# Getting started
# Prerequisites
- Approved AppSumo Application: Your product must be approved on AppSumo.
- OAuth Redirect URL: A URL capable of processing OAuth requests.
- OAuth Keys:
client_id
andclient_secret
keys, which are available once your URLs are validated.
# OAuth Redirect URL
Redirect URLs are essential for the OAuth flow, guiding users back to your app with an authorization code
after access is granted. Ensure this URL securely handles requests and is validated with a 200 OK
response from the AppSumo Partner Portal.
Because the OAuth Redirect URL will contain sensitive information, it is critical that the service doesn’t redirect the user to arbitrary locations.
To add a Redirect URL, visit the AppSumo Partner Portal (opens new window) and select your product. In order to save the URL, AppSumo must get a successful 200 OK
response.
Important: Ensure that the validated OAuth Redirect URL in AppSumo aligns with the URL on your backend where you want to direct new customers to complete required information and finalize the sign-up process, including providing their email and new account password.
# Best practice example:
Upon completing a purchase
on AppSumo, users will activate
their license and be redirected to the sign-up page you provided in your OAuth configuration. On this page, they will input their email, password, and any required details to create an account, ensuring they receive the correct license tier
and associated feature limits.
# Testing
When saving your OAuth Redirect URL in the AppSumo Partner Portal:
- AppSumo will send a
GET
request without any included payload to validate it. - The URL must respond with a
200 OK
status code to be deemed valid. - Once validated, live payloads will be sent to your URL as detailed in this guide. Live payloads are only sent when interacting with your AppSumo Product Detail Page.
You can test and adjust these URL settings in the AppSumo Partner Portal (opens new window) when setting up your listing or anytime after submission, even if initial URL validation was not completed.
# OAuth keys
After validating both your Webhook and OAuth Redirect URLs, your OAuth keys (client_id
and client_secret
) will be generated.
You can locate these keys on your product page in the AppSumo Partner Portal (opens new window). The keys are hidden by default; click the eye icon to view them (as shown below).