I see option for providing values for “Allowed Callback URLs” property on the application settings page for machine to machine type. I also see description says "After the user authenticates we will only call back to any of these URLs. ".
In m2m - there is no user authentication. How and when this would be called ?
For testing I did add a valid URL to this property and tested accessing the API protected by this m2m application and it was not called.
Please let me know if I am doing something wrong or missing something.