An App Review Study Case
In the process to configure the Facebook integration of your site, you must create and configure a Facebook App as described in How to AutoTweet from Joomla! to Facebook.
Once you have created your app, you can configure your extension and test it with a Test App in development mode. Before change the app status to live, Facebook requires an App Review to authorize it.
What is App Review? App Review is a review process that Facebook uses as a way to ensure the best possible Facebook experience for your app's audience. The app review process aims to help people feel in control of how your app is using their data by requesting only the permissions your app needs to provide a great user experience. For more information, click here.
According to Facebook Documentation, for each permission you need to:
- Explain how your app uses this permission to create a great user experience.
- Provide step-by-step instructions on how to reproduce that experience when we test your app.
- Also provide all necessary passwords (yes, Facebook requires access to your site to review the system), test user credentials and links to staging servers to successfully login with Facebook.
- Provide a screencast.
To prepare the submission of the App Review, you have to create a Test App and publishing a Post from the Composer to your Page. The post publishing will be recorded on a video screencast and this information will be submitted for the App Review.
We recommend to create the following test users and use them to record the screencast and send them to Facebook to test the App functionality:
- Website: create a user with access only to the AutoTweetNG/Joocial component
- Facebook: create a Facebook account that has to be added to the Facebook page as administrator, and to the App as Tester.
Be sure to prepare the materials required in the App Review with the latest AutoTweet or Joocial versions; they contain minor Facebook branding adjustments to comply with the requirements.
Looking for an installation / personalization service?
Our Installation Service is the product of dedication, experience, knowledge and a customer-focused mindset. We have prepared this detailed tutorial, and we can guide you to make the App Review materials for your site.
STEP 1: Create a Test App
We recommend creating the Test App version of your App to configure and test your site integration. The activity on Facebook generated with a Test App will only be shown to the App team. This Test App will be a clone of your app, but with a different App ID and App Secret. You have to use these Keys to create, authorize, test the channel and publish testing posts while you are preparing the App Review submission.
Login at https://developers.facebook.com/ with your Facebook username and password. Go to your apps, select Create a Test App.
STEP 2: Detailed description
Facebook requires a detailed description of how the app uses the permission or feature requested. This is an example of the description:
Tell us how you're using this permission or feature:
Hi, We are integrating our post composer with Facebook to publish posts from our site to our Facebook Pages. We are the Site Administrators, the Facebook App Owners and the Facebook App Managers. We have access to the site backend, Facebook App Development area and Facebook Business Manager.
STEP 3: Step-by-step instructions
Facebook requires step-by-step instructions. This is an example of the instructions for testing the app. Please, follow exactly the same steps to record the video on the next step.
Hi, We are integrating our post composer with Facebook to publish posts from our site to our Facebook Pages. We are the Site Administrators, the Facebook App Owners and the Facebook App Managers. We have access to the site backend, Facebook App Development area and Facebook Business Manager. According to your documentation, we need to ask for approval of the publish_pages and manage_pages. Please, check the following steps of the publishing procedure: To test it, you need to create a channel, for one time only. 1. Go to https://www.yoursite.com/administrator.... and log in with these credentials: username: xxxxxx password: xxxxxx 2. Go to Components, Joocial 3. Click on Channels 4. Click on New 5. Go to Type and select Facebook 6. Go to Channel Data and complete Name 7. Go to Channel details, Facebook App, complete App ID and App Secret 8. Go to Authorization, click on Step 1 Authorization 9. Accept the permission request on login with Facebook window 10. Click on Validate 11. Go to Channel selection, select the page and click on Step 3 Validate channel. 12. Save and close Once the channel is created and authorize: 13. Go to Composer, create a message, save 14. Go to activities, requests, select the message, click on Process 15. Go to activities, post, select the message, click publish, check the post on Facebook streamline
Since you have to provide a username and password for Facebook testing, we recommend creating a user with access only to AutoTweet/Joocial component.
STEP 4: Record the screencast
Facebook requires a screencast. We recommend recording all steps of the process as described above.
- The Test App allows the authorization of permissions and post publishing to prepare the App Review. The video must be recorded with the Test App (NOT with the Live App). Once Facebook approves your use case, then you can create a channel based on the Live App.
- In our video, we have a text file with the post elements already written. Then, we show slowly how we copy and paste each part for the test to compose the post and publish it. We recommend recording a video with a similar procedure to show in detail how the post is manually created and published. The auditor does not know the tool so the video must clearly show each step at a slow pace.
- If you have already authorized the Test App, remember to deauthorize it before the recording to show the full authorization and post-publishing process. Ref: Facebook Channel Re-Authorization.
This is a real-case screencast:
The Facebook login button appears in Step 2, Authorization. This step is important for the App Review since it shows the Facebook Brand and how the permissions are authorized.
STEP 5: Submit your App Review
Go to App Review to add permissions:
- Permissions added by default: "email", "public_profile". You can find them in My permissions and Features
- Required Items for Pages channels: "publish_pages", "manage_pages".
- Required Items for Groups channel: "Groups API" (this is not required for Pages access - do not include it unless you are going to use it really).
Go to Add additional permissions and features and request the permissions "publish_pages" and "manage_pages".
Select continue and complete the form filling the information required for both permissions:
Tell us how you're using this permission or feature: Detailed description from STEP 2
Demonstrate how your selected platforms will use this permission or feature: select "Web: on" and complete with the Step-by-step instructions from STEP 3.
Show us how you're using this permission or feature: upload the screencast
Go to Provide verification details and complete with test user credentials for your website and for Facebook account.
Submit the app for review.
A few more tips:
- According to Facebook for Developers page, "current estimate on app approval times, is 6-8 weeks. This can vary depending on the volume of submissions from week to week, as well as whether a submission is complex to test." (2018-06-01). Once Facebook completes the review of the App, proceed with Step 4 and 5 on the Live App.
- To minimize the risk of getting rejected, ensure you have a valid use case. We encourage you to provide high quality instructions for us to reproduce the experience, as well as a screencast that clearly demonstrates the end-to-end experience. If your app is server-to-server and has no user interface, refer to our Server-to-Server Apps document for App Review instructions. - https://developers.facebook.com/blog/post/2018/07/02/app-review-deadlines-approaching/
- FAQ: Server-to-Server Apps. If your app has no user interface because it exchanges data directly with our APIs, refer to this guide when configuring your app's Basic Settings, and when completing App Review. - https://developers.facebook.com/docs/apps/review/server-to-server-apps
STEP 6: Optional - Business Verification
If Facebook requires a Business Verification, the following information must be provided to complete the process:
As part of the Business Verification process, an agreement with Supplemental Terms must be signed:
STEP 7: The review has been completed
Once the previous steps are completed, the final confirmation email will have a link to the result of the App Review:
UPDATE 2018-07-27: At this time, the Apps Reviews are taking on average 1 week.
Concerning to Facebook Groups channels
Facebook Groups have been in the middle of the Facebook–Cambridge Analytica data scandal. As a consequence, Facebook Groups Permissions are restricted, and more scrutiny is expected in the App Review. Additionally, the recent Facebook API updates have not updated any aspect of the API related to Groups, and the documentation shows inconsistencies; so, it is possible that Facebook in the future will close the Groups API.
From the technical point, the process to request the Groups Permissions (publish_to_groups,groups_access_member_info) is the same than the Pages permissions. Please, enable the Include Groups setting and proceed with the rest of the steps as shown in the previous procedure.
Due to the recent group permissions changes, Joocial/AutoTweet v8.22.1 or superior is required.