User Tokens

Argyle utilizes user tokens to identify and authenticate users.


Every embedded Link initialization requires a new user token. For security, user tokens expire in 1 hour.

Benefits of user tokens#

  • Account reconnections without the need to re-enter login credentials
  • Ability to leave and return to Link from any device
  • Preventing duplicates for the same end user

Creating a user token#

To prevent your API key and secret from being exposed on the front-end, request user tokens on your server side.

As a best practice, we recommend creating a new user token every time Link is initialized. Please note the length of user tokens and their decoded values are subject to change.

New users#

  1. Create a new user by sending a POST request to the API's /users endpoint.
  2. The response payload will include an id and user_token.
  3. Save the id for quickly creating user tokens for returning users in the future.
  4. Initialize Link by passing the user_token as the value for the userToken parameter.

Returning users#

  1. Send a POST request to the API's /user-tokens endpoint and include the id of the user in the request body as a JSON object in the format {"user": "<id>"}.
  2. A user_token will be included in the response payload.
  3. Initialize Link by passing the user_token as the value for the userToken parameter.
1<!DOCTYPE html>
2<html>
3
4<head>
5    <meta charset="utf-8" />
6    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
7</head>
8
9<body>
10    <script src="https://plugin.argyle.com/argyle.web.v5.js"></script>
11    <script type="text/javascript">
12        const linkInstance = Argyle.create({
13            userToken: 'USER_TOKEN',
14            sandbox: true // Set to false for production environment.
15        })
16        linkInstance.open()
17    </script>
18</body>
19
20</html>

Returning to connected accounts#

When just a userToken is included in your Link initialization, a returning user that has already connected a payroll account will initially arrive at Link's home screen. From there, the user can search for and connect additional accounts, or access their already-connected accounts by selecting "Your connections."

Including both the required userToken and optional accountId Link initialization parameters will instead directly connect the user to the already-connected payroll account that matches the accountId. This lets the user skip the step of selecting "Your connections" and can streamline guiding the user to take additional actions such as:

Decoded tokens#

Argyle utilizes JWT tokens for user tokens.

For troubleshooting, JWT tokens can be decoded. However, we do not recommend monitoring individual token fields such as expiry date, and instead recommend creating a new user token every time Link is to be initialized as a best practice.

1
2{
3    "client_id": "0d9b5bf3-97fa-4757-a136-b2a03d171414",
4    "exp": 1652481485,
5    "iat": 1649889485,
6    "iss": "argyle-core-auth-prod",
7    "jti": "00097a26-2f2a-4aa0-8eca-95ebe56d57a8",
8    "sub": "017f8978-bbfd-ff64-18ce-d59f99bf51c2",
9    "user_id": "017f8978-bbfd-ff64-18ce-d59f99bf51c2"
10}
Updating Argyle status...
┬ę 2024 Argyle Systems Inc.argyle.com