When developing a customApp for Online we whitelisted http://localhost/myApp so that i could use this as the callbackUrl and receive the systemToken (which is a part of the callback).
The reason was that I'm running a console application that does not have a dedicated hostname/address and I need to use the systemToken to do my magic towards SuperOffice. There was no reason to set up a hostname/DNS-routing since it's never used in the console application after the systemToken is retrieved.
When registering the app for production the callback is now defaulted to:
I guess whitelisting http://localhost/myApp as an additional valid callbackUrl is no an option in prod (?), so now I'm stuck on figuring out how to get a hold on the systemToken in this environment.
I have a couple of questions about the background-logic/routines:
Does the systemToken get created when a user approves the app, or is it created during the initial setup where you specify you need to use a systemuser for your logic?
Would it be an idea to make this systemToken available 'somewhere' inside the admin-client?
Would it be possible to send this systemtoken with the other information (ClientId/Client secret)?
My scenario is a little strange, as most apps have a hostname they can register with the app, but in my specific case there is none.