Manage Access Tokens

Token-based authentication is a secure way to verify a user's identity when accessing APIs. NAF apps use access tokens, which grant access to Narmi's Public API. If you want to add custom functionality to your NAF app, this allows you to easily onboard a third-party developer by giving them access to Narmi’s API endpoints. The token can be used until it expires or is manually revoked/deleted. Each token is tied to its parent NAF app—if the NAF app is deleted, all of its tokens are also deleted. Once the NAF app is opened by a user in Digital Banking (from Tools or Services), a token is automatically created, but you can also manually create a new token. The access token is used with a client secret for access to the Public API. 

When you create a NAF app, you get a client ID and client secret. The client ID and client secret enable us to encrypt user information as third-party services interact with the Public API. The client ID is an auto-generated identifier for your NAF app. It is not treated as sensitive and often visible in URLs or static configuration. The client secret is an auto-generated, cryptographically secure character string. It is treated as sensitive and only used for secure server-to-server communication. When a user opens a NAF app in Digital Banking, their information is encrypted using the client secret and sent with them as they are redirected to the third-party service. 

If you have appropriate permissions, you can select Manage Tokens next to any of the NAF apps in the list. On the page that appears, there is a list of the NAF app’s tokens with options to add or revoke tokens.

Create a New Token

To create a new token, select Manage Tokens next to your NAF app, then select Add new token.

Revoke/Delete Tokens

You can revoke access by deleting a token. To do this, select Manage Tokens next to your NAF app, then select Revoke next to the token.

Once the token has expired, the "Revoke" button changes to "Delete" in the tokens list.