Hi 
Unless I’m missing something, is the only auth method oauth which requires a callback?
I was hoping to make a web-app to move VAT from incoming transaction on my business account to a VAT pot.
Have I missed something where I can just use a token?
Obviously I had my token in the play area - but I assume that’s PURELY a play area token? (As it returns no accounts)
Once you’ve got your access token through the oauth/callback mechanism you can just keep refreshing the token. There’s no need to go through the initial steps again.
With each run I can a whoami and check if all is still ok, if not I call a refresh and carry on.
But I want my webhook to do it;
Do I have to request it via oauth to give to my hook app?
Rly?
If you want to call any API endpoints as a result of the webhook then it looks like a yes, you’ll need an access token.
My app is a service and I ended up created a small website to handle grabbing my access token 
This is weak.
I’ll try asking on slack
As @Kumnaa said once your webhook is created, you no longer need a bearer token as Monzo start the message transaction.
However for you to turn that webhook into an API call to move funds into a pot (ie https://api.monzo.com/pots/$pot_id/deposit) you will need a bearer token.
Gotcha.
Thanks chaps
Guys - it was me, signed in with wrong email 