Monta.comAPI ReferenceChangelog

Authentication

All our API endpoints are protected and require authentication. if you already added registered your application, you should be able to see it here Monta Portal

❗️

Note: Requires you to be signed into our "old" CPMS: https://app.monta.app/portal.

Access Token

To obtain your access token - needed for all subsequent requests - you have to call our /auth/token endpoint and provide your clientId and clientSecret.

If your request was successful, you'll receive a response like this:

{
    "applicationId": 1,
    "userId": 1,
    "accessToken": "dba896fe-8f14-46bd-89ac-4270091e9db1",
    "accessTokenExpirationDate": "2023-05-10T17:35:31.703819Z",
    "refreshToken": "8f449e8c-864e-4bbc-a328-aa3ad876351b",
    "refreshTokenExpirationDate": "2023-06-09T16:35:31.703832Z"
}

For subsequent requests, you have to use the accessToken for authentication. Pass it to the Authorization header as Bearer token:

Example: Authorization: Bearer 4596d494-5f6c-4f87-aed5-db68240a58dd

💡

Make use of Refresh Token flow!

As you can see the accessToken will expire within 1 hour. To protect your clientId and clientSecret you should make use of the refreshToken and Refresh Token flow to obtain a new one.

Refresh Token flow

To refresh your access token you have to call our /auth/refresh endpoint and provide your refreshToken.

If your request was successful, you'll receive a new set of access and refresh tokens:

{
    "applicationId": 1,
    "userId": 1,
    "accessToken": "495f55a3-f66c-4d30-be0a-3286724b5854",
    "accessTokenExpirationDate": "2023-05-10T17:36:19.557794Z",
    "refreshToken": "1fbca567-9d67-4a02-a59e-17ade68a8f7e",
    "refreshTokenExpirationDate": "2023-06-09T16:36:19.557808Z"
}

Information about current application

You can use the /auth/me endpoint to receive information about the scope etc for the given application. A sample response looks like this:

{
    "id": 1,
    "userId": 1,
    "name": "Public Api Demo",
    "clientId": "2cae3a14-3dfd-414b-8965-7814370ec324",
    "clientSecret": null,
    "scopes": [
        "all"
    ],
    "createdAt": "2023-05-04T14:29:06Z",
    "updatedAt": "2023-05-04T14:29:06Z"
}

This credential has access to all resources from the User with id 1.