The redirect URL is where the user gets sent after they authorize your application. The 400 is most likely due to not sending a Client-ID header or client_id query parameter containing the Client ID of the application you registered (it’s on the same page where you set the redirect URL).