All our API endpoints are protected and require authentication. If you have access to Monta Partner API you can find your credentials in the )Monta Hub .

You might have multiple credentials with different scopes in case you requested them.

Access Token

To obtain your access token - needed for all subsequent requests - you have to call our /auth/token endpoint and provide your clientId and clientSecret.

▶️ Request

curl --request POST \
     --url https://partner-api.monta.com/api/v1/auth/token \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "clientId": "41e0d148-0733-40ef-80c1-b24d3ae729d1",
  "clientSecret": "7a04d125-798c-4d7a-ae96-87e79456424d"
}'

If your request was successful, you'll receive a response like this:

{
  "accessToken": "4596d494-5f6c-4f87-aed5-db68240a58dd",
  "refreshToken": "bbf8c0ed-dbb0-434f-8512-ab24eb64c46a",
  "accessTokenExpirationDate": "2023-02-16T07:53:02.059724728Z",
  "refreshTokenExpirationDate": "2023-02-17T06:53:02.059733860Z"
}

For subsequent requests you have to use the accessToken for authentication. Pass it to the Authorization header as Bearer token:

Authorization: Bearer 4596d494-5f6c-4f87-aed5-db68240a58dd

💡
Make use of Refresh Token flow!
As you can see the accessToken will expire within 1 hour. To protect your clientId and clientSecret you should make use of the refreshToken and Refresh Token flow to obtain a new one.

Refresh Token flow

To refresh your access token you have to call our /auth/refresh endpoint and provide your refreshToken.

If your request was successful, you'll receive a new set of access and refresh tokens:

▶️ Request

curl --request POST \
     --url https://partner-api.monta.com/api/v1/auth/refresh \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "refreshToken": "4596d494-5f6c-4f87-aed5-db68240a58dd"
}'

If your request was successful, you'll receive a response like this:

{
  "accessToken": "fbf6d41f-f8cf-491f-bc52-481dd6829ef2",
  "refreshToken": "b596a1fb-9c9f-4cca-8bd0-409b7f21c597",
  "accessTokenExpirationDate": "2023-02-16T07:56:02.059724728Z",
  "refreshTokenExpirationDate": "2023-02-17T06:56:02.059733860Z"
}

🔐
Access Control
Your credentials (consumer) can be configured to allow access to specific entities or teams. Read more about it here:

Scopes

Access Control