URL Overview
This page provides an overview and examples for the different URL types used with Corbado.
Based on your application setup (e.g. does it have different URL / ports for frontend and backend) and the selected integration mode, different URLs need to be handled. See the following overview to get specific examples:
1. Authorized origin
Required: yes
Description
The full URL (incl. protocol & port, no path) that the user sees in the browser and from where JavaScript calls to Corbado are made.
It’s needed to make CORS requests possible.
Example
| Prod | Local |
|---|---|
| https://www.my-application.com | http://localhost:8080 |
2. Application URL
Required: only in web component (previous)
Description
The location (incl. protocol, port & path) where the web component runs. For example, it’s used to correctly redirect users in email magic links.
Often, it’s on the same domain like the authorized origin.
| Prod | Local |
|---|---|
| https://www.my-application.com/login | http://localhost:8080/login |
3. Redirect URL
Required: only in web component (previous)
Description
Depending on your decision to use Corbado’s session management or your own session management, the Redirect URL has different purposes.
In any case, the Redirect URL (incl. protocol, port & path) is the location where the user is redirected to after successful authentication.
If you use Corbado’s session management, the Redirect URL receives a short-term session as cookie or header.
If you use your own session management, the Redirect URL is appended a corbadoAuthToken as GET parameter (query string).
Example
| Prod | Local |
|---|---|
https://www.my-application.com/logged-in | http://localhost:8080/logged-in |
4. Preview URL
Required: provided by Corbado
Description
The location (incl. protocl, port & path) where your preview runs.
Example
| Prod | Local |
|---|---|
| https://<project ID>.preview.corbado.io | n/a |
5. CNAME
Required: no
Description
THE CNAME DNS address (no protocol, port or path) that can be used instead of Corbado’s default Frontend API URL. The CNAME needs to point to “<Project-ID>.frontendapi.corbado.io”.
Example
| Prod | Local |
|---|---|
| login.my-application.com | login.my-application.com |
6. Webhooks URL
Required: optional
Description
The location (incl. protocol, port & path) in your backend that receives calls from Corbado to handle existing users.
Example
| Prod | Local |
|---|---|
| https://www.my-application.com/v1/corbado/webhooks | http://localhost:8080/v1/corbado/webhooks |
7. Relying Party ID
Required: yes
Description
The Relying Party ID is the domain (no protocol, port or path) where passkeys are bound to. By default it will be set to <project ID>.frontendapi.corbado.io. You can only use passkeys in a web component that runs in a matching domain of the Relying Party ID. Matching domains means that it’s either the same or a subdomain of the Relying Party ID.
Example
| Prod | Local |
|---|---|
| pro-123456789.frontendapi.corbado.io or my-application.com | localhost |