Links

URL overview

This page provides an overview and examples for the different URL types used with Corbado.
Based on your application setup (e.g. does it have different URL / ports for frontend and backend) and the selected integration mode, different URLs need to be handled. See the following overview to get specific examples:

1. Authorized origin

Required: yes

Description

The full URL (incl. protocol & port, no path) that the user sees in the browser and from where JavaScript calls to Corbado are made.
It's needed to make CORS requests possible.

Example

Prod
Local
https://www.my-application.com
http://localhost:8080

2. Application URL

Required: only in web component (previous)

Description

The location (incl. protocol, port & path) where the web component runs. For example, it’s used to correctly redirect users in email magic links.
Often, it’s on the same domain like the authorized origin.
Prod
Local
https://www.my-application.com/login
http://localhost:8080/login

3. Redirect URL

Required: only in web component (previous)

Description

Depending on your decision to use Corbado's session management or your own session management, the Redirect URL has different purposes.
In any case, the Redirect URL (incl. protocol, port & path) is the location where the user is redirected to after successful authentication.
If you use Corbado's session management, the Redirect URL receives a short-term session as cookie or header.
If you use your own session management, the Redirect URL is appended a corbadoAuthToken as GET parameter (query string).

Example

Prod
Local
https://www.my-application.com/logged-in with corbadoAuthToken: https://www.my-application.com/logged-in?corbadoAuthTOken= 5FClU6XEWynC4dQ2W34LGERlHYGPe8PHs9zUhxgrSbVj9FNupp5lE5z4lMoRpDlP
http://localhost:8080/logged-in with corbadoAuthToken: http://localhost:8080/logged-in?corbadoAuthToken= 5FClU6XEWynC4dQ2W34LGERlHYGPe8PHs9zUhxgrSbVj9FNupp5lE5z4lMoRpDlP:8080

4. Preview URL

Required: provided by Corbado

Description

The location (incl. protocl, port & path) where your preview runs.

Example

Prod
Local
https://<project ID>.preview.corbado.io
n/a

5. CNAME

Required: no

Description

THE CNAME DNS address (no protocol, port or path) that can be used instead of Corbado’s default Frontend API URL. The CNAME needs to point to “<Project-ID>.frontendapi.corbado.io”.

Example

Prod
Local
login.my-application.com
login.my-application.com

6. Webhooks URL

Required: optional

Description

The location (incl. protocol, port & path) in your backend that receives calls from Corbado to handle existing users.

Example

Prod
Local
https://www.my-application.com/v1/corbado/webhooks
http://localhost:8080/v1/corbado/webhooks

7. Relying Party ID

Required: yes

Description

The Relying Party ID is the domain (no protocol, port or path) where passkeys are bound to. By default it will be set to <project ID>.frontendapi.corbado.io. You can only use passkeys in a web component that runs in a matching domain of the Relying Party ID. Matching domains means that it's either the same or a subdomain of the Relying Party ID.

Example

Prod
Local
pro-123456789.frontendapi.corbado.io or my-application.com
localhost