Redirect URIs
Redirect URIs are used to send users back to your application during the authorization process. Your application is required to have a redirect URI if it's going to request authorization to make SKY API calls to Blackbaud customer environments. If your application is not making SKY API calls, it is not required.
The redirect URI must match the redirect_uri parameter in the query string. You can also register multiple URIs for redirecting users back to your application during the authorization process.
Tutorial: For more assistance, see the Authorization code flow for confidential applications tutorial.
Add or edit redirect URIs
-
Select Edit.
-
Enter the URI. It must be absolute and use HTTPS or a scheme with at least one period.
For example, a reverse domain name redirect URI may look like com.example.app:/callback. We also support http://localhost:port or http://127.0.0.1:port.
Note: To facilitate local development, you can use http and localhost or the localhost IP (127.0.0.1). In production you must use https for proper security when redirecting.
-
To add another redirect URI, select Add a redirect URI and enter the URI in the field that appears.
-
Select Save.
Maximum number of redirect URIs
The maximum allowed redirect URIs that can be added to an application is 250. If more than 250 redirect URIs are needed then the alternate approach is to use a redirect URI with a state parameter provided when initiating authorization. Your application can use the value in the state parameter to determine which URL to further redirect the user to. To avoid the open redirector threat described in RFC 6819, it is recommended that you encrypt the state parameter or validate its content when the state parameter is returned to the redirect URI.
For more information about the redirect_uri parameter, see common authorization issues.