Get started

Learn the basic steps to set up your Partner account and authenticate API calls.


After you have learned about different levels of the Monite account structure, you can create your partner account with Monite and get your API credentials.

The API credentials allow you to generate the access tokens required to run the API calls. Follow these steps to generate your partner access token:

  1. Register a partner account.
  2. Create a project.
  3. Get API credentials.
  4. Get a partner access token.

1. Register a partner account

The first thing you need to do is to register your partner account on the Monite Partner Portal.

After signing up, you must confirm your email address by clicking the link in the registration email.

2. Create a project

A project represents the product that a Monite API Partner is developing for their clients.

To create a project:

  1. From the Partner Portal's sidebar, select Projects.
  2. Click New Project.
  3. Specify the project name and click Create project.

The created project appears in the project list.

3. Get API credentials

After creating a project, you can generate the API credentials required to access the Monite API:

  1. In the Partner Portal, click API Credentials next to your project.

  2. On the page that opens, click Add credential.

  3. Copy the generated ID and Secret as you won't be able to see them again.

Keep your ID and secret secure, because they provide access to all your data and your customers' data stored in Monite.

:information-source: Tip

You can create multiple sets of API credentials for use in different contexts. For example, one set for a client app and another one for a CI/CD environment.

4. Get a partner access token

The API ID and secret need to be exchanged for an access token which is then used to authenticate the API calls. To do this, call POST /auth/token with the following request body:

  "grant_type": "client_credentials",
  "client_id": "YOUR_PARTNER_ID",
  "client_secret": "YOUR_PARTNER_SECRET"

For example:

curl -X POST '' \
     -H 'Content-Type: application/json' \
     -d '{
        "grant_type": "client_credentials",
        "client_id": "28c10852-7e78-43cf-abfb-efeed1834963",
        "client_secret": "615b3cfa-646b-41d9-b768-521f09315ac5"

The successful response contains the token and its validity time (in seconds):

  "access_token": "eyJ0eXAiOiJKV1QiLCJhb...",
  "token_type": "Bearer",
  "expires_in": 1800

Send this token in the Authorization header in subsequent API calls:

Authorization: Bearer YOUR_TOKEN

(Optional) Get an access token for an entity user

To authenticate operations on behalf of a specific entity user, you can issue an access token for that user. To do this, call POST /auth/token with grant_type set to "entity_user" and an additional entity_user_id field:

curl -X POST '' \
     -H 'Content-Type: application/json' \
     -d '{
        "grant_type": "entity_user",
        "client_id": "28c10852-7e78-43cf-abfb-efeed1834963",
        "client_secret": "615b3cfa-646b-41d9-b768-521f09315ac5"
        "entity_user_id": "e7525084fd94153226fb781"

A successful 200 OK response contains the entity user-level access token and its validity time (in seconds):

  "access_token": "eyJz93a...k4laUWw",
  "token_type": "Bearer",
  "expires_in": 86400

:information-source:  The entity user token has access to the resources within their entity, as defined and limited by the roles and permissions assigned to this entity user.

Required request headers

Most API calls require these two headers:

Authorization: Bearer ACCESS_TOKEN
X-Monite-Entity-Id: ENTITY_ID

The Authorization header specifies an access token for accessing a resource. It can be a partner token or an entity user token.

The X-Monite-Entity-Id header specifies the ID of the entity whose resources are being accessed. This header is required when creating, updating, and deleting resources within an entity. For example, you need to provide the entity ID in order to create entity users or import payables.

Next steps