When using our API as part of a native or mobile app we recommend the following practices to handle the authorisation process and redirects.
Mobile apps have the choice to open urls either on a webview or the device browser. We recommend using the device browser to open the authorisation url as it is known that session cookies and any other data stored in local storage is not shared between webviews and the device browser.
Some of our authorisation flows, such as payments, rely on session cookies to be able to finalise the payment once that the user is redirected back from the bank so it is important that the same browser instance starts and finalise the authorisation.
In order to handle the redirect directly in your mobile app without needing an intermediate web page we recommend setting up Universal links for iOS and Android app links.
This will allow for the mobile device to open automatically your app so it can handle the redirect.
Here are the following guides:
Updated 6 months ago