Allow specific URL patterns

To prevent unauthorized parties from using your API key to create Dynamic Links that redirect from your domain to sites you don't own, you should specify the URLs your Dynamic Links can redirect to.


To specify the allowed URLs, click 3 dot menu icon> Allowlist URL pattern from the Dynamic Links page of the Firebase console, and then specify up to 10 regular expressions using RE2 syntax. Only URLs that match one of these regular expressions can be successfully used as a Dynamic Link's deep link (link) or fallback link (afl, ifl, ipfl, ofl). If you specify URL patterns, any URL that doesn't match one of the patterns will cause your Dynamic Links to return HTTP error 400.

You should make your URL patterns as restrictive as possible. For example:

Too permissive Better

^https://.*.com/.*$

Can redirect to any page on any site ending with .com.

^https://mybrand\.com/.*$

Can redirect only to pages at mybrand.com.

^https://play.google.com/.*$

Can redirect to any app's Play Store page.

^https://play\.google\.com/.*id=myapp\.com$

Can redirect only to Play Store pages for the app with the package name myapp.com.

^https://itunes.apple.com/.*$

Can redirect to any page on itunes.apple.com.

^https://itunes\.apple\.com/.*id123$

Can redirect only to the App Store page for the app with the ID id123.

 

You can make sure a Dynamic Link's deep link and fallback links match one of your URL patterns by viewing the Dynamic Link's debug page and verifying there are no warnings:

https://example.page.link/WXYZ?d=1

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
16090397363549562212
true
Search Help Center
true
true
true
true
true
5054967