Application ID Header

If you haven't created your application on the MONA Studio site yet, follow the Getting Started with MONA Guide to do that now.

Pass your Application ID in the X-Mona-Application-Idheader for all requests to authenticate your application.

User Authentication

MONA uses One-Time Passwords to authenticate users.

Generate One-Time Password

To authenticate a user, generate an OTP with the Otp Generate API call. This will send the user an email with their OTP if they're an existing user, otherwise it will send the user a link to create their account.

Verify One-Time Password

Use the Verify Otp endpoint to verify the user's One-Time Password. This will return an access token and refresh token that can be used to authenticate future requests.

Access Token

The access token should be sent in the Authorization header for all user requests.

It should be passed as a Bearer token using the following format:

Authorization: Bearer <token>

Refresh Token

When the Access Token expires, the Refresh Token endpoint can be used to refresh the token.