All companies that would like to offer SaaS apps to Workplace customers must use Workplace Third Party Apps and pass Workplace's app review and security reviews, as described below.
The Workplace platform supports APIs and webhooks that enable our customers to add SaaS integrations to their Workplace instance via Third Party Integrations. Submitting an App Creation request is the first step in making your product available to Workplace Customers.
All Third Party Integrations must comply with our Platform Terms, pass App Review, and certain apps -- including those that require mid- or high-sensitivity permissions -- must also pass our Security Review. Selected Third Party Integrations also appear in our Integrations Directory.
If you're a developer building an enterprise productivity tool, and you'd like to integrate with Workplace, we want to hear from you! Request an app today via our support tool, and a member of the Workplace team will get in touch with you to get you up and running.
* App Review is: 1) required before your app can be used by other Workplace customers, then 2) repeated annually in the future
† Certain apps -- including those that use mid- or high-sensitivity permissions -- are required to pass Workplace's Security Review: 1) before your app can be used by other Workplace customers, then 2) repeated annually in the future
Your app request will be reviewed for suitability on the Workplace platform, considering these criteria:
Workplace app permissions are divided into three levels of sensitivity, which are a factor in determining the level of security review required for an app. It is required that developers request the minimum permissions necessary to provide the app's functionality. The presence of one or more of the medium- or high-sensitivity permissions triggers the respective security review of the app for that level.
You can find a full description of each permission in our reference documentation
The Impersonate account permission is unavailable for third party apps
Apps that use low-sensitivity permissions exclusively are typically not required to undergo the security review process, although there are circumstances under which these apps are required to do so, for example chat bots that inherently exchange sensitive Personally Identifiable Information (PII) in chat messages or hit a certain usage threshold.
message
)read_user_email
)link_unfurling
)Apps that use any mid- or high-sensitivity permissions must undergo the annual security review process.
bot_mention
)write_group
)manage_group
)write_user_feed
)read_user_work_profile
)read_user_org_chart
)list_group_members
)manage_badges
)logout
)Apps that use any mid- or high-sensitivity permissions must undergo the annual security review process.
read_group
)read_all_messages
)read_user_feed
)delete_messages
)receive_security_logs
)manage_profiles
)manage_knowledge_library
)manage_accounts
)Requirements to make your integration available to other Workplace customers as a third party app:
http://www.facebook.com/{userID|username}
Requirements to add a new permission to an existing app: