Workplace App Review

All Third Party Apps are reviewed by Workplace before they can be used by customers and annually thereafter. This page will help you to prepare for and successfully pass the app review process.

What is App Review?

App Review is a process that we use to ensure the best possible Workplace experience for your app’s audience. The process aims to help people feel in control of how your app is using their data by requesting only the permissions your app needs to provide a great user experience. App Review happens at the permission level,so even if you have completed it once, and then decide to add permissions to your integration, you may need to submit for review again.

When to Submit?

You can begin the review process at any time, and you can edit your submission before it is reviewed, but we recommend that you begin a submission only after you have thoroughly tested your app and you are ready for release. If your app has already gone through App Review and has been approved for specific permissions then changing the information in Integration Directory will require you to complete the review process here.

Prerequisites

App review follows having requested a Third Party app and having completed your app development. When ready, this page describes what you need to do to submit your app for App Review and to complete Business Verification.

Prepare for App Review

If you are an independent software vendor (ISV) that wants to integrate your SaaS product with Workplace and make it available to our customers, you must first request a third party app. If your request is approved, you will then need to integrate your product with Workplace's install flows, APIs, and webhooks (as applicable).

During the app creation request, you are required to supply a User ID of a Facebook user who can be added as a Admin on your Workplace app. This individual can configure your app via developers.facebook.com/apps.

The following steps describe how to prepare for App Review:

Complete Business Verification

Business verification allows us to verify your identity as a business entity, which we require if your app will be accessing sensitive data. All ISVs that offer Third Party Apps to Workplace customers must have completed Facebook's Business Verification. This step is required once per company, irrespective of the number of apps the company supports. The instructions to complete this step is outlined below (Please ensure the person initiating the above steps is the admin of both the app and the business in the Business Manager).

You can begin the Business Verification process using the link in your App Dashboard Inbox alert, or within the App Dashboard's Settings > Basic tab.

If you haven't connected your app to a Facebook Business Manager account, you will be asked to do so.

Once connected, clicking any of the verification links or buttons will take you to the Business Manager's Business Settings > Business Info tab. From there, navigate to the Security Center and click Start Verification.

If we can locate your business details via our trusted 3rd party data sources, we will ask you to confirm your association with the business via email or phone. If we cannot locate your business details, you may need to submit additional documentation to complete the business verification process.

If you submitted documentation, but are still having issues getting verified, you may need to submit additional documentation. If you are unable to provide this extra information within 1 week, you'll need to start the process again.

For more information about the business verification process and steps for troubleshooting, please refer to our Business Manager help document.

Configure your App

Your app admin will need to configure the following values:

  • App Name (no more than 30 characters)
  • App Icon (1024x1024, PNG format with transparent background)
  • Redirect URL (under "Facebook Login")
  • Tagline (recommend 40 chars max) (under "App Center")
  • Short Description (recommend 50 words max) (under "App Center")
  • Publisher (under "App Center", no more than 30 characters)
  • Marketing URL (under "App Center")
  • Terms of Service URL (under "App Center")
  • Privacy Policy URL

Prepare Your Workplace Directory Listing

Selected apps will featured within the Workplace Integration Directory. Therefore you are required to configure your app with the following information:

  • Integration name
  • Developer / publisher Name
  • App logos and icons
  • A subtitle / tagline
  • A description of your integration
  • External links
  • Privacy policy and terms of service page URLs
  • Showcase images or screenshots

The requirements for each of these items are described below:

Integration Name

A string which represents your app's name. This will be visible in the directory and wherever your app is referred to. If your integration has a bot, this will also be the bot's name, unless your app supports white-labeling.

Maximum Character Length: 32

Examples:
  • “Dropbox”
  • “Envoy”
  • “Jira”

Developer/Publisher Name

A string that represents your company/organization. Will be used alongside the integration name to help people understand who is responsible for the functionality of the integration.

Maximum Character Length: 32

Examples:
  • “Dropbox, Inc.”
  • “Recognize Services, Inc.”

App Logo & Icons

  • A 1024 x 1024 png. This will be used as the icon image for your integration in the directory, the install dialog and various other places where we need a larger icon. If your integration has a bot, this will also be the bot's icon. We will scale this down to multiple sizes.
  • A 64x64 colour app favicon (transparent PNG). This will be scaled down to 32x32 and 16x16 formats.
  • A 64x64 monochrome (black) app icon (transparent PNG). This will be scaled down to 32x32 and 16x16 formats.
  • Primary Brand Color (hex). This will be used to colorize your app's monochrome icon in certain circumstances and may be user as background/header colour where we promote your integration.

