Get an App ID on Facebook in 5 Easy Steps (+ Secret Key)

Need a Facebook App ID and App Secret without wandering through Meta’s developer dashboard like it’s a digital corn maze? Good news: the process is not as scary as it looks. Slightly button-heavy? Yes. Occasionally renamed by Meta just when you finally memorize the menu? Also yes. But once you understand what each field does, creating a Facebook App ID becomes a tidy five-step task.

A Facebook App ID is a unique identifier Meta assigns to your app. It is commonly used for Facebook Login, social sharing tools, WordPress plugins, analytics integrations, Graph API requests, and third-party authentication platforms. The App Secret, sometimes called a Secret Key, is the private credential paired with that App ID. Think of the App ID as your app’s public name badge and the App Secret as the key to the staff-only room. One can be visible in certain places; the other should be guarded like the last slice of pizza at a developer meetup.

This guide walks you through how to get an App ID on Facebook in five easy steps, where to find the App Secret, how to configure key settings, and what to check before using your app in production. Whether you are setting up Facebook Login on a website, connecting a plugin, configuring OAuth, or preparing an app for Meta review, the same basic foundation applies.

What Is a Facebook App ID?

A Facebook App ID is a numeric identifier created inside Meta for Developers. When your website, mobile app, plugin, or software platform communicates with Facebook or the Meta Graph API, the App ID tells Meta which application is making the request.

Common uses include:

• Adding Facebook Login to a website or app
• Connecting WordPress social login plugins
• Using Meta Graph API features
• Configuring OAuth authentication
• Enabling Facebook sharing tools or social widgets
• Connecting platforms such as Supabase, Auth0, Akamai Identity Cloud, or custom backend systems

In simple terms, your Facebook App ID helps Meta recognize your project. Without it, Meta has no idea whether your request came from your polished production app, a test environment, or a raccoon wearing a hoodie and pretending to be a software engineer.

What Is the Facebook App Secret?

The Facebook App Secret is a private key created with your app. It is used in server-side authentication flows and secure API operations. Many platforms call it a Secret Key, Client Secret, or App Secret. The name may vary slightly, but the purpose is the same: it proves that your backend is allowed to act on behalf of your registered Meta app.

Important rule: never expose your App Secret in frontend JavaScript, public GitHub repositories, HTML pages, mobile app bundles, or screenshots. If the App ID is a business card, the App Secret is your house key. You would not print your house key on a billboard. Hopefully.

Before You Start: What You Need

Before creating your Facebook App ID, prepare a few basics so the process goes smoothly:

• A personal Facebook account that can access Meta for Developers
• A clear app or website name
• A contact email address
• Your website domain, if you are connecting a live website
• A privacy policy URL, especially if the app collects or processes user data
• A redirect URL if you are setting up Facebook Login or OAuth

You do not always need a finished production app to create an App ID. However, if you plan to make the app available to real users outside your developer/tester roles, you may need to complete required settings, switch the app to Live mode, and submit permissions for App Review when necessary.

How to Get an App ID on Facebook in 5 Easy Steps

Step 1: Go to Meta for Developers

Start by visiting Meta for Developers and signing in with your Facebook account. Once logged in, look for the “My Apps” area. This is where Meta stores the apps connected to your developer account.

If this is your first time using the platform, Meta may ask you to register as a developer. Follow the prompts, confirm your account details, and complete any security checks. It is not glamorous, but neither is forgetting your login credentials five minutes later.

After registration, you should be able to access the app dashboard. This dashboard is the control center for creating apps, choosing use cases, adding products, configuring login settings, managing permissions, and finding your App ID and App Secret.

Step 2: Click “Create App”

Inside the “My Apps” section, click the “Create App” button. Meta may ask you to choose an app type or use case. The exact wording can change over time, but for most website owners and developers looking for Facebook Login, you will choose a use case related to authentication, user login, or requesting data from users.

For example, if you are adding Facebook Login to a membership site, choose the option that best matches authentication and account creation. If you are using a WordPress plugin for social login, choose the Facebook Login-related use case. If your goal is only sharing or basic app identification, select the closest available option for your integration.

The point is not to overthink the label. Choose the option that honestly matches how your app will use Facebook features. App Review becomes much easier when your selected use case, requested permissions, and actual app behavior all tell the same story.

Step 3: Add Your App Details

Next, enter your app name and contact email. The app name should be clear, professional, and recognizable. If you are creating an app for a website, using your site or brand name is usually a smart choice.

You may also be asked whether to connect a business portfolio or Business Manager account. Some apps can be created without immediately connecting a business, but certain advanced permissions, business integrations, or production use cases may require additional verification later.

After entering the required information, continue through the setup flow. Meta may show a summary screen before sending you to the App Dashboard. This is the moment where your new app officially exists. Congratulations: your app has been born, and unlike a real baby, it does not need midnight feeding. It may, however, need OAuth redirect URLs.

Step 4: Open Settings > Basic to Find Your App ID

Once inside the App Dashboard, go to the left sidebar and open App Settings, then select Basic. This Basic Settings page is where you can find your Facebook App ID.

Your App ID usually appears near the top of the page. Copy it carefully and paste it into the platform, plugin, or codebase that requested it. Make sure you do not include extra spaces before or after the number. A tiny invisible space can create a very visible headache.

On this same Basic Settings page, you may also see fields such as:

• App display name
• App domains
• Contact email
• Privacy Policy URL
• Terms of Service URL
• User data deletion URL or instructions
• App icon
• Category

For testing, not every field may be required immediately. For production, complete as many relevant fields as possible. A clean Basic Settings page helps reduce errors when switching the app to Live mode or submitting it for review.

Step 5: Click “Show” to Reveal the App Secret

Still on the Basic Settings page, find the App Secret field. Meta usually hides the secret by default. Click Show, complete any confirmation or password prompt, and copy the App Secret.

Store the App Secret securely. For a website or backend application, place it in an environment variable or secure secret manager. For example, a backend might use names like:

In a production system, avoid hard-coding these values directly into source files. If you are using frameworks such as ASP.NET Core, Laravel, Node.js, Django, or Rails, use their recommended secret storage methods. If you are using a platform such as Supabase, Auth0, or an identity provider dashboard, paste the App ID into the Client ID field and the App Secret into the Client Secret field.

How to Configure Facebook Login After Getting the App ID

Getting the App ID and App Secret is often only the first part of the job. If you are setting up Facebook Login, you also need to configure OAuth settings correctly.

Add Facebook Login as a Product

In your App Dashboard, look for an option such as “Add Product.” Choose Facebook Login if your app needs users to sign in with Facebook. After adding it, open the Facebook Login settings area.

Enter Valid OAuth Redirect URIs

The Valid OAuth Redirect URI is the callback URL where Facebook sends users after they approve or cancel login. This URL must match exactly. Not almost. Not “close enough.” Exactly.

For example, these are different URLs:

That tiny trailing slash can break the login flow. The same applies to http versus https, subdomains, ports, and path names. If your plugin or authentication platform provides a callback URL, copy it exactly and paste it into the Valid OAuth Redirect URIs field.

Enable the Permissions You Actually Need

Most basic login flows use permissions such as public profile and email. If your app requests the user’s email address, make sure the email permission is configured and available for testing. If Facebook does not return the user’s email, common reasons include an unconfirmed email on the user’s Facebook account, missing email permission, or incorrect login configuration.

Do not request permissions just because they look interesting. Meta reviews permissions based on real use. If your app asks for data it does not clearly need, the review process can become slower, bumpier, and about as enjoyable as debugging CSS at 2 a.m.

Development Mode vs. Live Mode

New Meta apps usually begin in Development mode. In Development mode, only people assigned roles on the appsuch as administrators, developers, and testerscan use it. This is useful while you are building and testing.

If someone outside those roles tries to use the app while it is still in Development mode, they may see an error saying the app is not available or not set up. That does not always mean your App ID is wrong. It often means the app has not been switched to Live mode or the user has not been added as a tester.

To use the app with the public, you usually need to complete required settings and switch it to Live mode. For advanced permissions or sensitive data access, you may also need to submit the app for App Review.

App Review: When Do You Need It?

App Review is Meta’s process for checking whether your app uses permissions and platform features in an approved way. You may not need review for every basic test, but you should expect review if your app requests permissions beyond standard access or if it needs broader public use.

Before submitting for review, prepare:

• A working app or website
• A clear explanation of why each permission is needed
• A valid privacy policy URL
• Data deletion instructions or a deletion request URL
• Test credentials if reviewers need to access a restricted area
• A screencast showing how the app uses the requested permissions

One practical rule: show reviewers the exact feature that uses the permission. Do not send them on a treasure hunt. If your app requests email permission, demonstrate the login flow and where the email appears or how it is used. If your app requests a more advanced permission, explain the user benefit clearly and keep the demo focused.

Where to Use Your Facebook App ID and Secret

After creating your app, you will usually paste the credentials into one of these places:

• A WordPress social login plugin
• A custom website backend
• A Supabase authentication provider setting
• An Auth0 social connection
• A Microsoft ASP.NET Core authentication configuration
• A mobile app configuration file, depending on SDK requirements
• A third-party identity platform or customer login system

Always read the instructions for your specific platform. Some tools call the App ID a Client ID. Some call the App Secret a Client Secret. They are usually asking for the same two values from your Meta app’s Basic Settings page.

Common Problems and Easy Fixes

Problem: Redirect URI Mismatch

This is one of the most common Facebook Login errors. It means the redirect URL used during login does not exactly match the URL saved in your Facebook Login settings.

