How do I verify my application for production?

In order to verify your application we need the Application Client ID and the possible redirect_uri values you will be using with the request authorization flow.

Having a whitelist of values that helps us guard against phishing attacks by controlling where we return authorization codes to for your application.

We can only support wildcards in the host name for subdomains of domains under your control, eg:

See for detailed documentation.

This Stack Exchange article is a good explanation of why we do it. What is the purpose of OAuth 2.0 redirect_uri checking?

Once you’re application is in production then this also will start billing. The free tier only applies whilst your apps are in development mode. So if you haven’t entered your billing details yet, you’ll need to do that as well before you go live.

When you’re ready to go, just email ( white we’ll get your app live.