Skip to main content
To use Phantom Connect in development and production, you must configure allowed origins and redirect URLs in Phantom Portal. These settings tell Phantom where your app is allowed to run and where users can be redirected after authentication. Both are required to connect users.

Allowed origins

Allowed origins define where your app is allowed to initiate a connection from. Phantom will only connect if the request comes from one of these domains. This prevents other websites from impersonating your app.

Add allowed origins

  1. In Phantom Portal, expand your app in the left navigation and select Set Up.
  2. Scroll to Allowed Origins.
  3. Enter a domain where your app runs.
  4. Select Add.

Allowed origin requirements

  • Include the protocol (https:// for production).
  • Use exact domains only.
  • Do not include paths, query strings, or wildcards.

Examples

EnvironmentExample
Productionhttps://yourapp.com
Staginghttps://staging.yourapp.com
Local developmenthttp://localhost:3000
If your app runs in multiple environments, add each origin separately.

Redirect URLs

Redirect URLs define where users are sent after authentication. These are required for social login flows (Google, Apple) and for completing the Phantom Connect handshake. Redirect URLs can be web URLs or mobile app URIs.

Add redirect URLs

  1. In Phantom Portal, expand your app in the left navigation and select Set Up.
  2. Scroll to Redirect URLs.
  3. Enter a valid redirect URL.
  4. Select Add.

Redirect URL requirements

  • Must exactly match the URL used in your app.
  • Must be added and allowlisted in Phantom Portal before you can use it in production.
  • Multiple redirect URLs are allowed.

Examples

Use caseExample
Web apphttps://yourapp.com/auth/callback
Local developmenthttp://localhost:3000/auth/callback
Mobile appmyapp://phantom-auth-callback
When using Google or Apple login, users are redirected to one of these URLs after authentication. If the redirect URL is missing or mismatched, login will fail.

Common setup mistakes

  • Adding a redirect URL but forgetting to add the corresponding allowed origin.
  • Including paths or wildcards in allowed origins.
  • Using a redirect URL in code that hasn’t been added to Phantom Portal.
  • Using http:// for production domains.

Need help?

Contact Phantom developer support.

Next steps

Verify your domain

Previous: Verify your domain

Edit app info

Next: Add your app information