We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

Redirection endpoint

In this article

    A redirect URL, or callback URL, is a context-specific URL that will be called by the browser after successful sign-in or when a user clicks one of the available buttons on your application entry.

    IETF, RFC 6749 section 3.1.2 "Redirection endpoint": After completing its interaction with the resource owner, the authorization server directs the resource owner's user-agent back to the client. The authorization server redirects the user-agent to the client's redirection endpoint previously established with the authorization server during the client registration process or when making the authorization request.

    The application residing at the redirect URL is expected to receive the security token from the request body, validate the security token, and can then reliably access the claims contained in the security token.

    Unless specified, we will set your default redirection endpoint to:

     https://{environment}.superoffice.com/login/final/YOUR_APP_ID

    Types of redirection endpoints

    Login callback URL

    • The SuperOffice login page will post the claims and login results to this page
    • Can be configured as POST or GET request, depending on what you prefer
      • POST is considered more secure because the parameters are not exposed to proxies or browser caches
      • Example: https://app.partner.com/app/LoginRedirect.aspx

    Application install URL

    • Where the App Store will link to when the user clicks Buy

    Application configure URL

    • Where the AppStore will link to when the user clicks Configure

    Application uninstall URL

    • Where the App Store will link to when the user clicks Uninstall 

    Custom error callback URL

    • Where users are sent if the sign-in is unsuccessful.

    Additional whitelisted URL

    • All URLs called by your application must be whitelisted. Otherwise, the call will return an error.

    Post logout redirect URL

    • Where users are sent after successful sign-out.

    CORS URL

    • All URLs for cross-origin resource sharing must be whitelisted

    Database mirroring URL

    • Where the SuperOffice Mirroring Task sends data.

    ERP Sync URL

     

    Quote connector URL

     

    Custom State Change URL

    Where do I set my redirects?

    The redirection endpoints are specified when you register the application idea. If you need to make changes later, email appdev@superoffice.com.

    You can register (whitelist) additional URLs. If you plan to use multiple endpoints, consider submitting a URL that incorporates a regular expression.

    To override the default redirect URL, specify the redirect_url query string parameter with one of your whitelisted URLs.