I need to use a storage service from my backend using the Monday Apps SDK:
import { Storage } from ‘@mondaycom/apps-sdk’;
const storage = new Storage(‘<ACCESS_TOKEN>’);
According to the documentation, the ACCESS_TOKEN must be obtained via the OAuth flow:
- The access token represents the user/account the app works for.
- The
sessionTokenpassed from the frontend will not work. - Access tokens do not expire and remain valid until the user uninstalls the app.
- Monday’s OAuth flow does not support refresh tokens.
Given this, I have a few questions:
- Whenever my backend needs to access storage, do I need to provide an access token every time?
- Does that mean I need to run the OAuth flow repeatedly?
- Or is the recommended approach to generate the access token once during OAuth and store it securely on the backend?
- If Monday already stores the access token securely after OAuth:
- How can my backend retrieve and use that stored token?
- If I need to store the token myself:
- What is the recommended way to store the access token securely?
- How should the token be revoked or retired when needed (for example, on uninstall or security concerns)?