Redirect URIs Explained
Overview
We use the OAuth 2.0 framework to enable fintech applications to obtain access through http to consumer data.
OAuth 2 puts the consumer in control of the authentication workflow. Authentication starts at the fintech or recipient app (the originating application). Consumers must grant permission directly to their banks' authorization servers before any data is sent back to the application. No consumer credentials are ever exposed to either the system or the application.
After the authentication process is complete, the financial institution sends the consumer back to the originating application using the system.
The originating application must specify to Akoya where the consumer will return with a redirect URI, also referred to as a callback or a redirection endpoint.
Why registration is important
Because the consumer’s financial institution is returning sensitive data, you must register at least one redirect URI for your application in the Data Recipient Hub. This is a security measure which prevents malicious redirects to rogue servers.
After you register your redirect URI(s) in the Data Recipient Hub, you’ll receive a client ID and client secret, which are used for authentication purposes when requesting tokens. The client ID is public information; however it should be protected. The client secret is effectively the password for your application and must be protected.
Requirements
You may use a localhost address with HTTP secure protocol (https://localhost) when testing in our sandbox environment. Otherwise, you should use an externally-accessible address.
You must provide an absolute path for your redirect URI, both when you register it in the Data Recipient Hub and when you include it in your application code.
🚧 The redirect URI in your code must be identical to the one registered in the Data Recipient Hub.
Resources
Change log
Date | Update |
2025-Jan-02 | Initial article |