Getting Started

OAuth App Approval Process

How to get your app from testing to production

3 mins
Beginner

Important: You cannot go to production immediately after creating an OAuth app. DoorFlow reviews all applications before they can access customer accounts.

The Workflow

flowchart TD Start([Create OAuth App]) --> Wait1[Wait 1–2 business days] Wait1 --> Sandbox[Sandbox DoorFlow Account Created] Sandbox --> Develop[Develop your application] Develop --> Test{Ready for production?} Test --> Request[Email developers@doorflow.com to request approval] Request --> Wait2[Wait 1–2 business days] Wait2 --> Review{DoorFlow Review} Review -->|Changes needed| Feedback[Receive feedback] Feedback --> Fix[Make required changes] Fix --> Request Review -->|Approved| Live[App goes Live] Live --> Customers[Customers can authorize your app]

1. Testing Mode (Setup Required)

When you create an OAuth app, it starts in Testing mode:

  • We create a DoorFlow sandbox account for you
  • Access to virtual channels that generate test events
  • Full API access for development
  • Can test OAuth flow with test credentials

Timeline: 1-2 business days for sandbox account setup.

2. Request Approval

When you're ready for production:

What we review

Application name and description
Requested OAuth scopes
Redirect URIs
Webhook endpoints (if applicable)
Security implementation
Intended use case

3. Approved Mode (Production)

After approval, your app is Live:

  • Can be authorized by any DoorFlow customer
  • Access to production customer accounts
  • Listed in DoorFlow's application gallery (optional)

You cannot make significant changes to your integration after approval without re-review.

Why Approval is Required

Physical access control requires careful vetting:

  • Apps control real building access
  • Security review protects all customers
  • Ensures proper OAuth implementation
  • Verifies appropriate scope requests
  • Prevents malicious applications

This isn't arbitrary bureaucracy - it's a fundamental security requirement for physical access systems.

Timeline

  • Sandbox setup: 1-2 business days after creating app
  • Testing: As long as you need
  • Approval review: 1-2 business days after you request it
  • Go live: As soon as approved

What You Need Before Requesting Approval

  • Tested OAuth flow thoroughly
  • Implemented token refresh correctly
  • Verified webhook signatures (if using webhooks)
  • Tested with DoorFlow test account
  • Finalized redirect URIs
  • Finalized scope requests
  • Ready for customer use

Common Questions

Can I test with real customer accounts before approval?

No. Testing mode only works with the provided test account. This protects customer data.

What if I need to change my redirect URI after approval?

Contact developers@doorflow.com. Changes to approved apps require re-review.

Can I have multiple apps?

Yes. Each app goes through the same testing → approval workflow.

Do I need approval for internal-only tools?

Yes. All apps that access DoorFlow customer accounts require approval, even internal tools.

What if my approval is denied?

We'll explain why and what needs to change. You can resubmit after addressing the issues.

Next Steps

Just starting?

  1. Create your OAuth app (starts in Testing mode)
  2. Follow [Your First API Request]
  3. Test thoroughly with test account
  4. Request approval when ready

Ready for approval? Email developers@doorflow.com with:

  • Your app name
  • Brief description of what it does
  • Confirmation you've tested thoroughly

On this page