"authenticated" : false with Monzo API

So I’m trying to play around with the API using Terminal on macOS, with httpie installed, and I’m following through the Developer docs to see if I can get it to work, but whenever I try to authenticate, I get:

"authenticated" : false


The process I’m going through is typing this into my web browser, replacing $client_id with the one from the client I have created, and the $redirect_uri to a localhost address


This takes me to the page to enter my email, and I get the email through, click the link, and it opens a page in my browser, per the docs:$authorization_code&state=$state_token

I then go to Terminal and enter:

http --form POST "https://api.monzo.com/oauth2/token" \
    "grant_type=authorization_code" \
    "client_id=$client_id" \
    "client_secret=$client_secret" \
    "redirect_uri=$redirect_uri" \

Where I’ve replaced the $client_id, $client_secret, $redirect_uri with the ones I set in my client at developers.monzo.com, and $authorization_code as the string from the address:$authorization_code&state=$state_token

However, when I then type:

http "https://api.monzo.com/ping/whoami" \
    "Authorization: Bearer $access_token"

into Terminal I get the response:

HTTP/1.1 200 OK
CF-RAY: somenumbersandletters-LHR
Connection: keep-alive
Content-Length: 24
Content-Type: application/json
Date: Thu, 31 Jan 2019 23:48:40 GMT
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Set-Cookie: __cfduid=somenumbersandletters; expires=Fri, 31-Jan-20 23:48:40 GMT; path=/; domain=.monzo.com; HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Trace-Id: somenumbersandletters
X-Content-Type-Options: nosniff

    "authenticated": false

I’ve created both Confidential and Non-Confidential clients and neither seem to work… I don’t code professionally or anything, but enjoy having a go, so I may be missing something obvious, but if it could be explained where I’m going wrong that would be great! :smiley:

1 Like

Solved it - turned out I was forgetting to replace $access_token with the actual value :man_facepalming:

1 Like