email address. For example, if someone signed up for Facebook with a phone number instead of an email address, the email field may be empty.
Your app may use this permission without review from Facebook.
The following permissions require approval prior to use in an app. Learn more about submitting for Login Review.
publish_actionsProvides access to publish Posts, Open Graph actions, and other activity on behalf of a person using your app.
Because this permission lets you publish on behalf of a user please read the Platform Policies to ensure you understand how to properly use this permission.
Your app does not need to request the publish_actions permission in order to use the Feed Dialog, the Requests Dialog or the Send Dialog
If your app requests this permission Facebook will have to review how your app uses it.
When requesting this permission via App Review, please make sure your instructions are easily reproducible by our team.
Let people explicitly publish content from your app to Facebook from within a custom composer.
Seamlessly publish Open Graph stories for people when the user is aware and has appropriate controls.
Automatically publish stories without the person being aware or having control.
Publishing via dialogs or social plugins does not require this permission. Do not request review of this permission if you're only using Share dialog, Feed Dialog, Message Dialog etc, or Social Plugins (e.g. the Like Button.)
Pre-fill the user message parameter of posts with content a person didn’t create, even if the person can edit or remove the content before sharing.
Gate access to a service or product, or incentivize sharing to the user, group or event timeline.
user_about_meThis permission was deprecated on April 4, 2018.
user_actions.booksThis permission was deprecated on April 4, 2018.
user_actions.fitnessThis permission was deprecated on April 4, 2018.
user_actions.musicThis permission was deprecated on April 4, 2018.
user_actions.newsThis permission was deprecated on April 4, 2018.
user_actions.videoThis permission was deprecated on April 4, 2018.
user_actions:{app_namespace}This permission is no longer available due to the deprecation of Custom Open Graph and Custom App Collections.
Provides access to all of the person's custom Open Graph actions in the given app.
If your app requests this permission Facebook will have to review how your app uses it.
Personalize a person's experience based on their open graph actions published by another app.
user_birthdayAccess the date and month of a person's birthday. This may or may not include the person's year of birth, dependent upon their privacy settings and the access token being used to query this field.
Please note most integrations will only need age_range which comes as part of the public_profile permission.
If your app requests this permission Facebook will have to review how your app uses it.
When submitting for review, please be clear as to why age_range is not sufficient for your use case.
Provide age relevant content to people based on their date of birth information.
Provide age relevant content for anything where the age range is not sufficient.
Determine whether a person says they are under 18, over 18 or over 21. Please use the age_range field which is provided as a part of the public_profile permission, for which no review is needed before use.
user_education_historyThis permission was deprecated on April 4, 2018.
user_eventsProvides read-only access to the Events a person is hosting or has RSVP'd to.
Requesting this permission requires you to submit your app for Login Review. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.
Reduce friction in the visibility of calendar and event information (e.g. device apps, planner apps, concert apps)
Does not allow you to create events. With the launch of v2.0, it is not possible to create events via the Graph API.
Allow someone to RSVP to events using your app. For this, request the rsvp_event permission.
user_friendsProvides access to the list of friends that also use your app. These friends can be found on the friends edge on the user object.
In order for a person to show up in one person's friend list, both people must have decided to share their list of friends with your app and not disabled that permission during login. Also both friends must have been asked for user_friends during the login process.
Requesting this permission requires you to submit your app for Login Review. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.
Use the list of friends to create a social experience in your app.
user_games_activityThis permission was deprecated on April 4, 2018.
user_groupsThis permission was removed after Graph API v2.3.
user_hometownProvides access to a person's hometown location through the hometown field on the User object. This is set by the user on the Profile.
If your app requests this permission Facebook will have to review how your app uses it.
Personalize a person's experience based on where they lived or grew up.
Help people connect to others from their hometown.
user_likesProvides access to the list of all Facebook Pages and Open Graph objects that a person has liked. This list is available through the likes edge on the User object.
Requesting this permission requires you to submit your app for Login Review. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.
If your app requests this permission Facebook will have to [review] how your app uses it.
Creating a personalized experience by surfacing content related to a person's activities.
Visibly enable connections with other users with mutual interests.
Gate access to your app, or some content within your app based on whether or not someone has liked a page.
user_locationProvides access to a person's current city through the location field on the User object. The current city is set by a person on their Profile.
The current city is not necessarily the same as a person's hometown.
If your app requests this permission Facebook will have to review how your app uses it.
Personalize a person's experience based on their current city.
Surface content relevant to their city.
Help people connect to others from their city.
user_managed_groupsEnables your app to read the Groups a person is an admin of through the groups edge on the User object.
This permission does not allow you to create groups on behalf of a person. It is not possible to create groups via the Graph API. This does not let you read the groups a user is just a member of.
Requesting this permission requires you to submit your app for Login Review. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.
Provide an interface to help a person manage multiple groups.
Publish posts into a group a person manages (also requires the publish_actions permission).
Non-visible use of this data such as sentiment analysis or guarding against spam bots.
user_photosProvides access to the photos a person has uploaded or been tagged in. This is available through the photos edge on the User object.
Requesting this permission requires you to submit your app for Login Review. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.
Display a person's pictures on digital photo frame.
Help people export their photos for printing. Only offer this service for a person's personal and non-commercial use.
Access photos for use in a way that visibly enhances the in-app experience (e.g. photo editing, collage, slideshow, and face-in-hole apps).
Access a person's previous profile pictures.
Create albums on behalf of user (posting pictures requires the publish_actions permission.)
user_postsProvides access to the posts on a person's Timeline. Includes their own posts, posts they are tagged in, and posts other people make on their Timeline.
Requesting this permission requires you to submit your app for Login Review. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.
Provide creative content from Timeline posts.
Provide value to the user by visibly analyzing the content of the posts on their Timeline.
Non-visible use of this data such as sentiment analysis or guarding against spam bots.
user_relationship_detailsThis permission was deprecated on April 4, 2018.
user_relationshipsThis permission was deprecated on April 4, 2018.
user_religion_politicsThis permission was deprecated on April 4, 2018.
user_statusThis permission was removed after Graph API v2.3.
user_tagged_placesProvides access to the Places a person has been tagged at in photos, videos, statuses and links.
Requesting this permission requires you to submit your app for Login Review. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.
Provide tailored content based on the places a person has been.
Recommend places to visit based on the places a person has previously been tagged at.
Show someone their checkin history on a map.
user_videosProvides access to the videos a person has uploaded or been tagged in.
Requesting this permission requires you to submit your app for Login Review. This permission is restricted to a limited set of partners and usage requires prior approval by Facebook.
Access videos for use videos in a way that visibly enhances the in-app experience: (e.g. editing, collage, portfolio, slideshow apps.)
Display a person's videos on a TV via a set top box, or display their videos on a digital photo frame.
user_websiteThis permission was deprecated on April 4, 2018.
user_work_historyThis permission was deprecated on April 4, 2018.
read_custom_friendlistsThis permission was deprecated on April 4, 2018.
read_insightsProvides read-only access to the Insights data for Pages, Apps and web domains the person owns.
If your app requests this permission Facebook will have to review how your app uses it.
Integrate Facebook's app, page or domain insights into your own analytics tools.
Transfer or sell insights data to third parties.
Provide any non-visible use of insights.
read_audience_network_insightsProvides read-only access to the Audience Network Insights data for Apps the person owns.
If your app requests this permission Facebook will have to review how your app uses it.
Integrate Facebook's app Audience Network insights into your own analytics tools.
Transfer or sell insights data to third parties.
Provide any non-visible use of insights.
read_mailboxThis permission was removed after Graph API v2.3.
read_page_mailboxesProvides the ability to read from the Page Inboxes of the Pages managed by a person. This permission is often used alongside the manage_pages permission.
This permission does not let your app read the page owner's mailbox. It only applies to the page's mailbox.
If your app requests this permission Facebook will have to review how your app uses it.
Let someone manage the mailboxes of their Pages through your app.
read_streamThis permission was removed after Graph API v2.3.
manage_notificationsThis permission was removed after Graph API v2.3.
manage_pagesEnables your app to retrieve Page Access Tokens for the Pages and Apps that the person administrates.
Apps need both manage_pages and publish_pages to be able to publish as a Page.
If your app requests this permission Facebook will have to review how your app uses it. You can grant this permission on behalf of people listed within the Roles section of your App's Dashboard without review by Facebook.
When submitting for review, please make sure your instructions are easily reproducible by our team. For example, if your Page Management Tool has its own authentication system, please ensure you provide a working login (such as a username/password) to allow our review team to use your tool and test this functionality.
Publish content to Pages owned by the people who use your app. Publishing also requires the publish_pages permission.
Help people manage the posts, comments and likes published to their Pages.
publish_pagesWhen you also have the manage_pages permission, gives your app the ability to post, comment and like as any of the Pages managed by a person using your app.
Apps need both manage_pages and publish_pages to be able to publish as a Page.
Publishing as an individual personal account is not possible with this permission. To post as an individual, please see the publish_actions permission.
If your app requests this permission Facebook will have to review how your app uses it.
When requesting this permission via App Review, please make sure your instructions are easily reproducible by our team.
