Source tokens

Every source in NZ Leads is connected through the platform’s own sign-in (OAuth) — Yelp, Thumbtack, Facebook, Instagram, or Google. Your password is never shared with NZ Leads. Instead, the platform issues an access token that NZ Leads uses to read inquiries and reply on your behalf.

The Source Tokens page is where those tokens live.

Getting here

In NZ Leads, open Source Tokens from the Auto Responder section of the sidebar.

What the Source Tokens page shows

The page lists every token you’ve authorized, one card per token. A single token can power one source or many — for example, a single Yelp sign-in can unlock multiple Yelp locations under the same account.

Each card shows:

Platform icon and account name — which platform the token is for and the name on the account.
Expiry date and countdown — the exact date/time the token expires and a relative (“in 14 days” / “2 days ago”) label. If the token is near expiry or already expired, a red Token expires soon! or Token expired! warning appears.
Parent business — which NZ Leads business this token belongs to.
Sources — the list of sources (locations, pages, or profiles) covered by this token. Each row includes the source name, address where applicable, and the business it belongs to, with an Edit button to open that source directly.

If you have many tokens, a Search box appears at the top so you can filter by name.

What you can do from a token card

At the bottom of each card:

Refresh Token — appears when the token is near expiry or already expired. Re-runs the OAuth sign-in to issue a fresh token without losing any of the sources or history.
Update List — refetches the list of sources (locations / pages / profiles) available under this token. Use this after you’ve added a new location on the platform itself so it shows up in NZ Leads.
Edit — edit the metadata on the token (for example, the friendly name).

How the OAuth connection works

ℹ️

Your password stays with the platform. NZ Leads only receives the access token the platform issues after you approve the connection — there is no way for us to see or use your password.

When you add a source, you’re redirected to the platform’s sign-in screen:

You sign in on the platform with your normal credentials.
The platform shows a consent screen describing what NZ Leads is asking to access (for example, read and reply to business messages).
You approve, and the platform redirects you back to NZ Leads with an access token.
NZ Leads uses that token to receive new inquiries and send replies.

The same flow is used for every platform, with each platform’s own branding on the consent screen.

Reconnecting a source

Tokens occasionally need to be refreshed — for example, when a platform requires you to re-authorize after a password change, when the person who originally connected the source changes their access, or when the platform expires the token on its own schedule.

When that happens, the source card on the Sources page shows a Reconnect prompt and the token card on the Source Tokens page shows a red expiry warning and a Refresh Token button.

How to reconnect

Open Source Tokens (or the Sources page — either works).
Find the token or source showing the expiry warning / Reconnect prompt.
Click Refresh Token (or Reconnect on the source card) and sign in on the platform again.
Approve the same consent screen you saw when you first connected.
The sources powered by that token return to Active and resume receiving inquiries.

Conversation history and memos are preserved through a reconnect — nothing is lost.

Revoking access

You can disconnect at any time, in two ways:

From NZ Leads — open the source card on the Sources page and remove or disable the source. This stops NZ Leads from using the access token for that source.
From the source platform — every platform has a “connected apps” or “authorized apps” page in its account settings where you can revoke access to NZ Leads directly. This stops NZ Leads from using the token immediately, even if you don’t touch anything inside NZ Leads.

Either method works — use whichever is more convenient.

Common situations

The person who connected the source left the company

Click Refresh Token on the Source Tokens page and sign in with a current team member’s account on the platform. The sources stay in place with all their history; only the authorizing identity changes.

The source was disconnected on the platform side

If someone revoked NZ Leads from the platform’s connected-apps page, the token will show expired/expiring in Source Tokens. Click Refresh Token and re-authorize.

A permission changed on the platform

If the platform adds a new permission (or you changed what you approved), use Refresh Token to re-run the consent screen with the latest permissions.

A new location was added on the platform

Open the token on the Source Tokens page and click Update List to pull in the newly available sources.

Questions? Email support@nzleads.com.