How the App‑to‑App Allow List Works

This topic describes the App‑to‑App allow list configuration options. You use the allow list to manage the apps and URLs that can receive data from the TrueContext Mobile App in a callback.

Available on the Advanced and Enterprise tiers:

Essentials
Advanced
Enterprise

The App‑to‑App allow list:

  • Specifies which URLs and apps can receive information from the TrueContext Mobile App in a callback, but not the information to send. If you want to send specific answers from a form, you can configure up to five custom callback parameters.

  • Applies only to callbacks from the TrueContext Mobile App (x-success, x-cancel, or x-error), not inbound requests to the TrueContext Mobile App.

  • Applies only to the Advanced and Enterprise tiers.

Tip:Inbound requests to the TrueContext Mobile App are supported on all tiers.

The default allow list settings depend on when your team was created:

  • For teams created before February 23, 2021, the allow list defaults to all callbacks allowed.

  • For teams created after February 23, 2021, the allow list defaults to no callbacks allowed.

Note:In both cases, we recommend that you configure a custom App‑to‑App allow list.

The allow list behavior depends on how you configure it:

Callbacks allowed to specific apps and URLs

Add up to ten URLs and app protocols to the allow list. Any URL or app on the allow list receives all of the standard callback information and any custom callback parameters defined for a form.

In the following example, the allow list includes:

shortcuts://

https://www.company.com/

Note:Any app protocol or URL not listed causes the entire App‑to‑App request to fail.

Tip:This example uses a proprietary TrueContext test app called pftest.

Info:We're now TrueContext.

Use truecontext:// or tcxt:// in your App‑to‑App calls.

To maintain existing integrations, TrueContext will continue to support prontoforms:// and the alternative https://prontofor.ms/.

For more detailed information about what’s changing, visit https://support.truecontext.com/hc/en-us/articles/19516168513556

Request Result Reason
truecontext://x-callback-url/open?name=Work%20Order
Succeeds No callback specified
truecontext://x-callback-url/open?name=Work%20Order&x-success=shortcuts://success
Succeeds shortcuts:// is allowed
truecontext://x-callback-url/open?name=Work%20Order&x-success=pftest://success
Fails pftest:// is not allowed
truecontext://x-callback-url/open?name=Work%20Order&x-success=shortcuts://success
&x-error=pftest://error
Fails shortcuts:// is allowed, but pftest:// is not allowed
No callbacks allowed
Request Result Reason
truecontext://x-callback-url/open?name=Work%20Order
Succeeds No callback specified
truecontext://x-callback-url/open?name=Work%20Order&x-success=pftest://success
Fails Callback specified
All callbacks allowed (not recommended)

Warning:If you share data from forms in App‑to‑App callbacks, we recommend that you define an allow list. This limits the URLs and apps that can receive the data and guards against unintended sharing of information.

Request Result Reason
truecontext://x-callback-url/open?name=Work%20Order
Succeeds No callback specified
truecontext://x-callback-url/open?name=Work%20Order&x-success=pftest://success
Succeeds All callback requests allowed