Let people explicitly publish content from your app to any of the Facebook Pages they manage from within a custom composer.
Seamlessly like and comment on behalf of the Pages a person manages.
Automatically publish stories without the person being aware or having control.
Pre-fill the message parameter of posts with content a person didn’t create, even if the person can edit or remove the content before sharing.
rsvp_eventProvides the ability to set a person's attendee status on Facebook Events (e.g. attending, maybe, or declined).
This permission does not let you invite people to an event.
This permission does not let you update an event's details.
This permission does not let you create an event. There is no way to create an event through the API.
If your app requests this permission Facebook will have to review how your app uses it.
Reduce friction for people in managing events and calendar information (e.g. device apps, planner apps, concert apps.)
pages_show_listProvides the access to show the list of the Pages that you manage.
Provides API access to your accounts for showing the list of the Pages that you manage
pages_manage_ctaProvides the access to manage call to actions of the Pages that you manage.
Provides API access to manage call to actions of the Pages that you manage
pages_manage_instant_articlesLets your app manage Instant Articles on behalf of Facebook Pages administered by people using your app.
If your app requests this permission Facebook will have to review how your app uses it. You can grant this permission on behalf of people listed within the Roles section of your app dashboard without needing review by Facebook.
If you want to use the Instant Articles Plugin for WordPress (or a similar tool) to publish blog posts as Instant Articles, you do not need to submit for review as long as all those for whom you want to publish are listed in the Roles section of your app dashboard.
When you submit for review, please make sure your instructions are easily reproducible by our team. For example, if your app has its own authentication system, please provide a working login information (such as a username/password) to allow our review team to use your tool and test this functionality.
Create and update Instant Articles for Pages owned by the people who use your app.
ads_readProvides the access to Ads Insights API to pull ads report information for ad accounts you have access to.
This permission does not let you update purchase, update, or otherwise modify ads.
Provides API access to your ad performance data for use in custom dashboards and data analytics
ads_managementProvides the ability to both read and manage the ads for ad accounts you have access to. Please see Ads Management for details.
Programmatically create campaigns, manage ads , and fetch metrics
Build ad management tools that provide innovative solutions and differentiated value for advertisers
business_managementRead and write with Business Management API
If your app requests this permission Facebook will have to review how your app uses it.
Manage business assets such as an ad account. Claiming ad accounts.
Performing general page management and administration only.
pages_messaging (Send/Receive API)This allows you to send and receive messages through a Facebook Page. This permission cannot be used to send promotional or advertising content. Conversations through this API can only begin when someone indicates—through a Messenger plugin or directly messaging you—that they want to receive messages from you.
If your app requests this permission Facebook will have to review how your app uses it.
Creating user-initiated interactive experiences
Confirming bookings, purchases, orders, etc.
Sending customer support messages
Up-selling or cross-selling products or services
Sending brand advertising, newsletters, announcements or spam
Messaging people without their consent
pages_messaging_subscriptionsEnables your app to send messages using Facebook Pages at any time after the first user interaction. Your app may only send advertising or promotional content through sponsored messages or within 24 hours of user interaction.
pages_messaging_payments (Send/Receive API)This allows you to charge users in Messenger conversations on behalf of pages. Intended for tangible goods only, not virtual or subscriptions.
If your app requests this permission, Facebook will have to review how your app uses it. Please apply for this program here: https://www.facebook.com/messenger_platform/payments_requestaccess
Selling products
Selling tickets
Hotel bookings and car rentals
Selling virtual currency
Subscribing to content updates
pages_messaging_phone_number (Customer Matching)This allows you to send and receive messages through a Facebook Page. This permission cannot be used to send promotional or advertising content. You must ask the person for explicit consent before you send them messages using their phone number.
If your app requests this permission Facebook will have to review how your app uses it.
Sending content you'd normally send through SMS
Messaging people without their consent
instagram_basicProvides the ability to read Instagram accounts you have access to. Please see Instagram's Getting Started Guide for details.
If your app requests this permission Facebook will have to review how your app uses it.
Get basic metadata of an Instagram Business Account.
instagram_manage_commentsProvides the ability to read Instagram accounts you have access to. Please see Instagram's Getting Started Guide for details.
If your app requests this permission Facebook will have to review how your app uses it.
Read, update, delete comments of Instagram Business Accounts.
Read media objects, such as stories, of Instagram Business Accounts.
instagram_manage_insightsProvides the ability to read insights of Instagram account you have access to. Please see Instagram's Getting Started Guide for details.
If your app requests this permission Facebook will have to review how your app uses it.
Get metadata of an Instagram Business Account.
Get data insights of an Instagram Business Account.
Get story insights of an Instagram Business Account.