Hi - the callback URL option in the app definition screen in the console requires an https URL. Is there anyway this could be an app URL so that I can do away with the need for a intermediate web page to receive the accesstoken from Zerodha?
As mentioned in the documentation, we strongly recommend not to embed api_secret inside the client side application. It may become a huge security compromise. The token exchange has to happen on the server side. You can go through the login flow here.
OK - so you recommend that I create a "website" with a webpage that calls the the Kite API and receives the callback - then I should pass that back to the mobile app. Correct? Thanks for your response
