How the App‑to‑App Allow List Works

This topic describes the App‑to‑App allow list configuration options. You use the allow list to manage the apps and URLs that can receive data from the TrueContext Mobile App in a callback.

Available on the Advanced and Enterprise tiers:

Essentials
Advanced
Enterprise

The App‑to‑App allow list:

  • Specifies which URLs and apps can receive information from the TrueContext Mobile App in a callback, but not the information to send. If you want to send specific answers from a form, you can configure up to five custom callback parameters.

  • Applies only to callbacks from the TrueContext Mobile App (x-success, x-cancel, or x-error), not inbound requests to the TrueContext Mobile App.

  • Applies only to the Advanced and Enterprise tiers.

Tip:Inbound requests to the TrueContext Mobile App are secure and supported on all tiers.

The default allow list settings depend on when your team was created:

  • For teams created before February 23, 2021, the allow list defaults to all callbacks allowed.

  • For teams created after February 23, 2021, the allow list defaults to no callbacks allowed.

Note:In both cases, we recommend that you configure a custom App‑to‑App allow list.

The allow list behavior depends on how you configure it:

Callbacks allowed to specific apps and URLs

Add up to ten URLs and app protocols to the allow list. Any URL or app on the allow list receives all of the standard callback information and any custom callback parameters defined for a form.

In the following example, the allow list includes:

shortcuts://

https://www.company.com/

Note:Any app protocol or URL not listed causes the entire App‑to‑App request to fail.

Tip:This example uses a proprietary TrueContext test app called pftest.

Info:We're now TrueContext.

To support both new and existing integrations, the TrueContext App‑to‑App URL scheme will remain prontoforms:// with alternative https://prontofor.ms/.

For more detailed information about what’s changing, visit https://support.truecontext.com/hc/en-us/articles/19516168513556

Request Result Reason 
prontoforms://x-callback-url/open?name=Work%20Order
 Succeeds No callback specified 
prontoforms://x-callback-url/open?name=Work%20Order&x-success=shortcuts://success
 Succeeds shortcuts:// is allowed 
prontoforms://x-callback-url/open?name=Work%20Order&x-success=pftest://success
 Fails pftest:// is not allowed 
prontoforms://x-callback-url/open?name=Work%20Order&x-success=shortcuts://success
&x-error=pftest://error
 Fails shortcuts:// is allowed, but pftest:// is not allowed
No callbacks allowed
Request Result Reason 
prontoforms://x-callback-url/open?name=Work%20Order
 Succeeds No callback specified 
prontoforms://x-callback-url/open?name=Work%20Order&x-success=pftest://success
 Fails Callback specified
All callbacks allowed (not recommended)

Warning:If you share data from forms in App‑to‑App callbacks, we recommend that you define an allow list. This limits the URLs and apps that can receive the data and guards against unintended sharing of information.

Request Result Reason 
prontoforms://x-callback-url/open?name=Work%20Order
 Succeeds No callback specified 
prontoforms://x-callback-url/open?name=Work%20Order&x-success=pftest://success
 Succeeds All callback requests allowed