Redirect URL

 

  • What is it?
    • It specifies the allowed redirect_uri to return tokens or authorization codes to. Learn more about the /authorize request here.
    • The best way to ensure the user will only be directed to appropriate locations is to require the developer, you to register one or more redirect_uri when you create the application. You need to provide your own redirect_uri and send it to developer@mobilepay.dk so it can be whitelisted. 
  • Why should it be whitelisted at MobilePay?
    • MobilePay will only redirect users to a registered redirect_uri, in order to prevent redirection attacks where an authorization code or access token can be obtained by an attacker. MobilePay allows you to register multiple redirect_uri.
  • How long does it take to have it whitelisted?
    •  It takes approximately 5 mins to have it whitelisted, once we have seen your e-mail request. send the redirect_uri to developer@mobilepay.dk and we will confirm once it has been whitelisted.
  • What format should it have?
    • https:
      • In order to be secure, the redirect_uri must be an https endpoint to prevent tokens from being intercepted during the authorization process. If your redirect_uri is not https, then an attacker may be able to intercept the authorization code and use it to hijack a session.
      • All redirect_uri should be HTTPS 
    • Dynamic:
      • They cannot be dynamic. Here is what says in the OpenID Connect specification: Redirection URI to which the response will be sent. This URI must exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider, 
    • Localhost 
      • You can use http://127.0.0.1:7890 only on local machines, which is why it will not work when the code is running in the server. 
      • It is only for beginning and for testing purposes on a local machine, for example when doing tests, as no deployments is needed so it is very fast to get results.
  • Debugging - redirect_uri
    • If you get an invalid Redirect error, please ensure that you've used the redirect_uri, that has been whitelisted at MobilePay.  
    • Remember that you need to contact developer@mobilepay.dk when you need to have registered redirect URI's for both sandbox and production. 

We recommend that after you complete local development, remove localhost and related domains from your configuration list.