# Overview

This guide walks you through setting up your product on AppSumo, including configuring both Webhook and OAuth Redirect URLs, validating them, and obtaining your OAuth keys. For detailed information, refer to User login (OAuth) and Webhooks.

# Prerequisites

OAuth Redirect URL: Must handle GET requests.
Webhook URL: Must handle POST requests.
OAuth Keys: client_id and client_secret
- This will be accessible once the specified URLs are validated and your listing or settings have been submitted.

# Configuration and URL Validation

Access Settings: Go to the AppSumo Partner Portal (opens new window) and select your product.

For AppSumo Select Partners, click the "API settings" link. For Self-listed partners, click anywhere in the row (as shown below).

Select Partners

# Validate both Webhook and OAuth URLs:

OAuth Redirect URL: Pre-validate by receiving a GET request without any included payload.
- This URL must return a 200 OK status code.

After a user authorizes your application on AppSumo via OAuth, they are redirected back to your app with an authorization code in the URL.

Important: Ensure that the validated OAuth Redirect URL in AppSumo aligns with the URL on your backend where you want to direct new customers to complete required information and finalize the sign-up process, including providing their email and new account password.

See User login (OAuth) for more information.

Oauth Redirect Config

Webhook URL: Pre-validate by receiving a POST request with a field called test in the body.
- This URL must return a 200 OK with a JSON response indicating success = true and the event type it received.
- For the initial test, you must respond to/with the following event types:
  1. activate
  2. deactivate
  3. purchase (optional)

Webhook URL

# Example of a successful response to the webhook (in JSON format):

{
  "event": "activate",
  "success": true
}

Refer to the Webhooks section for an overview, and see the guidance on Sending a successful response to learn how to process your webhooks effectively.

# Post-Validation

# OAuth keys

After validating both your Webhook and OAuth Redirect URLs, your OAuth keys (client_id and client_secret) will be generated. You can locate these keys on your product page in the AppSumo Partner Portal (opens new window). The keys are hidden by default; click the eye icon to view them (as shown below):

Private keys

# Live Webhooks and License history

Now that your URLs are validated and OAuth keys are secured, you can start interacting with the buy button within your Product Detail Page on AppSumo (opens new window) (TidyCal used here as an example) using the developer credits assigned to you by our Launch Operations team.

Live payloads will now be sent (as demonstrated later in this guide) for you to access and store real-time data.

You can access your License History UI in the API settings section of the AppSumo Partner Portal (opens new window).

License History Navigation

License History

# Next steps

For more in depth information on validating URLs and what to do after submitting your application:
- OAuth, see User login (OAuth)
- Webhooks, see Webhooks

← Home Overview →