Register a New NAF App

To embed an application, start by registering a new NAF App:

1. From the Admin Platform, select NAF Apps, then select Register new app.
   
   
2. In the form that appears, enter information to configure your NAF app. Scroll past the image below to read descriptions of each field. Select Cancel at any time to discard the form.
   All of the following fields are required for creating a new NAF app:
   • App name – The name of your app. This displays to users in the Tools menu in Digital Banking from a web browser and on a card under Services on the bottom right side of the dashboard.
     
     
   • Tagline – The tagline of your app; this displays in the mobile app, below the app name. For this to show, you should also have Yes selected for Should there be a call to action in the mobile app to direct users to this app?
   • Description – The description of your app; this displays on the web app, below the app name
     
   • Your company – The group that owns this app; this is not displayed to your users
   • Redirect URL – The URL that the app will use to redirect/authenticate users; the URL must start with https://
   • Select app icon – Select an icon from a menu of icons
     
     
   • Should the app be public and visible to users? Select Yes to make this app public to your users upon saving the form. Select No to keep it hidden. Note: If you choose the Private_api or Private _api:user scopes (explained below), you cannot make your app public.
     
     
   • Should there be a call to action in the mobile app to direct users to this app? Select Yes to have the app displayed on a card at the bottom of the home screen feed on the mobile app. If you select No, the NAF app will still be available in mobile banking by selecting More in the bottom navigation menu.
     
     
   • Should the user be prompted to confirm they are leaving the platform to an external application? Select Yes to prompt the user before leaving the Digital Banking platform or select No to go directly to the app with no prompt.
     
     
   • Select additional scopes for your NAF app – Decide what API access your NAF app will have (the first 4 scopes are selected by default):
     • Read – Read access for any resources that the user can access via the Narmi Public API. Note: This must be selected in addition to "Write" for the NAF app to work.
     • Write – Write access for any resources that the user can access via the Narmi Public API. Note: This must be selected in addition to "Read" for the NAF app to work.
     • Write:preferences – Can update user preferences, like address and estatements enrollment
     • Read:profile – Can read extended information about the user, including name, address, phone, and core user ID
     • Private_api – Can access all endpoints in the Narmi Admin API. Note: If this is selected, you cannot make your NAF app public and must select No for Should the app be public and visible to users? in order to complete registration.
     • Private_api:user – Can only read the users/{userId} endpoint in the Narmi Admin API. Note: If this is selected, you cannot make your NAF app public and must select No for Should the app be public and visible to users? in order to complete registration.
       
       
   • Should the application open in a new tab, or within an iframe in Online Banking? You can choose to have the app open in a new browser tab, or open in an iFrame, which is an inline frame used to nest another HTML page within the current one. This selection also controls whether the request submitted to the application URL will be POST or GET. Select iFrame (POST) or New tab (GET).
     
     
   • Should the application open in the device browser, or within the mobile app in Mobile Banking? Since some behaviors are not possible within the mobile app, complex apps may perform better in the device browser. Select Mobile app or Device browser.
     
     
   • For iframe (POST) only – Should the iframe take up the full width of the viewport? The visual viewport is the size of the inner width and height of the iFrame, rather than the parent page. Select Yes to take up the full width or No to leave space between.
     
     
   • For iframe (POST) only – What domains should be allowed to send messages to the origin? Enter a list of domains you want the parent page to trust. Use the following format: ["https://www.example1.com","https://www.example2.com"]
     
     
   • For Business Banking only (not Consumer Banking) – Restrict business banking sub-users from accessing this app? For business banking, you can prevent users with Collaborator and Viewer permissions from accessing the NAF App. Select Yes to allow only Admins and Account Holders access to the NAF app. Select No to allow users with Collaborator and Viewer permissions to access the NAF app. Reach out to your Narmi Relationship Manager if you need additional information regarding this configuration.
     
     
   • Is this a money movement app that users should access from the Transfers page in Online and Mobile Banking? – Select Yes to make this app accessible from the Transfers page in web and mobile banking. For more information on this feature, go to Third-Party Transfer App.
     
     
3. After completing all fields, select Register app to save the form.
   
   
4. A dialog appears with your client secret, which is used for secure server-to-server communication. Copy and save this secret, as it will only be shown once. Sending secrets across the internet more than once, or to different users, is a security risk. Select Okay to finish registering the NAF app.
   
   If you made your app public, users can view your embedded app by logging in to Digital Banking from a web browser and selecting Tools, or selecting your app under Services on the bottom of the web dashboard.