To perform a postback, which will send the information to your site, you should use the following in your application manifest: 

{
  "modules" : [
    {
     "type" : "ExternalApplication",
"parameters": [{"name": "PostbackUrl", "value": "http://www.google.co.uk?token=[{TOKEN}]&tracking=[{TRACKING}]"}]
    }
   ]
}

  

Save the manifest, create new version and set that version to live. The tracking code is the tracking code you provide on the install (eg. https://apps.linnworks.net/Authorization/Authorize/9bc0919d-f2a0-4179-bfea-4e5eab5fd885?Tracking=1234tracking)


When a user installs this now, it will send it back to your website with a token. You should take this token, pass it into AuthorizeByApplication. This will then return a session with a user email and id. You can then use the token for the session and server for the session to make API calls.