initiateOAuth API uses different redirect_uri than dashboard breaks Snapchat, Pinterest, and other connectors #75516
Description
Summary
The POST /v1/sources/initiateOAuth API endpoint generates consent URLs with redirect_uri=https://api.airbyte.com/v1/oauth/callback, but the Airbyte Cloud dashboard uses redirect_uri=https://cloud.airbyte.com/auth_flow. Some platforms only have the dashboard URI registered in Airbyte's OAuth app, causing the API flow to fail while the dashboard flow works perfectly.
Affected Connectors (confirmed)
| Connector | Dashboard OAuth | API initiateOAuth |
Error |
|---|---|---|---|
| Snapchat Marketing | ✅ Works | ❌ Fails | "Failed to load authorization data" |
| ✅ Works | ❌ Fails | "The provided redirect URI does not match the registered URI" |
Steps to Reproduce
1. Via API (fails):
curl -X POST https://api.airbyte.com/v1/sources/initiateOAuth \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"redirectUrl": "https://myapp.com/callback",
"workspaceId": "YOUR_WORKSPACE_ID",
"sourceType": "snapchat-marketing",
"oAuthInputConfiguration": {}
}'The returned consentUrl contains:
redirect_uri=https://api.airbyte.com/v1/oauth/callback
Opening this URL in a browser shows "Authorization Error - Failed to load authorization data" on Snapchat's OAuth page.
2. Via Dashboard (works):
- Go to Airbyte Cloud → Sources → New Source → Snapchat Marketing
- Click "Authenticate your Snapchat Marketing account"
- The consent URL contains:
redirect_uri=https://cloud.airbyte.com/auth_flow
- Snapchat authorization page loads correctly ✅
Root Cause
The initiateOAuth API hardcodes redirect_uri=https://api.airbyte.com/v1/oauth/callback in the consent URL, regardless of the redirectUrl parameter passed in the request body (that parameter is used for the secondary redirect after Airbyte processes the callback).
Some OAuth platform apps (Snapchat, Pinterest) only have https://cloud.airbyte.com/auth_flow registered as a valid redirect URI, not https://api.airbyte.com/v1/oauth/callback. This means the API-based OAuth flow (used by "Powered by Airbyte" integrations) fails for these connectors.
Evidence
Snapchat consent URL from dashboard:
accounts.snapchat.com/accounts/oauth2/auth?client_id=05dc1c49-77c5-4fb0-b7c1-2a6226e83146&redirect_uri=https%3A%2F%2Fcloud.airbyte.com%2Fauth_flow&...
Snapchat consent URL from API:
accounts.snapchat.com/login/oauth2/authorize?client_id=05dc1c49-77c5-4fb0-b7c1-2a6226e83146&redirect_uri=https%3A%2F%2Fapi.airbyte.com%2Fv1%2Foauth%2Fcallback&...
Same client_id, different redirect_uri. Snapchat rejects the API one.
Expected Behavior
Both https://cloud.airbyte.com/auth_flow AND https://api.airbyte.com/v1/oauth/callback should be registered as valid redirect URIs in Airbyte's OAuth apps for ALL connectors that support the initiateOAuth API.
Impact
This blocks "Powered by Airbyte" / embedded use cases where the initiateOAuth API is the only way to programmatically initiate OAuth. Users who embed Airbyte into their SaaS products cannot use Snapchat Marketing, Pinterest, and potentially other connectors via the API.
Environment
- Airbyte Cloud (not self-hosted)
airbyte-apiSDK v0.53.0- Tested: March 2026
Internal Tracking: https://github.com/airbytehq/oncall/issues/11799