Request a Workplace Third Party App

All companies that would like to offer SaaS apps to Workplace customers must use Workplace Third Party Apps and pass Workplace's app review and security reviews, as described below.

All Third Party Apps Are Reviewed by Workplace

The Workplace platform supports APIs and webhooks that enable our customers to add SaaS integrations to their Workplace instance via Third Party Integrations. Submitting an App Creation request is the first step in making your product available to Workplace Customers.

All Third Party Integrations must comply with our Platform Terms, pass App Review, and certain apps -- including those that require mid- or high-sensitivity permissions -- must also pass our Security Review. Selected Third Party Integrations also appear in our Integrations Directory.

If you're a developer building an enterprise productivity tool, and you'd like to integrate with Workplace, we want to hear from you! Request an app today via our support tool, and a member of the Workplace team will get in touch with you to get you up and running.

App Qualification Criteria

Your app request will be reviewed for suitability on the Workplace platform, considering these criteria:

• Business value of the app
• Whether the requested app permissions are essential to deliver the planned use case
• Your company's track record for delivering valuable enterprise collaboration apps
• If you're requesting mid- or high-sensitivity permissions, your company's security credentials (e.g., SOC or ISO certifications)

Sensitivity of Permissions

Workplace app permissions are divided into three levels of sensitivity, which are a factor in determining the level of security review required for an app. It is required that developers request the minimum permissions necessary to provide the app's functionality. The presence of one or more of the medium- or high-sensitivity permissions triggers the respective security review of the app for that level.

Low Sensitivity Permissions

Apps that use low-sensitivity permissions exclusively are typically not required to undergo the security review process, although there are circumstances under which these apps are required to do so, for example chat bots that inherently exchange sensitive Personally Identifiable Information (PII) in chat messages or hit a certain usage threshold.

• Message any member (message)
• Read user email (read_user_email)
• Create link previews (link_unfurling)

Medium Sensitivity Permissions

Apps that use any mid- or high-sensitivity permissions must undergo the annual security review process.

• Mention bot (bot_mention)
• Manage group content (write_group)
• Manage groups (manage_group)
• Manage user timeline (write_user_feed)
• Read work profile (read_user_work_profile)
• Read org chart (read_user_org_chart)
• List group members (list_group_members)
• Manage badges(manage_badges)
• Logout (logout)

High Sensitivity Permissions

Apps that use any mid- or high-sensitivity permissions must undergo the annual security review process.

• Read group content (read_group)
• Read all messages (read_all_messages)
• Read user timeline (read_user_feed)
• Delete chat messages (delete_messages)
• Read security logs (receive_security_logs)
• Manage profile (manage_profiles)
• Manage Knowledge Library content(manage_knowledge_library)
• Provision accounts (manage_accounts)

App Configuration Options

• White labeling - By default, your app's appearance is set by you when you configure your app metadata. If you choose to allow it, white labeling lets your customers change the appearance of your bot (i.e., its name and icon) within their Workplace instance upon installation
• Multi Install - By default, a third party app can only be installed once per Workplace instance. While this suits many use cases, there are kinds of integrations (e.g., conversational bot engines) where customers may desire to install multiple instances of your app, which is possible if this option is configured for your app.
• Allow chat bot to participate in group chats - Pertains only to apps with “Message Any Member” permission — by default, chat bots can interact directly with people via Work Chat in 1:1 threads. Request this configuration if your chat bot needs to be able to create or participate in 1:n threads.

Submit a Request

Requirements to make your integration available to other Workplace customers as a third party app:

• You must have a Workplace Advanced or Enterprise account. If you don't have already have Workplace account, you can sign up at workplace.com.
• You must be a System Administrator to submit a request. Make sure you are a System Admin by opening the admin panel. If you are not a System Admin you'll need to ask a current Workplace System Admin to grant you this role.
• Please ensure that you provide a Facebook (not Workplace) user ID or username in your request. The easiest way to find this is to login to facebook.com, click on your own profile picture, then copy and paste the entire URL. For example, the format would be http://www.facebook.com/{userID|username}

Create App Request

Add New Permission To An Existing App

Requirements to add a new permission to an existing app:

• You must have a Workplace Advanced or Enterprise account. If you don't have already have Workplace account, you can sign up at workplace.com.
• You must be a System Administrator to submit a request. Make sure you are a System Admin by opening the admin panel. If you are not a System Admin you'll need to ask a current Workplace System Admin to grant you this role.
• Ensure to provide a valid use case for each permission requested.

Update App Permission(s)