$ cat postiz-facebook-pages-fixing-cant-load-url-domain-not-in-apps-domains.md
Uncategorized June 2, 2026 6 min read

Postiz + Facebook Pages: fixing “Can’t load URL: domain not in app’s domains”

Fixing the 'domain not in app's domains' error in Postiz for Facebook Pages

If you self-host Postiz and try to connect a Facebook Page, you can slam straight into Facebook’s “domain not in app’s domains” error: you click Add Channel → Facebook Page, log into Facebook, and instead of the usual permissions screen you get:

Can’t load URL: The domain of this URL isn’t included in the app’s domains.

The maddening part is that the domain is in your app’s domains. You’ve set App Domains. You’ve triple-checked the redirect URI. You’ve waited for “caching.” Nothing works. I lost an embarrassing amount of time to this, so here’s exactly what’s going on — and how to fix it for good.

Why the usual advice doesn’t help

Search this error and you’ll get the same three suggestions every time: add your domain to App Domains, add the redirect URI under Valid OAuth Redirect URIs, and wait for Facebook’s cache. None of them are wrong in general — they’re just aimed at the old Meta app model. Meta has since moved to a “use cases” model, and that quietly changed where these settings live and which login product you’re forced to use. The old advice points you at fields that, for the app you actually need, don’t control the OAuth flow Postiz uses.

What causes “domain not in app’s domains” — the catch-22

Two facts collide here.

First, Postiz connects Facebook with the classic, scope-based OAuth flow — the plain /dialog/oauth?…&scope=pages_show_list,pages_manage_posts,… request. It asks for Page permissions: pages_show_list, pages_manage_posts, pages_read_engagement, and friends.

Second, in Meta’s current use-case system those pages_* permissions only come bundled with one product: Facebook Login for Business (FLB). There is no longer a plain “Facebook Login” use case that can grant Page permissions. So the moment you need to manage a Page, you’re on an FLB app whether you wanted to be or not.

And that’s where the error comes from. An FLB app looks incompatible with Postiz’s classic flow — but the real problem is subtler: the redirect URI has to be registered on the FLB product’s own settings page, not just in the app-wide App Domains field. Until it’s set there, Facebook has nowhere to validate Postiz’s redirect against, so it throws “domain not in app’s domains.”

(I confirmed this the hard way by also building a plain “Facebook Login” app. The domain error vanished instantly — but that app type can’t request Page permissions at all. Classic flow works without Page perms; Page perms force FLB. That’s the catch-22 in one sentence.)

The good news: once you register the redirect URI in the right place, the classic flow and FLB get along fine.

The fix, step by step

  1. Create the app with the right use case. In the Meta dev dashboard, create a new app and pick the “Manage everything on your Page” use case (under Content management). This gives you the Pages API — and, under the hood, Facebook Login for Business.
  2. Skip the business portfolio. At the business-portfolio step, choose “I don’t want to connect a business portfolio yet.” You don’t need one to manage your own Pages in development mode, and skipping it keeps things simpler.
  3. Set the redirect URI on the FLB settings page — this is the fix. Open your use case, go to its Settings (the URL path contains business-login/settings), and under Client OAuth Settings → Valid OAuth Redirect URIs add https://your-postiz-domain/integrations/social/facebook. It must match exactly (Strict Mode is on by default). Confirm Client OAuth login and Web OAuth login are enabled — they are by default. Save.
  4. Set App Domains too. In App settings → Basic, set App Domains to your bare Postiz domain (your-postiz-domain, no https://). Save.
  5. Add the Page permissions. Back in the use case’s Permissions tab, “Manage everything on your Page” already grants pages_show_list and business_management. Add the rest Postiz asks for: pages_manage_posts, pages_manage_engagement, pages_read_engagement, read_insights. Two extras matter: pages_read_user_contentpages_manage_engagement depends on it; forget it and the consent screen errors with “Invalid Scopes: pages_read_user_content” even though Postiz never asked for it directly — and pages_manage_metadata for good measure. Each should show “Ready for testing,” which means it works in development mode for your own Pages, no App Review required.
  6. Wire the credentials into Postiz. Copy your app’s App ID and App Secret into Postiz’s environment as FACEBOOK_APP_ID and FACEBOOK_APP_SECRET, then recreate the Postiz container so it loads them.

Verify it

Back in Postiz: Add Channel → Facebook Page. This time Facebook shows the real consent screen (“Continue as …”) instead of the domain error. Approve it, pick your Page, done.

Two checkpoints while you’re getting there:

  • If the domain error is gone but you now see “Invalid Scopes: …”, that’s progress — the redirect fix worked and you’re just missing a permission. Add the named permission and retry. Watching that list shrink is how you know you’re winning.
  • If the “domain not in app’s domains” error is still there, your redirect URI isn’t set on the FLB Settings page (step 3), or it doesn’t match exactly.

TL;DR checklist

  • Use case: Manage everything on your Page (plain Facebook Login can’t grant Page perms).
  • No business portfolio (dev mode is enough for your own Pages).
  • Redirect URI https://your-postiz-domain/integrations/social/facebook set on the FLB Settings page — the step everyone misses.
  • App Domains = your bare Postiz domain.
  • Permissions (Ready for testing): pages_show_list, business_management, pages_manage_posts, pages_manage_engagement, pages_read_engagement, read_insights, pages_read_user_content, pages_manage_metadata.
  • FACEBOOK_APP_ID / FACEBOOK_APP_SECRET in Postiz env → recreate the container.

Two closing notes

  • Development mode is fine for connecting your own Pages — you’re the app admin, so no App Review needed. You’d only need App Review (and business verification) if you wanted other people to connect their Pages through your app.
  • Keep the App Secret out of version control. It lives in Postiz’s env file and nowhere else — treat it like a password.

That’s it. The whole saga came down to one field, on the one settings page Meta’s new app model hides from you. Once the redirect URI is registered where Facebook Login for Business actually looks, Postiz connects Pages exactly like it should.

More from the blog: I queried the WordPress.org public APIs for 63,418 plugins and 8,168 themes. Here’s what the data says..

$ ls -t ./related