I’d like to provide feedback and open a discussion about the developer API platform, prompted by a significant and unresolvable issue I’ve encountered while trying to get started. I’ve long admired Monzo’s technology-first approach, and I believe this feedback is important for the health and future of its developer ecosystem.
My experience trying to perform a basic OAuth handshake has been completely blocked by a persistent 403 error from CloudFront. I’ve documented the extensive troubleshooting in a separate technical thread here: https://community.monzo.com/t/oauth-client-creation/185144.
The key takeaway is that every possible client-side error has been eliminated. The issue is confirmed to be a server-side block from Monzo’s own infrastructure, preventing any legitimate, correctly-configured application from authenticating.
This situation brings up a broader concern for the developer community that goes beyond a single technical bug. For an API platform to be viable, developers need confidence that if they do everything correctly, the platform will work. More importantly, they need to know that if the platform itself breaks, there is a support process capable of fixing it.
When a developer’s application is blocked by a firewall that only the service provider controls, and there appears to be no clear path to get it investigated, the API becomes an unreliable foundation. It puts developers in an impossible position, asking them to invest their time and effort into a system that could be rendered unusable without warning or recourse.
This leads to a fundamental question for the community and for Monzo: if the support structure isn’t equipped to handle infrastructure-level issues that only Monzo can fix, should the API be positioned as a reliable resource for developers to build upon?
Clarity on the official escalation path for these kinds of platform-level problems would be incredibly valuable. Transparency on how such issues are resolved would go a long way in building confidence for all developers looking to innovate with Monzo’s tools.
I can’t speak for Monzo, or on behalf of the Monzo Community members, only myself - but given the growth and positioning of Monzo, I’d expect the ‘sideline’ features (such as the API) will disappear.
Monzo Labs? - almost gone. Monzo app structure? - totally changed internally in the last few years.
Monzo has changed from a pioneering digital bank with transparent access to help growth, into a UK banking powerhouse which absolutely needs pinpoint protection for users.
Gone are the 10-year-old days of the ‘what-have-I-spent-today?’ custom widgets, driven off external spreadsheets and external coding services such as platforms (IFTTT) or custom (Heroku). Modern-day security and robustness requirements have trampled over all of those. Thankfully.
I can appreciate that maintaining consumer-level APIs is an overhead, though I’d argue it’s probably not an huge one. These APIs were always gated to basically one user anyways, and never allowed moving money or anything that could have a large impact. Really it was just a nice way to be able to automate the export, and get at the full transaction data (a lot more than you get via exports in the app, or via the export to Google Sheets). I ran into the issue above a couple of months ago, and then found the sad trail of messages here in the community with no answers. It seems impossible at the moment to auth a new app. Monzo should probably make a clear call in either direction - shut the API down if it won’t be repaired, or repair it. If they do shut it down though, it would be very nice if the app could provide the json transaction exports instead, so that access to that info would be available still/again. If they do that they can shutter the API and not have to maintain it (which they may want), and again it doesn’t feel like an excessive amount of work to pull the transaction log for a month and let the user download that - all the pieces are already in place.