{"meta":{"title":"About the setup URL","intro":"You can specify a URL that users will be redirected to after they install a GitHub App.","product":"Apps","breadcrumbs":[{"href":"/en/apps","title":"Apps"},{"href":"/en/apps/creating-github-apps","title":"Creating GitHub Apps"},{"href":"/en/apps/creating-github-apps/registering-a-github-app","title":"Registering a GitHub App"},{"href":"/en/apps/creating-github-apps/registering-a-github-app/about-the-setup-url","title":"Setup URL"}],"documentType":"article"},"body":"# About the setup URL\n\nYou can specify a URL that users will be redirected to after they install a GitHub App.\n\nWhen you register a GitHub App, you can specify a setup URL. When users install your GitHub App, they are redirected to the setup URL. If additional setup is required after installation, you can use this URL to tell users what steps to take next.\n\nIf you specify a setup URL, you can also select **Redirect on update** to specify that users should be redirected to the setup URL after they update an installation. An update includes adding or removing access to a repository for an installation.\n\n> \\[!WARNING]\n> When GitHub redirects users to the setup URL, it includes an `installation_id` query parameter. Bad actors can hit this URL with a spoofed `installation_id`. Therefore, you should not rely on the validity of the `installation_id` parameter. Instead, you should generate a user access token for the user who installed the GitHub App and then check that the installation is associated with that user. For more information, see [Generating a user access token for a GitHub App](/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app).\n\nAlthough the setup URL is optional during GitHub App registration, it is required if you want to allow users to purchase your app in GitHub Marketplace. For more information, see [Handling new purchases and free trials](/en/apps/publishing-apps-to-github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials).\n\nThe setup URL is different from the callback URL. Users are redirected to the setup URL after they install a GitHub App. Users are redirected to the callback URL when they authorize a GitHub App via the web application flow. For more information, see [About the user authorization callback URL](/en/apps/creating-github-apps/setting-up-a-github-app/about-the-user-authorization-callback-url).\n\nFor more information about registering a GitHub App, see [Registering a GitHub App](/en/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app). For more information about modifying a GitHub App registration, see [Modifying a GitHub App registration](/en/apps/maintaining-github-apps/modifying-a-github-app)."}