Fix: Copy the callback URL from your platform and paste it into Valid OAuth Redirect URIs. Check protocol, domain, path, port, and trailing slash.

Problem: App Not Available to Users

If your app is in Development mode, only assigned app roles can use it.

Fix: Add users as testers during development or complete the required settings and switch the app to Live mode when ready.

Problem: Email Is Not Returned

Facebook may not return an email address if the user does not have a confirmed email or your app has not requested and configured the email permission properly.

Fix: Confirm that email permission is enabled for your app and that your login request includes the correct scope.

Problem: App Secret Was Exposed

If your App Secret appears in public code, a screenshot, browser JavaScript, or a leaked repository, treat it as compromised.

Fix: Reset the App Secret in the Meta dashboard, update your backend configuration, and remove the exposed secret from public locations.

Best Practices for Keeping Your App Secret Safe

The App Secret deserves careful handling. Here are practical security habits that save future pain:

• Store secrets in environment variables or a secret manager
• Never commit secrets to Git
• Never place secrets in frontend JavaScript
• Limit dashboard access to trusted team members
• Rotate the App Secret if you suspect exposure
• Use separate apps for development and production when possible
• Document who owns the Meta developer account

For teams, ownership matters. Many small businesses accidentally create their Meta app under a freelancer’s personal Facebook account. That works until the freelancer disappears, the login breaks, and everyone starts emailing screenshots titled “urgent_final_FINAL2.png.” Use proper business access and keep admin ownership clear.

Example: Setting Up Facebook Login for a Website

Imagine you run a membership website at:

Your authentication plugin gives you this callback URL:

You would create a Meta app, choose the Facebook Login use case, copy your App ID and App Secret from App Settings > Basic, then paste the callback URL into Facebook Login > Settings > Valid OAuth Redirect URIs.

Then, in your website plugin, you would paste:

• Facebook App ID into the App ID or Client ID field
• Facebook App Secret into the App Secret or Client Secret field

After saving, test login with a Facebook account assigned as an app tester or admin. Once everything works and required settings are complete, prepare the app for Live mode if public users need access.

Experience Notes: What Real Setup Work Teaches You

After working through Facebook App ID setups for websites, plugins, and OAuth tools, one lesson appears again and again: the credentials are rarely the hard part. The App ID and App Secret are easy to copy. The real trouble usually comes from small configuration mismatches.

The biggest troublemaker is the redirect URI. Developers often paste the homepage URL when the platform actually needs a specific callback URL. A WordPress plugin, for example, might generate a URL ending in /callback, /facebook, or /auth/v1/callback. If you paste only the domain, Facebook Login will fail. It is not being dramatic; it is enforcing strict matching for security.

Another common experience is confusion between Development mode and Live mode. During testing, everything may work for the app owner but fail for a client, friend, or random test user. That usually happens because the owner has an admin role, while the other user does not. The fix is simple: add the user as a tester or prepare the app for Live mode. But if you do not know this rule, it feels like Facebook is personally hiding behind the server rack pressing the “break login” button.

Privacy policy setup is another area where people wait too long. Even if you are only collecting basic profile information, having a clean privacy policy URL makes your app look more complete and trustworthy. It also helps when moving toward production or review. The policy does not need to be a 900-page legal dragon, but it should clearly explain what data your app collects, why it collects it, how users can contact you, and how deletion requests are handled.

For teams, credential management deserves more attention than it usually gets. A surprising number of projects begin with someone saying, “Just use my Facebook account for now.” That sentence is the opening scene of many future headaches. The better approach is to create the app under the correct business ownership structure, assign roles properly, and document where credentials are stored. Future you will send present you a thank-you card.

One more practical tip: create separate apps for development and production when the project is serious. A development app lets you test redirect URLs, permissions, and login behavior without risking the production setup. It also keeps experimental changes away from real users. Small projects can sometimes survive with one app, but growing projects benefit from cleaner separation.

Finally, remember that Meta’s dashboard changes from time to time. A menu item may move, a label may be renamed, or a setup wizard may look slightly different from last year’s tutorial. Do not panic. The core idea stays the same: create an app, choose the right use case, complete Basic Settings, configure Facebook Login if needed, copy the App ID and App Secret, secure the secret, and test before going live.

Conclusion

Getting an App ID on Facebook is straightforward once you understand the path: sign in to Meta for Developers, create an app, choose the right use case, complete the app details, then copy your App ID and App Secret from App Settings > Basic. If you are using Facebook Login, remember to configure Valid OAuth Redirect URIs exactly and request only the permissions your app truly needs.

The App ID identifies your app. The App Secret protects secure communication between your backend and Meta. Treat the secret carefully, keep your app settings complete, and test the login flow before inviting real users. That way, your integration can work smoothly instead of turning into a mysterious dashboard safari.