User Tokens
Argyle utilizes user tokens to identify and authenticate users.
Every embedded Link initialization requires a new user token. For security, user tokens expire in 1 hour.
Benefits of user tokens#
- Account reconnections without the need to re-enter login credentials
- Ability to leave and return to Link from any device
- Preventing duplicates for the same end user
Creating a user token#
To prevent your API key and secret from being exposed on the front-end, request user tokens on your server side.
As a best practice, we recommend creating a new user token every time Link is initialized. Please note the length of user tokens and their decoded values are subject to change.
New users#
- Create a new user by sending a POST request to the API's
/usersendpoint. - The response payload will include an
idanduser_token. - Save the
idfor quickly creating user tokens for returning users in the future. - Initialize Link by passing the
user_tokenas the value for theuserTokenparameter.
Returning users#
- Send a POST request to the API's
/user-tokensendpoint and include theidof the user in the request body as a JSON object in the format{"user": "<id>"}. - A
user_tokenwill be included in the response payload. - Initialize Link by passing the
user_tokenas the value for theuserTokenparameter.
Example Link initializations#
1<!DOCTYPE html>
2<html>
3
4<head>
5 <meta charset="utf-8" />
6 <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
7</head>
8
9<body>
10 <script src="https://plugin.argyle.com/argyle.web.v5.js"></script>
11 <script type="text/javascript">
12 const linkInstance = Argyle.create({
13 userToken: 'USER_TOKEN',
14 sandbox: true // Set to false for production environment.
15 })
16 linkInstance.open()
17 </script>
18</body>
19
20</html>
Returning to connected accounts#
When just a userToken is included in your Link initialization, a returning user that has already connected a payroll account will initially arrive at Link's home screen. From there, the user can search for and connect additional accounts, or access their already-connected accounts by selecting "Your connections."
Including both the required userToken and optional accountId Link initialization parameters will instead directly connect the user to the already-connected payroll account that matches the accountId. This lets the user skip the step of selecting "Your connections" and can streamline guiding the user to take additional actions such as:
- Reconnecting a disconnected account
- Completing a deposit switch (if a
ddsConfigwas also included in your Link initialization) - Revoking account access
Decoded tokens#
Argyle utilizes JWT tokens for user tokens.
For troubleshooting, JWT tokens can be decoded. However, we do not recommend monitoring individual token fields such as expiry date, and instead recommend creating a new user token every time Link is to be initialized as a best practice.
1
2{
3 "client_id": "0d9b5bf3-97fa-4757-a136-b2a03d171414",
4 "exp": 1652481485,
5 "iat": 1649889485,
6 "iss": "argyle-core-auth-prod",
7 "jti": "00097a26-2f2a-4aa0-8eca-95ebe56d57a8",
8 "sub": "017f8978-bbfd-ff64-18ce-d59f99bf51c2",
9 "user_id": "017f8978-bbfd-ff64-18ce-d59f99bf51c2"
10}