Facebook Login improves your app user experience by enabling customers to easily sign up for your app without creating a username/password, and it maximizes the number of people using your app.
With more people using your app, you’ll see improved performance with our other business tools that are designed to provide you with insight into your audience. When more of your customers use Facebook Login, these tools are more powerful to help you understand and grow your business. We recommend using the following best practices to maximize the number of visitors who sign up with Facebook Login. A high quality onboarding experience can lead to conversion rates above 80%.
User Experience Best Practices
Data Use Best Practices
Technical Practices
Additional Best Practices
A majority of users who sign into apps with Facebook do so in the first five minutes of using the app, and more than 90% do so in the first day. Promote sign in as early as possible during your first-launch experience and offer incentives that share the business value you can provide from knowing who they are. Offering Facebook Login immediately on your welcome screen lets motivated visitors get started fast.
If your analytics show that users arrive ready to complete a task immediately, use a banner to remind them to create an account, or offer account creation a way to speed up a check-out process.
Use large, rectangular buttons for Facebook Login that are adjacent to other sign options. Facebook Login will do better if it is shown ahead of other options. You also want buttons to be consistent with the rest of your app design as buttons that are significantly visually different (for example, small, round buttons) won't perform as well.
The Facebook Login button that comes with our SDKs is easy to integrate and includes built-in education that ensures a consistent design and experience. However, if you do decide to build your own, for best results follow the Developer Policies for Login and the recommendations in User Experience Design.
Customers might start down another account creation path and decide it is too much trouble if you require them to create a new password, upload a profile picture or manually enter other data they could provide through Facebook Login. Keep the option to use Facebook Login visible on these screens to convert visitors who might otherwise abandon account creation at this point.
Offer customers a bonus for using Facebook Login and make it clear by the placement of your offer that it applies to Facebook Login, as well email and password sign up. You can also offer additional benefits for Facebook Login specifically.
If an app has too many sign in options, the conversion towards Facebook Login can decrease. If your app supports multiple sign in options, use signals like language and country code to de-prioritize or hide options that are region specific.
Sometimes users forget how they signed up for your service. If a user tries to use an email address to sign up or sign in and you've seen it before with Facebook Login, remind them and give them the chance to continue with their existing account. Ask for the same set of baseline permissions on all platforms, otherwise returning users may interpret being asked to grant a new permission as creating a new connection to Facebook, instead of easily logging back in with their existing one.
On modern iOS and Android, in-app web views can't share cookies with the system browser. Because this makes it look to Facebook like a brand new browser, your visitors will see a “login to Facebook” screen with a cookie consent banner and requesting their username and password.
On Android, log in users with the native Facebook app if it is present, or a Chrome Custom Tab if not. This ensures that people who've used Facebook on their device before are just one click away from approving your app.
Our latest iOS SDKs always prefer ASWebAuthenticationSession
/ SFAuthenticationSession
web views that can access system cookies.
Generally, using the latest Facebook SDKs will give you the optimal behavior automatically. If you have a custom login flow or you use an integrator platform that provides Facebook Login as one of several sign in methods, make sure that your app has a Facebook Login experience that is full screen, and that you see the “use Facebook.com to Sign In” system prompt on iOS. If you see cookie consent banners or non-full screen experiences, contact your integrator and ask them to use the appropriate methods on each platform to give your visitors the best experience.
Once people are logged in, you should also give them a way to log out, disconnect their account, or delete it all together. In addition to being a courtesy, this is also a requirement of our Developer Policies for Login.
The dating app Tinder, for example, gives you the option to log out or to delete your account entirely.
Only ask for the permissions you need. The fewer permissions you ask for, the easier it is for people to feel comfortable granting them. We've seen that asking for fewer permissions typically results in greater conversion.
You can always ask for additional permissions later after people have had a chance to try out your app.
An additional benefit of asking for fewer permissions is that you might not need to submit your app for App Review. You need to submit for App Review if you request any permissions other than the default fields and email.
You should trigger permission requests when people are trying to accomplish an action in your app which requires that specific permission.
For example, the Facebook app only asks for Location Services when people explicitly tap on the location button when updating their status.
In addition, people are most likely to accept permission requests when they clearly understand why your app needs that info to offer a better experience.
Although access tokens have a scheduled expiration, tokens can be caused to expire early for security reasons. If you don't use the Facebook SDKs in your app, it is extremely important that you manually implement frequent checks of the token validity — at least daily — to ensure that your app is not relying on a token that has expired early for security reasons.
It's incredibly important to test your Facebook Login flow under a variety of conditions, and we've built a robust testing plan for you to follow. It's also a good idea to run qualitative usability tests to understand how people are reacting to what they see.
Once you've tested your Facebook Login flow and are ready to launch, we suggest using an analytics program to understand if people are completing the process and their overall conversion rates. Best practice apps can see conversion rates of over 80%.
To avoid potential problems later on, do a quick check to make sure your Facebook Login integration adheres to the Developer Policies for Login.
To give people control of their data, implement a data deletion callback to respond to people's requests to delete data your app has from Facebook about them.
You only need to submit your app for App Review if you're requesting permissions beyond the default fields and email
. We recommend you submit your app for review as early as possible in your development lifecycle after you've integrated Facebook Login. You'll receive transparent feedback during the App Review process, including feedback on changes you can make to get a denied permission approved, if appropriate. For existing apps, going through Login Review will not affect your current app.
You can learn more about App Review in App Review for Facebook Login.
We’re rolling out a feature that gives people more transparency and control over the data other apps and websites share with us. As this feature rolls out, it may impact Facebook Login.
To help developers prepare for the launch of this feature, we’re providing our developer community with these additional best practices and guidance.
When someone exercises control via the feature and wants to log back in to an app or website, that person should be prompted to do so when they open the app or website again. If they choose to log back in using Facebook Login, they will need to re-authorize any applicable permissions to the app or website.
In addition, when a person logged in with Facebook Login is actively using an app or website, developers should check that the user access token is still valid by making an API call or by checking permissions. Be sure to log the user out when their access token is invalidated.
People can revoke permissions granted to your app in Facebook's interface at any time after they have logged in. It is important to check what permissions are granted to apps and websites by active users.
To give people control of their data, you should implement a data deletion callback to respond to people’s requests to delete data an app or website has from Facebook about them.