There are two distinct types of applications used for authorizing access to a data source;

  1. Ready-to-go Openbridge app

  2. A customer-created app

Openbridge Apps

An Openbridge app reflects an application that we have established at the upstream data source. Typically this involved the creation, configuration, management, and monitoring of the application. Part of that process also includes verification and certification which often will grant an Openbridge app;

  • Increased throughput (i.e., increasing the volume of API calls)

  • Expanded access (i.e., access to more API endpoints)

  • Restricted access (i.e, access to API resources that require certification or approvals)

For example, the Openbridge Selling Partner App for SP-API was authorized to collect PII data after a rigorous review process with Amazon. Customers may prefer to leverage the Openbridge SP-API app rather than undertake a similar process with Amazon.

Openbridge invests significant time and energy in working through official developer programs established by Amazon, Facebook, Google, Stripe, and many others. Companies require developers that participate in programs to undertake rigorous audits, reviews, and compliance monitoring to be approved as a user of their systems.

Openbridge takes developer and partner commitments seriously, which means adhering closely to appliable data protection and acceptable use policies for each API we leverage on our customer's behalf.

Customer Apps (Bring Your Own App)

Openbridge supports customers using their own applications. For example, a customer can create a private Shopify partner app specific to a merchant. Openbridge will leverage the customer's Shopify app when making data requests.

Like Openbridge, customers may have already invested in building an app for a particular data source. As a result, they want to continue to leverage those investments.

Configuring Your App

A "Bring Your Own App" only supports OAuth-based apps that allow third-party authentication.

While the specifics may vary from app to app, most Oauth-based applications will require a client or app ID and client or app secret. Both the ID and secret codes will be required for Openbridge to connect to your app. Also, Oauth apps will require a redirect URI, OAuth Redirect URI, or Callback URL. A Callback URL is where the app will respond with the appropriate access token.

  • App URL:<productId>/<productId>?stage=credentials

The <productId> will be supplied to you in the specific connector configuration screen

  • Redirect/Callback URL:

You must make sure that you enter the Openbridge URL. Without the Openbridge Callback URL registered in your app, we will not be able to properly authenticate your app and receive an access token.

Most apps restrict access to verified domains. Your app may require Openbridge domains must be associated with the app including the homepage URL, terms of service URL, and privacy policy URL.

  • Homepage/Domain:

  • Terms:

  • Privacy:

Customers are responsible for the ongoing management, monitoring, and operations of their app.


  • Copy the client secret when presented as it may appear only once.

  • Make sure there is no added space to the end of the ID or Secret. This may cause the credentials to fail if there are any extra spaces included during a "copy and paste".

  • Most apps will not accept IP Addresses and Openbridge does not support them either.

  • The callback URL will be HTTPS, make sure you do not type HTTP.


Did this answer your question?