Callback URL to Mobile App

kyiyer
Hi - the callback URL option in the app definition screen in the console requires an https URL. Is there anyway this could be an app URL so that I can do away with the need for a intermediate web page to receive the accesstoken from Zerodha?
  • sujith
    As mentioned in the documentation, we strongly recommend not to embed api_secret inside the client side application. It may become a huge security compromise. The token exchange has to happen on the server side. You can go through the login flow here.
  • kyiyer
    OK - so you recommend that I create a "website" with a webpage that calls the the Kite API and receives the callback - then I should pass that back to the mobile app. Correct? Thanks for your response
  • sujith
    Yes, the token exchange of request token to access token has to happen on the server and then pass access token to the mobile app.
Sign In or Register to comment.