Exchanging Authorisation code giving everything except refresh token!

Hey guys! So I am currently building a script to sync my Amex transactions with my Monzo ones (after every purchase, the money will be moved into a pot!).
However, I can’t get the Monzo API to give me back a refresh_token! Here is the response I get:


and nothing else! :cry:

Here is my request:

    payload = {
        "grant_type": "authorization_code",
        "client_id": client_id,
        "client_secret": client_secret,
        "redirect_uri": "",
        "code": auth_token,

    response = requests.request("POST", url, data=payload)
    if not response.ok:
        return False

    access_token = response.json()["access_token"]
    refresh_token = response.json()["refresh_token"] #FAILS!
    Data.create(key="monzo_access_token", value=access_token)
    Data.create(key="monzo_refresh_token", value=refresh_token)
    return True

I don’t get why this is happening!


When you created the client in the Monzo developer interface what options did you select? The chances are for confidentiality you chose “Not Confidential”. The API only gives a refresh token if the “Confidential” option is chosen


This is mentioned in the API documentation but to be honest I think I have made the same mistake a few times.

Client confidentiality

Clients are designated either confidential or non-confidential.

Confidential clients keep their client secret hidden. For example, a server-side app that never exposes its secret to users.

Non-confidential clients cannot keep their client secret hidden. For example, client-side apps that store their client secret on the user’s device, where it could be intercepted.

Non-confidential clients are not issued refresh tokens.
1 Like

This is super super cool and I am going to set it up :pray:

Monzo is hiring if you wanted to apply too:

again, thanks so much for this!!

1 Like

No problem! By any chance, were you intending to reply to my Amex-Monzo Script?
I appreciate the feedback! :smile:

1 Like