# How do you prevent end users for getting access to a plain text auth token?

My plan is to have an app that communicates directly with Nordigen. But this means end users need access to secret keys, I knoe this is a bad practice and I think in the end I will put Nordigen behind a proxy that authenticates end users.

##### Post Metadata
- Posted at: about 4 years ago
- Author title: Software Engineer at UiPath
- Net upvotes: 1


## Comments
### Comment 1

Hi George, 

It would be more optimal to put Nordigen behind a proxy that authenticates end users (as you write yourself). 

In the more medium term, Nordigen also has user level permissions on our roadmap, that would be another way how such situations could be solved. 

##### Comment Metadata
- Posted at: about 4 years ago
- Author title: Democratising PSD2 Data @ Nordigen | Fintech | Open Banking




## Related Product
[GoCardless Bank Account Data](https://www.g2.com/products/gocardless-bank-account-data/reviews)

## Related Category
[Financial Data APIs](https://www.g2.com/categories/financial-data-apis)

## Related discussions
- [How well does Trello scale into a larger team?](https://www.g2.com/discussions/1-how-well-does-trello-scale-into-a-larger-team)
  - Posted at: about 13 years ago
  - Comments: 6
- [Can we please add a new section](https://www.g2.com/discussions/2-can-we-please-add-a-new-section)
  - Posted at: about 13 years ago
  - Comments: 0
- [Quantifiable benefits from implementing your CRM](https://www.g2.com/discussions/quantifiable-benefits-from-implementing-your-crm)
  - Posted at: almost 13 years ago
  - Comments: 4