A redirect URL, or callback URL, is a context-specific URL that will be called by the browser after successful sign-in or when a user clicks one of the available buttons on your application entry.
IETF, RFC 6749 section 3.1.2 "Redirection endpoint": After completing its interaction with the resource owner, the authorization server directs the resource owner's user-agent back to the client. The authorization server redirects the user-agent to the client's redirection endpoint previously established with the authorization server during the client registration process or when making the authorization request.
The application residing at the redirect URL is expected to receive the security token from the request body, validate the security token, and can then reliably access the claims contained in the security token.
Types of redirection endpoints
Login callback URL
- The SuperOffice login page will post the claims and login results to this page
- Can be configured as POST or GET request, depending on what you prefer
- POST is considered more secure because the parameters are not exposed to proxies or browser caches
- Example: https://app.partner.com/app/LoginRedirect.aspx
Application install URL
- Where the App Store will link to when the user clicks Buy
Application configure URL
- Where the AppStore will link to when the user clicks Configure
Application uninstall URL
- Where the App Store will link to when the user clicks Uninstall
Custom error callback URL
- Where users are sent if the sign-in is unsuccessful.
Additional whitelisted URL
- All URLs called by your application must be whitelisted. Otherwise, the call will return an error.
Post logout redirect URL
- Where users are sent after successful sign-out.
- All URLs for cross-origin resource sharing must be whitelisted
Database mirroring URL
- Where the SuperOffice Mirroring Task sends data.
ERP Sync URL
Quote connector URL
Custom State Change URL
Where do I set my redirects?
The redirection endpoints are specified when you register the application idea. If you need to make changes later, email email@example.com.
You can register (whitelist) additional URLs. If you plan to use multiple endpoints, consider submitting a URL that incorporates a regular expression.
To override the default redirect URL, specify the redirect_url query string parameter with one of your whitelisted URLs.