Permissions are a form of granular, user-granted Graph API authorization. Before your app can use an endpoint to access an app user's data, the app user must grant your app all permissions required by that endpoint. The easiest way to get permissions from app users is to implement Facebook Login.
Getting permissions from app users involves the following steps:
email
or public_profile
, you must submit your app for app review so Facebook can confirm that the app uses the data in intended ways and safeguards user privacy.To pass app review, it is important that you ask for only the permissions your app needs to function. Asking for unnecessary permissions is a common reason for rejection during app review.
For more information about permissions, see Permissions with Facebook Login.
The largest number of permissions is requested through Facebook Login, but some are requested through Instagram. In addition, businesses holding a system_user token and so functioning as a user can grant permissions through Business Manager.
For lists of permissions granted through Facebook Login and Instagram, see the following sections:
Access to any Permission that is granted by default or through App Review can be used to request analytics insights to improve your app and for marketing or advertising purposes, through the use of aggregated and de-identified or anonymized information (provided such data cannot be re-identified).
If a permission for which you have been approved gets deprecated, you can use the app dashboard to remove that permission from your app just as you would to remove a permission you no longer use.
If your app does not use a permission for 90 days, the app user who granted it must grant it again. This is true even if the permission was approved through App Review.
Every permission below requires App Review except for email
and public_profile
.
Starting May 5,2023, all apps making new requests for Advanced Access, including for email
and public profile
, will require Business Verification.
Permission | Description |
---|---|
ads_management | The ads_management permission allows your app to both read and manage the Ads account it owns, or has been granted access to, by the Ad account owner. Allowed Usage
|
ads_read | The ads_read permission allows your app to access the Ads Insights API to pull Ads report information for Ad accounts you own or have been granted access to by the owner or owners of other ad accounts through this permission. This permissions also grants your app access to the Server-Side API to allow advertisers to send web events from their servers directly to Facebook. Allowed Usage
|
attribution_read | The attribution_read permission grants your app access to the Attribution API to pull attribution report data for lines of business you own or have been granted access to by the owner or owners of other lines of business. Allowed Usage
|
Permission | Description |
---|---|
business_management | The business_management permission allows your app to read and write with the Business Manager API. Allowed Usage
|
Permission | Description |
---|---|
catalog_management | The catalog_management permission allows your app to create, read, update and delete business-owned product catalogs that the user is an admin of. Allowed Usage
|
Permission | Description |
---|---|
The email permission allows your app to read a person's primary email address. Allowed Usage
|
Permission | Description |
---|---|
gaming_user_locale | The gaming_user_locale permission allows your app to get a user's preferred language while the user plays a game on Facebook (for example, Instant Games or Cloud Gaming). Allowed Usage
|
groups_access_member_info | The groups_access_member_info permission allows your app to read publicly available group member information like name and ID if the post author has granted your app access. Allowed Usage
|
Permission | Description |
---|---|
instagram_basic | The instagram_basic permission allows your app to read an Instagram account profile's info and media. Allowed Usage
|
instagram_content_publish | The instagram_content_publish permission allows your app to create organic feed photo and video posts on behalf of a business user. Allowed Usage
|
instagram_manage_comments | The instagram_manage_comments permission allows your app to create, delete and hide comments on behalf of the Instagram account linked to a Page. Your app can also read and respond to public media and comments that a business has been photo tagged or @mentioned in. Allowed Usage
|
instagram_manage_insights | The instagram_manage_insights permission allows your app to get access to insights for the Instagram account linked to a Facebook Page. Your app can also discover and read the profile info and media of other business profiles. Allowed Usage
|
instagram_shopping_tag_products | The instagram_shopping_tag_products permission allows an app to tag Instagram media with product tags and appeal product rejections. Allowed Usage
|
Permission | Description |
---|---|
leads_retrieval | The leads_retrieval permission allows your app to retrieve and read all information captured by a lead ads form associated with an ad created in Ads Manager or the Marketing API. Allowed Usage
|
Permission | Description |
---|---|
pages_events | The page_events permissions allows your app permission to log events on behalf of Facebook Pages administered by people using your app and to send those events to Facebook for ads targeting, optimization and reporting. Allowed Usage
|
pages_manage_ads | The pages_manage_ads permission allows your app to manage ads associated with the Page. Allowed Usage
|
pages_manage_cta | The pages_manage_cta permission allows your app to carry out POST and DELETE functions on endpoints used to manage call-to-action buttons on a Facebook Page. Allowed Usage
