Authentication

monoova uses basic authentication and bearer authentication, depending on the endpoint basic authentication basic authentication is used on most financial and reporting endpoints, with the exception of payto and cards to authenticate using basic authentication, you will need to generate an api key and pass it as the username in the request no password is required, and this parameter can be left blank when accessing the production system, you have 5 attempts to authenticate if you fail 5 times in a row, your account will be locked, and any further requests will indicate that the account is locked to unlock your account sooner, please contact monoova support bearer tokens bearer tokens are used for authentication when calling the payto and cards endpoints these are short lived tokens that expire after 24 hours the basic authentication used when calling the generate a bearer token docid 1diwgksbes6vrealmz c4 endpoint is slightly different you will need to encode the username and password per the following username your maccount number that can be obtained from portal password your api key that can be obtained from portal after 10 failed authentication attempts your account will be blocked you will receive a 401 forbidden error when you fail authentication once your account is blocked you will receive a 401 too many requests error to unlock your account you need to roll your api key in the monoova portal testing in the browser monoovas documentation platform allows for testing of api requests directly within the browser using the 'try it' feature to access endpoints that require basic authentication you will need to generate a valid encoded header there are several tools available online that provide this service, such as blitter se debugbear these external tools are not supported or maintained by monoova avoid using production credentials in these tools