At a glance: Set up a domain redirect allowlist to ensure users are redirected to verified, trustworthy domains, protecting their data and safeguarding your brand integrity.
About the redirect allowlist
Use the redirect allowlist to define a list of specific root domains and subdomains to which link redirection is allowed, to protect your links from unauthorized redirects, phishing attacks, and fraud. Once your allowlist is active, links you create via AppsFlyer will only redirect users to web URLs whose domains are in the allowlist. Otherwise, users will be sent to the app store. The redirect allowlist applies to OneLink, single-platform attribution links via partner integration, and direct attribution links for CTV, PC, and console platforms.
Set up your redirect allowlist
You can set up your allowlist manually or via CSV file. Before setup, it's recommended to verify your trusted domain list with your security team.
Manual setup
To set up manually:
1. From the top bar, open the account menu (email address dropdown) > Security Center
2. In the Redirect allowlist section, click Manage redirect allowlist.
The Redirect allowlist page opens.
3. Under the Manual tab, enter a root domain or subdomain in the Domain name field, then click Add domain to list.
- Use only letters, numbers, hyphens, and periods.
- Domains must start and end with a letter or number and can be up to 253 characters.
- Don't add prefixes, such as https://.
See also allowlist traits and limitations.
The added domains will be displayed in the right-side list.
4. Click Save list.
5. Switch on the Activate allowlist toggle.
The allowlist will be enforced on clicks within about an hour.
Note: Once activated, the allowlist can be updated but not deactivated.
Setup via CSV file
To set up via CSV file upload:
1. From the top bar, open the account menu (email address dropdown) > Security Center
2. In the Redirect allowlist section, click Manage redirect allowlist.
The Redirect allowlist page opens.
3. Click the CSV file tab, then follow the CSV file instructions to create a file containing your domain list.
4. Upload the CSV file to the upload field.
- Once the file is uploaded it will be parsed, and values will be validated.
- Valid values will be automatically added and displayed in the right-side list.
- Invalid values won’t be added. Information about invalid values will be displayed in the Upload status section so you can take the following action: review or fix the values and re-upload. See allowlist traits and limitations for more details.
5. Click Save list.
6. Switch on the Activate allowlist toggle.
Once activated the redirect allowlist will be enforced on clicks within about an hour.
Note: Once activated, the allowlist can be updated but not deactivated.
Edit the redirect allowlist
You can add or delete domains from the allowlist at any time (whether or not the list is active).
To delete a domain from the allowlist:
- On the right-side list, hover on the domain you want to delete and a delete icon will appear.
- Click the delete icon.
- Click Save list to save the change.
Note: Once saved, the updated redirect allowlist will be enforced on clicks within about an hour.
Traits and limitations
Trait | Remarks |
---|---|
Setup |
|
Applicability |
|
Domains |
|
Redirection |
If you’re unsure whether a domain your link redirects to is allowed: Review the allowlist to make sure it’s included. Or Use the Link Discovery tool. When a link is entered, an alert will appear in the Parameters column (under Redirection) if a domain isn’t in the allowlist. |