Refreshing token?


(Amr Sobhy) #1

Hi I’m just getting introduced to the Monzo API. I’m starting with a small simple project, a nodejs script that saves my monzo balance to an excel sheet.

I can’t get my head around the way to refresh tokens so that this script keeps running.
This is the monzo part.

const Monzo = require('monzo-js');
//this one keeps changing
const monzo_cleint = new Monzo('xxxxxxxxxxxx');


async function getMozoData(){
await Monzo.OAuth.usingClientCredentials('xxxx', 'xxxxxxx');
var accounts = await monzo_cleint.accounts.all();
for (const [id, acc] of accounts) {
    balance = Number((acc.balance / 100).toFixed(2));
    console.log('balance' + balance); 
    return balance;
}
}

As far as I understand, I’ll have to setup the full OAuth process if I want to keep permanent access to my account. Which will not work well with my use-case. But I hope I’m just wrong.

Help is much appreciated!


(Dan) #2

I don’t know much nodejs, if any…

But to refresh a token, you just submit the details back to Monzo and they send another token back which you will need to save for the next refresh…

See https://docs.monzo.com/#refreshing-access might help you…

You need to push the refresh token to https://api.monzo.com/oauth2/token along with a few other bits of data and it’ll return new data for the next 33 odd hours…

You don’t need to go through another Auth process…

Does that make sense?


(Amr Sobhy) #3

Thanks alot.
But I’ve no idea how to “submit the details back to Monzo to get another token”
Is there an endpoint to get the token using client ID and client secret?


(Jedihomer Townend) #4

The way I do it is to go through the normal auth process to get a token, which I then store locally.

Then when I need to re-get data from the API I make a call to https://api.monzo.com/ping/whoami with the current token. If this fails authentication I call https://api.monzo.com/oauth2/token to get a refreshed token. Then I can continue the rest of the calls with the new token.

If the whoami call doesn’t fail and is authenticated, I just use that token…

This way, I don’t have to track the expiry of the token…


(Amr Sobhy) #5

Thanks a lot for this! Could you please share with me the curl request you do to get a new token? Want to make sure I get it right?

Much appreciated


(Jedihomer Townend) #6

It’s not the cleanest of code, but this is the flow of the app…


(sam) #7

You can choose to conditionally obtain a new access token when your access token expires by adding in error checking on each request, but if you’re looking to get started with the simplest code possible you can just use your refresh token to get an access token each time your function runs.

const client = new Monzo('dummy-value-does-not-need-to-be-correct');
const refreshToken = 'put-your-actual-refresh-token-here';

// any time you want to get data from Monzo authenticate using the refresh token...
Monzo.OAuth.refreshToken(clientId, clientSecret, refreshToken);

// now your code to interface with Monzo goes here, because you just got a new access token it will never be expired
monzo.accounts.all().then(accounts => {
	for (const [id, acc] of accounts) {
		console.log(`💵 £${acc.balance} in ${acc.id}`);
	}
});

This will work for as long as your refresh token is valid (which should be forever, unless you revoke OAuth access to the app).


(Amr Sobhy) #8

Yes perfectly understood. My main issue is I can’t find the refresh token? Where do you get it?


#9

You get it when you exchange the authorisation code:


#10

Does that mean you can refresh an expired access token? I had assumed you had to refresh it before it expires for some reason :hushed:


(Jedihomer Townend) #11

I’ve not really tested that… I assume it does as long as the original token had not been invalidated…

The docs say

To gain long-lived access to a user’s account, it’s necessary to “refresh” your access when it expires using a refresh token

From the wording when, not before, I assume you can…


#12

I’ll find out when my last access token expires :grinning: