All our API endpoints are protected and require authentication. if you already added registered your application, you should be able to see it here Monta Portal

Access Token

To obtain your access token - needed for all subsequent requests - you have to call our /auth/token endpoint and provide your clientId and clientSecret.

If your request was successful, you'll receive a response like this:

{
    "applicationId": 1,
    "userId": 1,
    "accessToken": "dba896fe-8f14-46bd-89ac-4270091e9db1",
    "accessTokenExpirationDate": "2023-05-10T17:35:31.703819Z",
    "refreshToken": "8f449e8c-864e-4bbc-a328-aa3ad876351b",
    "refreshTokenExpirationDate": "2023-06-09T16:35:31.703832Z"
}

For subsequent requests, you have to use the accessToken for authentication. Pass it to the Authorization header as Bearer token:

Example: Authorization: Bearer 4596d494-5f6c-4f87-aed5-db68240a58dd

💡
Make use of Refresh Token flow!
As you can see the accessToken will expire within 1 hour. To protect your clientId and clientSecret you should make use of the refreshToken and Refresh Token flow to obtain a new one.

Refresh Token flow

To refresh your access token you have to call our /auth/refresh endpoint and provide your refreshToken.

If your request was successful, you'll receive a new set of access and refresh tokens:

{
    "applicationId": 1,
    "userId": 1,
    "accessToken": "495f55a3-f66c-4d30-be0a-3286724b5854",
    "accessTokenExpirationDate": "2023-05-10T17:36:19.557794Z",
    "refreshToken": "1fbca567-9d67-4a02-a59e-17ade68a8f7e",
    "refreshTokenExpirationDate": "2023-06-09T16:36:19.557808Z"
}

Information about current application

You can use the /auth/me endpoint to receive information about the scope etc for the given application. A sample response looks like this:

{
    "id": 1,
    "userId": 1,
    "name": "Public Api Demo",
    "clientId": "2cae3a14-3dfd-414b-8965-7814370ec324",
    "clientSecret": null,
    "scopes": [
        "all"
    ],
    "createdAt": "2023-05-04T14:29:06Z",
    "updatedAt": "2023-05-04T14:29:06Z"
}

This credential has access to all resources from the User with id 1.