In Front-end App how to get and store admin access token in the APP

As I have developed an front-end APP, I am not performing OAuth.

Instead I have developed an settings page in the front-end APP where I have provided with the option to enter the access token.

But I received comments from the App review team that should not get the
access token from the front-end.

So, how to get the admin access token and store it in the APP.

Kindly please advise in this above situation.

Thanks in advance!

It is indeed a very bad idea to store tokens in the frontend. You can get the sessionToken easily with:

monday.get("sessionToken").then((res) => (myToken =;

If you really require an admin token you should make a call to a backend where the admin token is stored, but it is still dangerous to store any token.


Thank you @basdebruin!

@Priya let us know if you have any question about this.



I have used the session token in my code. But shows the bellow error.

Please help me to execute the query.

Sample code Screenshot:

Error in console:

I have doubt in using Session token. As an admin user, I can read the updates(like conversation) using the session token.

In another case the App is installed by the admin. If I am having member access, how to execute the api query with the help of session token. Member has some restriction to execute the query.

Please help on this .

Thanks in Advance!

Hello @Priya,

I noted that you sent an image that had a token. I erased the image from your post so that you don’t expose your token in the community.

Could you upload it again but covering the token so it is not visible?

Hi @Matias.Monday,

Please refer to the below error screenshot.

Hello again @Priya I just noticed that you are missing the “try” there.

I just tested this a little bit and it appears to be that if you don’t have a “try” statement, then you will get the catch error message.

Hi @Matias.Monday,

When I tried with the session token in postman. I got the below error.

Hello again,

Did you use the session token as a key?

The session token is a JWT token that is decoded with your app’s secret and can be used as a token between your app’s frontend and backend.

It is not for it to be used directly as a key in a headers in the request.

Was that the case?

Did your script work?

Hi @Matias.Monday,

Thanks for the support!

I removed the set token line from coding and then the App is working fine.


1 Like

Hello @Priya ,

That’s great!

let us know if you have any other questions or issues!