App Subtitle / Tagline

A short sentence description of what your integration does. This will be shown in the directory where we list multiple integrations together, and in the integration install dialog.

Examples:
  • “High quality video conferencing.”
  • “Quick and simple surveys via Chat.”
  • “The new standard for visitor registration.”

Maximum Character Length: 40

Integration Description

A clear description of what your integration/app does and why people should install/enable it. This will use shown in your integration's directory listing.

Maximum Character Length: 400

  • Learn More - direct link(public to the internet) where users can go to learn more about what your app/product does and how your integration works. This may be a blog post which details your integration's functionality, or a help center/support article that gives more detail to people on what they can expect once your integration is added to their Workplace. For example:
  • Setup Guide - direct link (public to the internet) to a document containing the setup / configuration steps that an admin needs to take to prepare your app for use with Workplace. If the app needs to be setup outside of Workplace then ensure to list the steps required for the same.
  • Privacy Policy - direct link (public to the internet) to a document containing your app's privacy policy. This URL will be linked for all admins upon initiating an install of your app.
  • Terms of Service - direct link (public to the internet) to a document containing your app's terms of use. This URL will be linked for all admins upon initiating an install of your app.

Customer Support

You may supply one or both of Customer Support Documentation or a Customer Support Email address, but at least one of these is required.

  • Customer Support Documentation - A publicly visible user-facing URL to where users/customers of your integration can go to ask questions and raise bugs. Ideally this URL should directly let a user input a support request, but at a minimum there must be clear instructions on how to do so.
  • Customer Support Email - A user-facing email addreess where users/customers of your integration can go to ask questions and raise bugs. Please endeavour to ensure that people receive a reply within 24 hours. If you're unable to provide that turnaround, you should setup an auto-reply which confirms receipt and provides an expected timeframe for your response or directs people to another channel where they can file bugs or give feedback about your integration. Our support team will pass this email address to Workplace customers if they contact us about a problem with your integration.

Screenshots

A set of images that showcase what your integration does. You can include a mix of mobile and desktop screenshots. You must supply between three and eight images.

Each image must be:

  • 800px high
  • between 400px wide (min) and 1000px wide (max)
  • full-bleed PNG

Submit For App Review

Once the above steps are completed, you are ready to submit for App Review.

As part of the review, our team will verify that your integration uses the minimum number of required permissions to provide your app's functionality and that your configuration is complete. You may be given feedback on your integration at this stage.

App Review Submission Steps

  • Make sure to fill out all the fields (as described above) in the Details tab under Workplace
  • Click on the Review tab under Workplace to start the submission
  • For every permission click on "Add to Submission" button (All the permission granted will be subjected to app review)
  • In the Current Submission section, for every permission click on Edit Details and complete the following:
    • Detailed explanation on how the permission is enabling the intended functionality and interaction with the user
    • Upload a screencast based on the specified requirements which demoes the use of the permission(Atleast one submission should also include the installation demo).
  • Click on the Edit Details for App Verification and provide 2 test user credentials for the review team to configure and test the app in Workplace.
    Please Note:
    • The installation of the app should be automated i.e: the customer should be able to install the application by either clicking on "Add to Workplace/Visit Site to install" from the Integration Directory or from the the partner's tenant. Installation of the app should not involve any manual configuration that can be done using the Graph API.
    • If the test users provided needs to be an admin in both your tenant as well as the Workplace instance then ensure to provide a test user that does not have a pre-existing Workplace instance. During the review process, the reviewer will create a Workplace account with the test user's email address in their Workplace instance and will test the functionality acccording to the screencast(s) provided in the previous step.
  • On completion of all the above steps you can submit the app for review by clicking on Submit for Review button.

Next Steps

Your app may be required to pass Workplace's security review process, which is required for:

  • Any app that uses at least one medium- or high-sensitivity permission
  • Chat bots that can be added to group chats
  • Any chat bot that inherently sends sensitive Personally Identifiable Information (PII) in chat messages
  • Other circumstances, as deemed necessary by Workplace