The MONA API uses the X-Mona-Application-Id header to identify your application and authenticate requests.
Application ID Header
If you haven't created your application on the MONA Studio site yet, follow the Getting Started with MONA Guide to do that now.
Pass your Application ID in the X-Mona-Application-Idheader for all requests to authenticate your application.
User Authentication
MONA uses One-Time Passwords to authenticate users.
Generate One-Time Password
To authenticate a user, generate an OTP with the Otp Generate API call. This will send the user an email with their OTP if they're an existing user, otherwise it will send the user a link to create their account.
Verify One-Time Password
Use the Verify Otp endpoint to verify the user's One-Time Password. This will return an access token and refresh token that can be used to authenticate future requests.
Access Token
The access token should be sent in the Authorization header for all user requests.
It should be passed as a Bearer token using the following format:
Authorization: Bearer <token>
Refresh Token
When the Access Token expires, the Refresh Token endpoint can be used to refresh the token.