How do I verify my application for production?

There is no separate process required with Google or Microsoft to approve your application for production. As Cronofy manages all calendar and conferencing connections as part of our infrastructure we can approve with a simple verification step.

In order to verify your application, please email support@cronofy.com with your application’s Client ID and the possible redirect_uri values you will be using with the request authorization flow.

Having a permitted list of values helps us guard against phishing attacks by controlling where we return authorization codes to for your application.

This Stack Exchange article is a good explanation of why this is necessary: What is the purpose of OAuth 2.0 redirect_uri checking?

We do support wildcards in the host name, but only for subdomains of domains under your control, eg: https://*.example.com/auth/cronofy/callback. If your application uses dynamic URLs, we’d recommend using the state parameter. Our FAQ on using this to support dynamic values in your OAuth flow explains how to use this.

Billing #

Billing will start once your application is in production. You will be charged on the 1st of the month for the previous month, as this will allow us to calculate your usage.

The free tier only applies whilst your application is in development mode. If you haven’t entered your billing details yet, you’ll need to do that before you go live by clicking on your Organizational Unit’s Settings in the left hand menu then choosing the Billing tab.

When you’re ready to go, email support@cronofy.com your Application Client ID and list of permitted redirect_uri values and we’ll switch you to production mode.