Sample App Review Submission for Facebook Login

Let's say you've developed an app that allows users to create party invitations. Your app needs access to user data, so you've implemented Facebook Login with the user_photos, user_location, and user_age_range permissions. You've read each permission's description, as well as our Platform Policy, and have verified that your app uses data in an approved manner. Your app is now ready for public release, so you begin the app review process.

Adding Permissions

You sign into your app dashboard, click App Review, then click Permissions and Features.

Your app needs the user_photos, user_location, and user_age_range permissions, so you use the search field to locate and add each of them to your submission.

Describing Data Usage

Now you explain how you will use the data that each permission allows your app to access. You start with the user_photos permission. You click Current Request, then the continue icon in the Tell us how you'll use user_location row.

After agreeing to our permission and feature usage guidelines, you provide a general description of what your app does, then explain how the user_photos permission will provide value to your app users.

You enter the following description in the Tell us how you're using this permission or feature section:

"My app allows users to easily schedule parties, and create and send custom party invitations, using their location, age range, and photos. The user_photos permission allows users to access their photos so they can customize their account profile icon and add photos to any party invitations they create. Adding personal photos to invitations increases the likelihood that recipients who know the user will accept an invitation."

In the Demonstrate how your selected platforms will use this permission or feature section, you switch the Web toggle to On, since your app is a web app.

In the Web field that appears, you enter instructions that a submission reviewer can follow to verify that your app uses user_photos in the way you have described. You also indicate when this happens in the screencast that you will be uploading.

You enter the following:

"To see how my app uses these permissions:

  1. Go to and click 'Continue with Facebook'.
  2. Click 'Continue as...' to allow the app to access your name and profile pic.
  3. This page uses the default permission to grab the user's first name and profile pic, and displays them both. Click your profile pic.
  4. Click the 'Import' button.
  5. Click 'Continue as...' to allow the app to access your photos.
  6. This windows uses user_photos to grab the first 30 photos in the user's account and displays them. Select a photo.
  7. Click 'Choose a location'.
  8. Click 'Continue as...' to allow the app to access your current city and age range.
  9. This window uses user_age_range and user_location to determine the user's approximate age and location, then grabs a list of nearby, age appropriate venues (which it gets from another service). Select a location.
  10. In the invitation composer, click the image.
  11. This window uses user_photos again to grab the first 30 photos in the user's account and displays them. Select a photo.

The accompanying screencast shows user_photos being requested at the 18-second mark, and it shows the user's photos being accessed at the 23- and 51-second marks."

Uploading a Screencast

In the Show us how you're using this permission or feature section, you upload a short, 1-minute screencast of a user signing into your app and customizing their account profile photo and party invitation with photos from their Facebook account.

You upload the following screencast and click Save.

Something Went Wrong
We're having trouble playing this video.

Now that you've supplied details for the user_photos permission, you repeat these steps for the user_location and user_age_range permissions. Since your screencast shows how all three permissions are used, you use the same screencast for all of them.

Verification Details

Finally, you verify that your app is accessible and ready for review, and provide any test user or special test account credentials that a reviewer may need to test your app.

All of the permissions that your app requires can be granted and tested with a standard Facebook account, so you leave the Test User field blank, since reviewers can user their own Facebook test accounts to test permission flows.

Your app doesn't require any special credentials to be tested, such as a CRM login or password, so you leave the Testing Credentials field blank as well.

You then check the confirmation checkbox and save your details.


You've supplied everything a reviewer will need to verify that your app uses the user_photos, user_location, and user_age_range permissions in an approved manner, so you click Submit For Review.