NomaSignNomaSign
Back to API Overview

Integration Setup Tutorial

Everything you need before you can start sending documents for signature via the API.

Creating a Refresh Token & Webhook Secret

Generate the credentials your application needs. If you haven't created and activated an integration entry yet, complete those actions in Step 2 first.

1. Generate Tokens

Click Generate Tokens. You'll receive:

  • Refresh Token — used to obtain short-lived access tokens
  • Webhook Secret — used to verify webhook HMAC signatures
Generate tokens dialog
⚠️
Copy both values immediately — they're only shown once.

Security Checklist (for production)

  • Refresh token stored in a secrets manager (Azure Key Vault, AWS Secrets Manager, etc.)
  • Webhook secret stored alongside the refresh token
  • Neither value exposed to frontend/client-side code
  • Neither value logged, emailed, or pasted into chat/tickets
The example app accepts secrets via the UI for demo purposes only. In production, read them from a secrets manager at startup.