How do you prevent end users for getting access to a plain text auth token?

Question

GD

Software Engineer at UiPath

How do you prevent end users for getting access to a plain text auth token?

Asked about 3 years ago

My plan is to have an app that communicates directly with Nordigen. But this means end users need access to secret keys, I knoe this is a bad practice and I think in the end I will put Nordigen behind a proxy that authenticates end users.

Financial Data APIs

Comment

1 comment

1

Looks like you’re not logged in.

Users need to be logged in to answer questions

Log In

Madara S. · Answer 1 · 2022-02-18T05:27:06-06:00

Official Response

GoCardless Bank Account Data

Read reviews

MS

Madara S.

Democratising PSD2 Data @ Nordigen | Fintech | Open Banking

0

Answered about 3 years ago

Hi George, It would be more optimal to put Nordigen behind a proxy that authenticates end users (as you write yourself). In the more medium term, Nordigen also has user level permissions on our roadmap, that would be another way how such situations could be solved.

How do you prevent end users for getting access to a plain text auth token?

About GoCardless Bank Account Data