App properties

Here's a brief explanation of each of the app properties you'll see when registering and customizing your app. We've listed them in alphabetical order.

Allowlist domains

An allowlist of CORS domains. You may use an asterisk (*) as a wildcard for part of a domain.


  • *

App description

The description of the app. This text appears in My apps, so that you may describe the app's intended function.


  • My Awesome App does a, b, and c. It does not do x, y or z.

App name

The name of your app. The App name appears in the following locations:

  • Your company's integrations.
  • Integrations.
  • On the MURAL user consent screen and within error messaging.


  • My Awesome App

Connect link

The URL of the setup instructions for the app. This is a reliable link used to take users to the app homepage. It is used when:

  • The user clicks the app card on Integrations.
  • The user clicks the "Go Back to {clientName}" button at the bottom of error message screens, such as if OAuth fails.



Learn more link

The URL of your app's documentation or home page. It is displayed on the unlisted details page, to give admins broader context of app usage.



Permission scopes

An allowlist of scopes that the app may access. If the app attempts to access scopes outside this allowlist (during OAuth flow initialization), the default "Uh-oh page" is displayed.

Changing an app's permission scopes after an app is installed can affect the user experience. See Making changes to scopes for more information.


  • rooms:read
  • workspaces:read
  • murals:write

Promotional image

The URL of an image, used as the app logo. It is displayed on My apps, the consent screen, and on Integrations. If the URL is not valid, a warning icon is displayed in place of the image in My apps and a default browser broken image on the consent screen and Integrations.




A short and catchy description of your app that shows on the Integrations page. Think of your summary as an elevator pitch about your app. This description shows up on the Integrations catalog card with the Connect link.

Redirect URLs

An allowlist of all redirect URLs accepted for completing the OAuth flow. If the redirect URL is not in this list, the error message text is displayed when initializing the OAuth flow.

If you're testing the API through Postman, a common redirect URL is



Reject URL

The URL of a page to display for the following errors:

  • The requested scopes are empty. This indicates an issue with OAuth flow.
  • The company that the user belongs to does not allow this application for their users. This indicates a configuration issue on the company side.



The single reject URL is used for all error types listed above. If not defined, the default "Uh-oh page" is used: