diff --git a/.env.example b/.env.example
index 53fa4b8d..b0c9d1bf 100644
--- a/.env.example
+++ b/.env.example
@@ -25,3 +25,5 @@ COLANDR_FILESYSTEM_GCS_ENDPOINT_URL="http://colandr-gcs:4443"  # dev-only!
 COLANDR_METADATA_THRESHOLD=0.65
 COLANDR_METADATA_INCREASE_TO_RETRAIN=5
 COLANDR_METADATA_MIN_TO_TRAIN=40
+# misc
+# COLANDR_FE_APP_SITE="https://colandr.datakind.org"  # prod-only!
diff --git a/colandr/apis/auth.py b/colandr/apis/auth.py
index 7e12140d..a98f2ae5 100644
--- a/colandr/apis/auth.py
+++ b/colandr/apis/auth.py
@@ -162,8 +162,12 @@ def post(self, args):
         current_app.logger.info("%s successfully registered", user)
 
         access_token = jwtext.create_access_token(identity=user, fresh=True)
-        confirm_url = url_for(
-            "auth_confirm_registration_resource", token=access_token, _external=True
+        confirm_url = (
+            f"{current_app.config['FE_APP_SITE']}{ns.path}/register/confirm?token={access_token}"
+            if current_app.config["FE_APP_SITE"]
+            else url_for(
+                "auth_confirm_registration_resource", token=access_token, _external=True
+            )
         )
         html = render_template(
             "emails/user_registration.html",
@@ -227,8 +231,6 @@ class ResetPasswordResource(Resource):
                 "required": True,
                 "description": "email of user whose password is to be reset",
             },
-            # 'server_name': {'in': 'query', 'type': 'string', 'default': None,
-            #                 'description': 'name of server used to build confirmation url, e.g. "http://www.colandrapp.com"'},
         },
         responses={
             200: "user was created (or would have been created if test had been False)",
@@ -236,10 +238,7 @@ class ResetPasswordResource(Resource):
         },
     )
     @use_kwargs(
-        {
-            "email": ma_fields.Str(required=True, validate=Email()),
-            # "server_name": ma_fields.Str(load_default=None),
-        },
+        {"email": ma_fields.Str(required=True, validate=Email())},
         location="query",
     )
     def post(self, email):
@@ -253,10 +252,14 @@ def post(self, email):
             )
         else:
             access_token = jwtext.create_access_token(identity=user, fresh=False)
-            confirm_url = url_for(
-                "auth_confirm_reset_password_resource",
-                token=access_token,
-                _external=True,
+            confirm_url = (
+                f"{current_app.config['FE_APP_SITE']}{ns.path}/reset?token={access_token}"
+                if current_app.config["FE_APP_SITE"]
+                else url_for(
+                    "auth_confirm_reset_password_resource",
+                    token=access_token,
+                    _external=True,
+                )
             )
             html = render_template(
                 "emails/password_reset.html",
diff --git a/colandr/config.py b/colandr/config.py
index 1e2d2504..ce4d364e 100644
--- a/colandr/config.py
+++ b/colandr/config.py
@@ -44,6 +44,7 @@
 # CACHE_REDIS_HOST = os.environ.get("COLANDR_REDIS_HOST", "localhost")
 
 # api auth keys config
+FE_APP_SITE = os.environ.get("COLANDR_FE_APP_SITE")
 JWT_SECRET_KEY = os.environ.get("COLANDR_JWT_SECRET_KEY")
 JWT_ACCESS_TOKEN_EXPIRES = datetime.timedelta(hours=3)
 JWT_REFRESH_TOKEN_EXPIRES = datetime.timedelta(days=7)