1. Request OAuth Credentials
Email support@monid.ai to obtain:- Client ID
- Client Secret
- Whitelisted redirect URIs (only required if you host your own callback)
2. OAuth Configuration
Monid follows standard OAuth 2.0 / OpenID Connect. Point your OAuth client library at the discovery document above and it will auto-configure the authorization, token, userinfo, and introspection endpoints.
Scopes
Request any subset of the following:3. Authorization Flow
Monid uses the standard OAuth 2.0 authorization code flow (with PKCE recommended for public clients). Any OIDC-compliant client library will work — see oauth.net or your library’s docs for reference. The flow at a glance:1
Redirect the user to /oauth/authorize
Include
client_id, redirect_uri, scope, resource=https://api.monid.ai, and a state value.2
Exchange the returned code at /oauth/token
You’ll get back an
access_token and (if offline_access was requested) a refresh_token.3
Use the access token
Send
Authorization: Bearer <access_token> on every Monid API call.For the exact request/response shape of each endpoint, use the OIDC discovery document — it’s the canonical source and always up to date.
4. Select a Workspace
A Monid user can belong to multiple workspaces. Every request to the Monid API must include anx-workspace-id header so Monid knows which workspace to operate against.
List the workspaces the user has access to — see GET /v1/auth/workspaces:
5. Call the API
Once you have an access token and a workspace ID, use the standard Monid API. See the API Reference for all available endpoints.Access tokens from OAuth act like scoped API keys. Never expose them to end‑user browsers or mobile clients — keep them on your server.