Allowed link domains

At a glance: Define domains and subdomains to which link redirections are allowed, in order to protect your links from unauthorized redirects and fraud.

Allowed link domains


Allowed link domains lets you create an allowlist of specific domains and subdomains. Once your allowlist is active, links you create via AppsFlyer (either with a OneLink method or single-platform attribution links) only redirect users to web URLs if the domain is in your allowlist. Otherwise, users are sent to the app store.

This protects your links from fraudulent redirects and phishing attacks. 


  • Allowed link domains is an optional feature, and inactive by default. You must add at least one domain and activate the allowlist to protect your links.
  • The allowlist is at the account level and applies to all apps in the account.
  • Only an account admin can create/edit the allowlist.
  • Only domains and subdomains are allowed, not specific paths. All paths within the specific domain/subdomain are allowed.
  • The allowlist affects all the links created via AppsFlyer, either with a OneLink method or single-platform attribution links, whether they were created before or after the allowlist was activated.
  • The allowlist supports and protects redirections for the following parameters:
    • af_r
    • af_web_dp
    • af_ios_url
    • af_android_url
  • Up to 20 domains/subdomains can be added to the allowlist.

Setup and delete

AppsFlyerAdmin_us-en.png These procedures must be performed by an account admin.

To set up Allowed link domains:

  1. From the menu bar, access the user menu (email address drop-down).
  2. Select Security center.
  3. In the OneLink allowlist section, click Set allowlist to access the Login security page.
  4. Scroll down to the Allowed link domains section.
  5. Enter a domain or subdomain.
  6. Click Apply.
  7. [Optional] Click + Domain to add an additional domain or subdomain to the list.
  8. Activate the allowlist.
    Note: You must add at least one domain or subdomain to the allowlist before you can activate it.

To delete a domain:

  1. Click the trash icon next to the domain you want to delete.
  2. In the confirmation popup, click Delete.



Was this article helpful?