Please can someone put me out of my misery with this.
Is it possible to programmatically an external app authenticate with the Monday API without using a personal API token?
I wanted to build an app that is able to send data over the API, but I dont want to use personal API tokens as that makes the app dependant on an individual user account existing which is a single point of failure.
I tried to go down the route of creating an ‘app’ in within the developer screen in Monday.com, but even that seems to involve a user authenticating in the browser to complete the process, despite using a client secret.
Am I doing something wrong, or is it just not possible?
monday doesn’t support true app only or machine to machine authentication. Every API call must run in a user context, either via a personal API token or an OAuth access token tied to a user who authorized the app. There are no account wide or superuser tokens.
For apps, OAuth is the correct and recommended path. The browser step is required so an admin or user can grant scopes. After install, you store the OAuth token and use it server side. This avoids reliance on a single person’s personal token, but permissions still match the authorizing user.
If you need stability for an internal integration, the usual workaround is a dedicated service user that owns the integration and authorizes the app.
Dr. Tanvi Sachar
Monday Certified Partner, Tuesday Wizard
I’ve since worked out that once you have a bearer token from a one time auth in the browser, you can reuse the bearer token indefinitely, it doesn’t expire. But this bearer token is still tied to a specific user account.
Hello @ben.cox Once you complete OAuth in the browser, the access token does not expire and can be used indefinitely until the app is uninstalled or authorization is revoked. However, that token is always tied to the user who authorized it, and all permissions follow that user.
There is no account-wide or machine-to-machine auth in monday.
Best practice: create a dedicated service user, authorize the app with that user, and store the OAuth token server-side. This avoids dependency on an individual employee while staying within monday’s auth model.
If you want, you will need do a paid working session where we offer a 60-minute Monday strategy session where we review your setup, recommend improvements, and map out next steps.