How to register a callback endpoint
Learn how to register a callback endpoint in the Scalekit dashboard.
In the authentication flow for a user, a callback endpoint is the endpoint that Scalekit remembers about your application, trusts it, and sends a authentication grant (code). It further expects your application to exchange the code for a user token and user profile.
This needs to be pre-registered in the Scalekit dashboard.
Go to Dashboard > Authentication > Redirect URLS > Allowed Callback URLs and add the callback endpoint.
Your redirect URIs must meet specific requirements that vary between development and production environments:
| Requirement | Development | Production |
|---|---|---|
| Supported schemes | http https {scheme} | https {scheme} |
| Localhost support | Allowed | Not allowed |
| Wildcard domains | Allowed | Not allowed |
| URI length limit | 256 characters | 256 characters |
| Query parameters | Not allowed | Not allowed |
| URL fragments | Not allowed | Not allowed |
Wildcards can simplify testing in development environments, but they must follow specific patterns:
| Validation rule | Examples |
|---|---|
| Wildcards cannot be used as root-level domains | https://*.comhttps://*.acmecorp.comhttps://auth-*.acmecorp.com |
| Only one wildcard character is allowed per URI | https://*.*.acmecorp.comhttps://*.acmecorp.com |
| Wildcards must be in the hostname component only | https://acmecorp.*.comhttps://*.acmecorp.com |
| Wildcards must be in the outermost subdomain | https://auth.*.acmecorp.comhttps://*.auth.acmecorp.com |