Difference between redirect URL and allow list in app settings

What is the difference between the Redirect URL for OAuth and OAuth allow list option?
It seems the app even works with the former being empty however it could not be a default as a redirect_uri is always required so I am a bit confused.


Moved here as suggested by @donte.S

Hi @Septatrix,

The Redirect URL is the explicit URL you provide to redirect to upon OAuth authorization. The allowlist section should include your exact redirect URL, as well as any other domains your app may need to access.

Thanks,
Will

What does “your app may need to access” mean in this context?

Hi @Septatrix,

For this, I’m referring to any other associated domains, such as your documentation url, configuration url, etc.

Thanks,
Will

In which scenario would zoom check e.g. my documentation URL?

Hi @Septatrix,

If you intend to publish your app at some point, Zoom will review each of these resources. If your informational documentation, configuration url, etc. all live on the same domain as your main app, you don’t need to worry about allow-listing any additional URLs. But if these resources live on separate domains, Zoom will need to validate them.

Let me know if this helps,
Will

That cleared things up, thank you.

Great! Glad I could help.