All our API endpoints are protected and require authentication. if you already added registered your application, you should be able to see it here Monta Portal
Access Token
To obtain your access token - needed for all subsequent requests - you have to call our /auth/token endpoint and provide your clientId and clientSecret.
If your request was successful, you'll receive a response like this:
{
"applicationId": 1,
"userId": 1,
"accessToken": "dba896fe-8f14-46bd-89ac-4270091e9db1",
"accessTokenExpirationDate": "2023-05-10T17:35:31.703819Z",
"refreshToken": "8f449e8c-864e-4bbc-a328-aa3ad876351b",
"refreshTokenExpirationDate": "2023-06-09T16:35:31.703832Z"
}
For subsequent requests, you have to use the accessToken for authentication. Pass it to the Authorization header as Bearer token:
Example: Authorization: Bearer 4596d494-5f6c-4f87-aed5-db68240a58dd
Make use of Refresh Token flow!
As you can see the
accessTokenwill expire within 1 hour. To protect yourclientIdandclientSecretyou should make use of therefreshTokenand Refresh Token flow to obtain a new one.
Refresh Token flow
To refresh your access token you have to call our /auth/refresh endpoint and provide your refreshToken.
If your request was successful, you'll receive a new set of access and refresh tokens:
{
"applicationId": 1,
"userId": 1,
"accessToken": "495f55a3-f66c-4d30-be0a-3286724b5854",
"accessTokenExpirationDate": "2023-05-10T17:36:19.557794Z",
"refreshToken": "1fbca567-9d67-4a02-a59e-17ade68a8f7e",
"refreshTokenExpirationDate": "2023-06-09T16:36:19.557808Z"
}
Information about current application
You can use the /auth/me endpoint to receive information about the scope etc for the given application. A sample response looks like this:
{
"id": 1,
"userId": 1,
"name": "Public Api Demo",
"clientId": "2cae3a14-3dfd-414b-8965-7814370ec324",
"clientSecret": null,
"scopes": [
"all"
],
"createdAt": "2023-05-04T14:29:06Z",
"updatedAt": "2023-05-04T14:29:06Z"
}
This credential has access to all resources from the User with id 1.