|
pages_manage_instant_articles | The pages_manage_instant_articles permission allows your app to manage Instant Articles on behalf of Facebook Pages administered by people using your app. Allowed Usage
|
pages_manage_engagement | The pages_manage_engagement permission allows your app to create, edit and delete comments posted on the Page. Allowed Usage
|
pages_manage_metadata | The pages_manage_metadata permission allows your app to subscribe and receive webhooks about activity on the Page, and to update settings on the Page. Allowed Usage
|
pages_manage_posts | The pages_manage_posts permission allows your app to create, edit and delete your Page posts. Allowed Usage
|
pages_messaging | The pages_messaging permission allows your app to manage and access Page conversations in Messenger. Allowed Usage
|
pages_read_engagement | The pages_read_engagement permission allows your app to read content (posts, photos, videos, events) posted by the Page, read followers data (including name, PSID), and profile picture, and read metadata and other insights about the Page. Allowed Usage
|
pages_read_user_content | The pages_read_user_content permission allows your app to read user generated content on the Page, such as posts, comments, and ratings by users or other Pages, and to delete user comments on Page posts. Allowed Usage
|
pages_show_list | The pages_show_list permission allows your app to access the list of Pages a person manages. Allowed Usage
|
pages_user_gender | The pages_user_gender permission allows your app to access a user's gender through the Page your app is connected to. Allowed Usage
|
pages_user_locale | The pages_user_locale permission allows your app to access a user's locale through the Page your app is connected to. Allowed Usage
|
pages_user_timezone | The pages_user_timezone permission grants your app access to a user's time zone through the Page your app is connected to. Allowed Usage
|
private_computation_access | The private_computation_access permission allows an app to access the Meta Private Computation products. Allowed Usage
|
public_profile | Allows apps to read the Default Public Profile Fields on the User node. This permission is automatically granted to all apps. Allowed Usage
|
publish_to_groups | The publish_to_groups permission allows your app to post content into a Group on behalf of a person if they've granted your app access. Allowed Usage
|
publish_video | The publish_video permission allows your app to publish live videos to an app user's timeline, group, event or Page. Allowed Usage
|
Permission | Description |
---|---|
read_insights | The read_insights permission allows your app to read the Insights data for Pages, apps and web domains the person owns. Allowed Usage
|
Permission | Description |
---|---|
user_age_range | The user_age_range permission allows your app to access a person's age range as listed in their Facebook profile. Allowed Usage
|
user_birthday | The user_birthday permission allows your app to read a person's birthday as listed in their Facebook profile. Allowed Usage
|
user_friends | The user_friends permission allows your app to get a list of a person's friends using that app. Allowed Usage
|
user_gender | The user_gender permission allows your app to read a person's gender as listed in their Facebook profile. Allowed Usage
|
user_hometown | The user_hometown permission allows your app to read a person's hometown location from their Facebook profile. Allowed Usage
|
user_likes | The user_likes permission allows your app to read a list of all Facebook Pages that a user has liked. Allowed Usage
|
user_link | The user_link permission allows your app to access the Facebook profile URL of the person using your app. Allowed Usage
|
user_location | The user_location permission allows your app to read the city name as listed in the location field of a person's Facebook profile. Allowed Usage
|
user_messenger_contact | The user_messenger_contact permission allows a business to contact a person via Messenger upon their approval or initiation of a chat thread with the business's Page. Allowed Usage
|
user_photos | The user_photos permission allows your app to read the photos a person has uploaded to Facebook. Allowed Usage
|
user_posts | The user_posts permission allows your app to access the posts that a user has made on their timeline. Allowed Usage
|
user_videos | The user_videos permission allows your app to read a list of videos uploaded by a person. Allowed Usage
|
Permission | Description |
---|---|
whatsapp_business_management | The whatsapp_business_management permission allows your app to read and/or manage WhatsApp business assets you own or have been granted access to by other businesses through this permission. These business assets include WhatsApp business accounts, phone numbers, message templates, QR codes and their associated messages, and webhook subscriptions. Allowed Usage
|
whatsapp_business_messaging | The whatsapp_business_messaging permission allows an app to send WhatsApp messages to a specific phone number, upload and retrieve media from messages, manage and get WhatsApp business profile information, and to register those phone numbers with Meta. Allowed Usage
|
Permission | Description |
---|---|
manage_pages | Deprecated for v7.0+. |
publish_pages | Deprecated for v7.0+. |
Permission | Description |
---|---|
instagram_graph_user_media | The instagram_graph_user_media permission allows your app to read the Media node, which represents an image, video, or album and the node’s edges. Allowed Usage
|
instagram_graph_user_profile | The instagram_graph_user_profile permission allows your app to read the app user's profile. Allowed Usage
|