Trouble Integrating Custom Monday App: Authentication Failure

I’ve been working on developing a custom Monday app to integrate with my workflow, but I’m encountering authentication issues and could use some assistance. Here’s the situation:

I’ve followed the documentation provided by Monday. com and successfully set up the basic structure of my custom app. However, when it comes to authenticating the app with Monday’s API, I’m facing difficulties.

I’ve generated the necessary API tokens and followed the authentication process outlined in the documentation, including setting up OAuth 2.0 authentication for my app. However, whenever I try to authenticate the app using the provided OAuth flow, I receive an authentication failure message.

The error message I’m getting typically includes details such as:
{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}

I’ve double-checked the client ID, client secret, redirect URI, and other parameters required for authentication, and everything seems to be correctly configured.

I’ve also tried revoking and re-generating the API tokens, recreating the OAuth integration, and even tried different environments (sandbox vs. production), but the authentication issue persists.

I’m seeking advice on troubleshooting this authentication failure and successfully authenticating my custom app with Monday .com’s API. Additionally, if there are any common pitfalls or best practices I should be aware of when integrating custom apps with Monday. com, I’d greatly appreciate any insights or guidance.

Any help or suggestions on resolving this authentication issue would be immensely helpful. Thank you!

Does your code fail during the OAuth dance or afterwards? At what point are you getting the message?

Is this message coming from monday, or as part of the library you are using to take care of OAuth? Which library if any are you using?

Also, if you are adding “Bearer “ to the start of the authorization header, don’t. Just add the access token only.

Slightly off topic :slight_smile:. Why do you use OAuth in the first place. When the app needs access to monday you could use the sessionToken or shortLivedTokens. Both of these methods do not require OAuth.

1 Like