During the app authorization process, our servers use redirect URIs to send users after they agree to let your app access their QuickBooks Online company file.
It’s also where your app sends requests from and our servers send responses to when users connect to your app.
Code at the URI location needs to process the initial authorization server request, construct requests for access and refresh tokens, and manage tokens. The Intuit OAuth 2.0 Server can only redirect and send responses to registered URIs.
Each app has two URIs: one for testing environments (i.e. sandboxes), and another for live, in-production apps.
During development, you also need to register redirect URIs for third-party testing platforms (Postman, Insomnia, etc) that need to connect with your sandbox company.
Important: HTTP redirect URIs must be protected with TLS security. The Intuit OAuth 2.0 Server can only redirect to URIs beginning with https. IP addresses aren’t allowed. This prevents access token interception during the authorization process.