Facebook API: Getting Your Additional Permissions Approved

If you are using the Facebook Platform to build applications, sooner or later, you will need to request additional permissions from users. However, before you can access additional information, Facebook will review your app and permissions before approving them. Here are some tips on getting through the review process.

Only Request the Permissions You Need

If you are submitting additional permissions for review, only select and submit the ones you need. Requesting too many permissions will prolong the review process and will complicate the testing required by Facebook.

Provide Test User Details

Use the [Roles] section for your app to create [Test Users] for your application. You can provide Facebook with this test account so they can review and test your application. You are only able to provide one account so make sure the application works with the account you provide.

If you have previously used the test account to test your application, remember to reset the account before submitting your application for review.

For example:

• Remove the app from the test account. You can do this from the App Settings page (while being logged in as the test user)
• Remove any content created by the account, e.g. database entries, user-generated content etc.

This will let Facebook mimic a fresh install of the application. Of course, the easiest option is to create a separate Test Account for Facebook’s use. This would save you the trouble of resetting everything.

Provide Detailed Information on Use of Each Permission

Depending on the permission you are requesting, Facebook will provide Notes on how the permissions should be used, and will require to confirm that usage is in line with the platform policies. This is done using a series of questions, and depending on the question, Facebook will immediately inform you of whether your use of the permission will be approved.

Assuming your answers comply with policy, you also need to provide detailed instructions on the use of the permission. This can be done separately for each permission, and for each platform it’s being used on.

In your instructions, remember to include:

• why the permission is required
• how the permission is used
• step-by-step instructions on how to see the permission in use

For example, here is the information I provided for an application that was requesting the publish_actions permission:

The publish_action permission is used to allow the user to seamlessly share content from the application. The user needs to explicitly click the “Share” button within the app to share content. Once shared, the user is prevented from Sharing the same content again.

After logging in, the user can click the “Share” buttons in the application to share the related content to Facebook.

1. Login to application and accept permissions
2. Click on Share button to share related content
3. Content is shared in background
4. Share button is disabled to prevent further sharing
5. Check timeline to see shared content

Upload a Screencast

Facebook also lets you upload a screencast of your permission in use. This can either be a direct screen recording (e.g. using Quicktime on Mac or similar app), or taken using a camera or mobile phone. You need to upload the file directly to Facebook, or you won’t be able to submit the permission for review.

Check the Permission Documentation

Read up on the documentation for the permissions you’re using, paying particular attention to the “Common Usage” section. If you don’t comply with the Do’s and Don’ts listed here, your submission is likely to be rejected.

Test the Permissions

Before you submit your permissions for review, make sure your application works with and without the permission being granted. Remember, a permission can be denied by the user or revoked at a later date, so your application should fail gracefully. If a permission is denied or revoked, you should either disable any functionality that depends on the permission, or prompt for the permission again.

You can test unapproved permissions using your Developer account or using Test Accounts created using the [Roles] section in [App Settings]. Real users won’t be able to use permissions until they are approved, but as a Developer or Test User, you can test the application and permissions before submitting them for review.

Review Rejections Carefully

If your submission is rejected, don’t panic. Carefully review the submission and take note of what the reviewer has said. If your application doesn’t comply with platform policies, the permissions won’t be approved until you resolve the issue.

In most cases, the reviewer will clearly explain the issue with the app or permission, allowing you to fix it before re-submitting the review. Make sure you address all the reviewer’s items before re-submitting. And be sure to take a screenshot or make a copy of the reviewer’s notes and they will be lost after re-submission.

Submit More Permissions for Review

As you build new features and improve your application, you may need to apply for more permissions. Your App Settings page will display the result of the last submission, and any previously approved permissions. You can also start a new submission process to request more permissions.