SDK integration

This guide is for tenant engineers embedding Narrative SDK UI into an existing web application.

Prerequisites

You need:

a Connected App provisioned in Narrative SDK
a backend endpoint in your tenant app that mints Embed Tokens

Required values

Value	Suggested env var	Where it lives	Notes
NSDK host base URL	`NSDK_BASE_URL`	Tenant frontend config	Example: `https://sdk.narrativebanking.com`
Connected App client id	`NSDK_CONNECTED_APP_CLIENT_ID`	Tenant backend config	Used as JWT `iss`
Connected App secret key	`NSDK_CONNECTED_APP_SECRET_KEY`	Tenant backend only	HS256 signing key, never expose to frontend

Never mint Embed Tokens in frontend code. Keep the signing secret in your backend secret manager only.

Load the SDK script

<script>
  (function (w, d, s, u, n) {
    w[n] = w[n] || function () { (w[n].q = w[n].q || []).push(arguments) }
    var js = d.createElement(s); js.async = true; js.src = u
    d.head.appendChild(js)
  })(window, document, 'script', '<NSDK_BASE_URL>/nsdk-loader.js', 'NSDK')
</script>

Render a container

<div id="nsdk-container" data-nsdk="true" data-nsdk-widget="insights"></div>

Provide the Embed Token

Browser

const { embed_token } = await fetch('/your-embed-token-endpoint').then((r) => r.json())
document.getElementById('nsdk-container')?.setAttribute('data-nsdk-token', embed_token)

Embed Token requirements

Standard: RFC 7519
Algorithm: HS256
Audience: nsdk-embed
Recommended expiry: 5-15 minutes

Required claims:

Claim	Type	Requirement
`iss`	string	Connected App client id
`sub`	string	Tenant user identifier
`aud`	string	Must be `nsdk-embed`
`iat`	number	Unix timestamp (seconds)
`exp`	number	Unix timestamp (seconds)
`jti`	string	Unique token id

Required nsdk fields:

nsdk.user.name
nsdk.user.email

Token minting endpoint example

import jwt from 'jsonwebtoken'
import crypto from 'crypto'

const CLIENT_ID = process.env.NSDK_CONNECTED_APP_CLIENT_ID
const SECRET_KEY = process.env.NSDK_CONNECTED_APP_SECRET_KEY

app.get('/your-embed-token-endpoint', (req, res) => {
  const user = req.user
  const now = Math.floor(Date.now() / 1000)

  const payload = {
    iss: CLIENT_ID,
    sub: user.id,
    aud: 'nsdk-embed',
    iat: now,
    exp: now + 900,
    jti: crypto.randomUUID(),
    nsdk: {
      user: { name: user.name, email: user.email },
      metadata: { source: 'tenant_app' }
    }
  }

  const embed_token = jwt.sign(payload, SECRET_KEY, { algorithm: 'HS256' })
  res.json({ embed_token, expires_in: 900, token_type: 'embed' })
})

Common errors and troubleshooting

CORS blocks token endpoint

Use same-origin route, proxy, or explicit CORS with credentials configuration.

Invalid signature

Ensure token is signed with the Connected App secret matching iss.

Invalid audience

Set aud exactly to nsdk-embed.

Clock skew or wrong time unit

Use Unix seconds (not milliseconds) and keep server time synchronized.

Getting Started

Product Surfaces

API Explorer

API Reference

Architecture & Security

Releases

SDK integration

SDK integration

Prerequisites

Required values

Embed Token requirements

Token minting endpoint example

Common errors and troubleshooting

Getting Started

Product Surfaces

API Explorer

API Reference

Architecture & Security

Releases

​SDK integration

​Prerequisites

​Required values

​Embed Token requirements

​Token minting endpoint example

​Common errors and troubleshooting

SDK integration

Prerequisites

Required values

Embed Token requirements

Token minting endpoint example

Common errors and troubleshooting