Authorization

To access Marketing API endpoints, your app must clear multiple layers of Graph API authorization.

Layer 1: App Types

When you create a Facebook app, you're asked how that app will be used. The selection you choose determines your app type: Business, Gaming, or None. See App Types.

To access Marketing API endpoints, you need to create a Business app. See Available Products for Business Apps.

Once you have registered your app, you can assign roles to anyone with a developer account who will help you with development.

Layer 2: Access Levels, Permissions, and Features

Business apps are subject to an additional layer of Graph API authorization called access levels. During App Review, your app must also request specific permissions and features.

Access Levels

Access LevelDescription

Standard Access

Business apps are automatically approved for Standard Access for all Permissions and Features available to the Business App Type.


Use this option if you're getting started. You can build end-to-end workflows before requesting full permissions. You can access an unlimited number of ad accounts.


Some API calls may not be available with Standard Access because they may belong to multiple accounts, or the affected account can't be identified programmatically.

Advanced Access

Advanced Access must be approved through the App Review process on an individual Permission and Feature basis.


To request Advanced Access, go to your app’s dashboard and click App Review > Permissions and Features.


Find the permission or feature you would like to access and, under Action, click Request advanced access. You can select one or more features. Once you have selected your options, click Continue the Request and you're taken to a screen that guides you through the submission process.


After you submit your information, Facebook responds with an approval or denial, and information if your app is not qualified for standard access.


If you're approved for Advanced Access, you need to complete the following to maintain your status:

  • Successfully have made at least 1500 Marketing API calls in the last 30 days.
  • Have made Marketing API calls with an error rate of less than 10% in the last 30 days.

Each level has restrictions, see Access Levels And Features. All developers also must follow all Facebook Platform Terms and Developer Policies. Calls on ANY access level are against production data.

To check your current access level, go to App Dashboard > App Review > Permissions and Features.

Permissions and Features

The permissions you should request change depending on which API you want to access.

If your app is only managing your ad account, Standard Access and ads_read and ads_management permissions are sufficient. If your app is managing other people’s ad accounts, you need Advanced Access ads_read and/or ads_management permissions. See all available permissions for business apps.

The features you should request change depending on how you want to use our APIs. If you're managing ads, a common feature to request is Ads Management Standard Access. See all available features for business apps.

If you're managing someone's ads, use the scope parameter to prompt someone for ads_management or ads_read permissions. Your app gets access when someone clicks Allow:

https://www.facebook.com/v19.0/dialog/oauth?
  client_id=<YOUR_APP_ID>
  &redirect_uri=<YOUR_URL>
  &scope=ads_management
    

When inputting the YOUR_URL field, put a trailing /. Example: http://www.facebook.com/

Examples

Use CaseWhat To Request

You want to read and manage ads for ad accounts you own or have been granted access to by the ad account owner.

  • Permission: ads_management
  • Feature: Ads Management Standard Access

You want to read ads reports for ad accounts you own or have been granted access to by the ad account owner.

  • Permission: ads_read
  • Feature: Ads Management Standard Access

You want to pull ads reports from a set of clients, and to both read and manage ads from another set of clients.

  • Permissions: ads_management and ads_read
  • Feature: Ads Management Standard Access

Access Levels and Features

The table below shows how Standard and Advanced access levels impact the Ads Management Standard Access feature.

Standard Access Advanced Access

Account Limits

Manage unlimited number of ad accounts. App admins or developers can make API calls on behalf of ad account admins or advertisers.

Manage unlimited number of ad accounts, assuming you get ads_read or ads_management permission from the ad account.

Rate Limits

Heavily rate-limited per ad account. For development only. Not for production apps running for live advertisers.

Lightly rate limited per ad account.

Business Manager

Limited access to Business Manager and Product Catalog APIs. No Business Manager access to manage ad accounts, user permissions and Pages.

Access to all Business Manager and Product Catalog APIs.

System User

Can create 1 system user and 1 admin system user.

Can create 10 system users and 1 admin system user.

Page Creation

Cannot create pages through the API.

Cannot create pages through the API.

Access Levels vs. Ads Management Standard Access

Permissions and features for apps have two different access levels: Standard Access and Advanced Access. Please note that the use of the term ‘Standard Access’ here is not related to the Ads Management Standard Access feature. Ads Management Standard Access still requires an app to pass through review in order to have access to the feature.

Layer 3: Business Verification

Business verification is a process that allows us to verify your identity as a business entity, which we require if your app will access sensitive data. Learn more about the Business Verification process.