Guaranteed 100% Facebook, Instagram and WhatsApp Approvals & App Review
Quick Transfer Ready to use app available for Facebook, Instagram and WhatsApp
Guaranteed 100% Facebook, Instagram and WhatsApp Approvals & App Review
Quick Transfer Ready to use app available for Facebook, Instagram and WhatsApp
Instagram API · Messaging
You built a chatbot, a helpdesk, or an automation tool that needs to read and reply to Instagram DMs for your clients. Locally it works against your own account — then you try to connect a client’s account and the messaging calls are blocked. That gate is the Instagram messaging permission, and Meta only grants it through App Review with Advanced Access. This guide explains what the permission covers, the policy rules attached to it, and why so many messaging submissions get rejected.

What the Instagram messaging permission unlocks

The messaging permission lets your app receive and send direct messages on behalf of an Instagram professional account through the API — the foundation for any DM automation, chatbot, or shared-inbox tool. The exact scope name depends on which login setup you build on.

instagram_business_manage_messages

The messaging scope when you build on Business Login for Instagram (users sign in with Instagram credentials).

instagram_manage_messages

The equivalent when you build on Facebook Login for Business, sending and receiving via the Messenger Platform’s Instagram messaging API.

24-hour standard messaging window

Your app can respond to a user within 24 hours of their message — the core policy your use case must respect.

Human agent tag (7 days)

For issues a bot cannot resolve, the human-agent tag allows a person to respond up to 7 days later — but it must be justified.

Why Meta makes messaging hard to approve

Messaging touches private user conversations, so Meta scrutinises it more than read-only scopes. By default your app has Standard Access, which only works for accounts with a role on the app. To handle DMs for real clients you do not own, you need Advanced Access — gated behind App Review and Business Verification.

Advanced Access plus Business Verification

Serving client accounts requires Advanced Access, which only comes through a successful App Review on a verified Meta Business portfolio. Skipping verification blocks the permission outright. See our guide to Meta Advanced Access.

Dependency permissions travel together

Messaging does not approve in isolation — the base Instagram permission and supporting scopes must be requested in the same submission with a clear, consistent use case, or the whole thing is rejected. On Business Login that base scope is the instagram_business_basic permission (the counterpart of instagram_basic on Facebook Login) — it must sit alongside the instagram_business_manage_messages permission in the same request.

The messaging window and automation policy

Your flow has to respect the 24-hour window and Meta’s rules for automated experiences, including disclosing to users when they are talking to a bot. A use case that looks like it bypasses these rules gets declined.

The screencast must show a real DM flow

Reviewers need to watch a test user message the account and your app receive and reply through the API — login, consent for the messaging scope, and the actual send/receive. A flow they cannot reproduce fails.

How the approval process runs

Getting the messaging permission approved follows a fixed sequence. Each stage has to be right before the next matters — this is the part we handle end to end.

1

Confirm the correct login setup and map the messaging scope plus every dependency for your exact use case.

2

Complete Business Verification and align the privacy policy, data handling and automation disclosures with messaging policy.

3

Stand up a reviewer-ready environment with test users where the full receive-and-reply DM flow works without errors.

4

Record a screencast that shows consent for the messaging scope and a real DM exchange, paired with a matching written justification.

5

Submit, monitor the review, and if the messaging scope comes back, fix the precise reason and resubmit without disturbing approved scopes.

What approval looks like on the other side

Advanced Access granted, so the app can manage DMs for client accounts at scale
Receive and send Instagram messages live in production, not just for test users
Automation that stays inside the 24-hour window and human-agent rules
A clean submission that holds up if you later add comment or publishing scopes

For a real example of a multi-permission messaging approval, see our Instagram messaging SaaS case study. For what an Instagram API project typically involves in budget terms, see the Instagram API cost and pricing guide.

Common reasons messaging submissions get rejected

Requesting Advanced Access before Business Verification is complete
A screencast that never shows a real DM being received and answered via the API
Missing base or dependency permissions in the same submission
No clear disclosure that users may be interacting with an automated experience
A use case that appears to ignore the 24-hour messaging window
Privacy policy or data-handling details that do not match the messaging flow