Authentication

All our API endpoints are protected and require authentication. If you have access to Monta Partner API you can find your credentials in the Monta Portal.

You might have multiple credentials with different scopes in case you requested them.

Access Token

To obtain your access token - needed for all subsequent requests - you have to call our /auth/token endpoint and provide your clientId and clientSecret.

If your request was successful, you'll receive a response like this:

{
  "accessToken": "4596d494-5f6c-4f87-aed5-db68240a58dd",
  "refreshToken": "bbf8c0ed-dbb0-434f-8512-ab24eb64c46a",
  "accessTokenExpirationDate": "2023-02-16T07:53:02.059724728Z",
  "refreshTokenExpirationDate": "2023-02-17T06:53:02.059733860Z"
}

For subsequent requests you have to use the accessToken for authentication. Pass it to the Authorization header as Bearer token:

Authorization: Bearer 4596d494-5f6c-4f87-aed5-db68240a58dd

💡

Make use of Refresh Token flow!

As you can see the accessToken will expire within 1 hour. To protect your clientId and clientSecret you should make use of the refreshToken and Refresh Token flow to obtain a new one.

Refresh Token flow

To refresh your access token you have to call our /auth/refresh endpoint and provide your refreshToken.

If your request was successful, you'll receive a new set of access and refresh tokens:

{
  "accessToken": "fbf6d41f-f8cf-491f-bc52-481dd6829ef2",
  "refreshToken": "b596a1fb-9c9f-4cca-8bd0-409b7f21c597",
  "accessTokenExpirationDate": "2023-02-16T07:56:02.059724728Z",
  "refreshTokenExpirationDate": "2023-02-17T06:56:02.059733860Z"
}

🔐

Access Control

Your credentials (consumer) can be configured to allow access to specific entities or teams. Read more about it here:

• Scopes
• Access Control