How do I verify my application for production?

In order to verify your application, please email support@cronofy.com with your Application Client ID and the possible redirect_uri values you will be using with the request authorization flow.

Having a permitted list of values helps us guard against phishing attacks by controlling where we return authorization codes to for your application.

This Stack Exchange article is a good explanation of why this is necessary: What is the purpose of OAuth 2.0 redirect_uri checking?

We do support wildcards in the host name, but only for subdomains of domains under your control, eg: https://*.example.com/auth/cronofy/callback. If your application uses dynamic URLs, we’d recommend using the state parameter. Our FAQ on using this to support dynamic values in your OAuth flow explains how to use this.

Billing #

Once your application is in production then this also will start billing. The free tier only applies whilst your apps are in development mode. So if you haven’t entered your billing details yet, you’ll need to do that as well before you go live: https://app.cronofy.com/billing

By default, your account will be associated with our Starter Plan, on which credit card payment is the only accepted method. Please ensure that you enter your credit card details in the payment section. If you would like to choose another plan (Emerging, Growth, or Strategic), please let us know.

When you’re ready to go, email support@cronofy.com your Application Client ID and list of permitted redirect_uri values and we’ll switch you to production mode.