Allowed redirect hosts


Enforcing an allowed redirect URL list for dynamic redirects

Please be aware that from September 01, 2021 all Link configurations with dynamic redirects will require a list of allowed redirect URLs to be configured in order to continue to function.


Once your customers have successfully completed authorisation of the connection to their data source via Link, you can redirect them to the locations of your choice.

The URL Whitelist option allows you to use a custom query parameter to dynamically change the redirect URL, including its host, when initiating the authorisation flow. When your customer starts the linking flow, Codat verifies if the host of the URL is listed as allowable host.


The Authorisation Complete Redirection Url is a URL your customers are sent to when they've authorized their connection via Link. In Codat, you can decide if you want to:

  • Redirect to a static website (static host)
  • Redirect with custom query parameters (dynamic host).



Static host

Provide one URL in Authorisation Complete Redirection Url.

Dynamic host

To build dynamically:

  1. Provide one URL that uses custom parameters in Authorisation Complete Redirection Url.

  2. List one or more URLs of each allowable host in URL Whitelist.

  3. When sending the Link URL to your customers, add the configured parameters to the URL.

If the redirect evaluates to a host that has not been placed on this list, your customer will not
be redirected to it and will see an error.

Note: The URLs must be valid URLs, which means they must have https:// or http:// added before them.

Example configuration:
If you set the redirect to https://{dynamichost}/example and set the dynamic host to the redirect will be evaluated to


Reserved parameters

Do not use reserved parameters in your redirect hosts.

Did this page help you?