​
Overview

To programmatically interact with your Monime Spaces, you need Access Tokens (API Keys). These tokens authenticate your applications and grant permission to perform actions across all Monime Spaces associated with your Monimeer account.
Security Critical: Treat your Access Tokens like passwords. Never share them publicly, commit them to code repositories, or expose them on the client-side of applications.

​
Accessing the Developer Portal

1

Log In to Your Dashboard

Navigate to my.monime.io and log in with your Monimeer credentials
2

Access Developer Portal

From the left sidebar navigation, click on Developer You’ll see a list of all your Monime Spaces with their unique Space IDs (e.g., spc_xxxxxxxxx)
3

Navigate to Access Tokens

In the Developer Portal sidebar, click on Access Tokens This page shows all your existing tokens, their status (ACTIVE, EXPIRED), and creation dates

​
Creating a New Access Token

1

Initiate Token Creation

Click the Create token button at the top right of the Access Tokens page A full-screen configuration dialog will appear
2

Configure Token Settings

Fill out the token configuration form with the following details:

​
Token Configuration Options

Purpose: A descriptive label to identify this token’s purposeExamples:
  • “Main Website Integration”
  • “Mobile App v2”
  • “Inventory Sync Script”
Use meaningful names to easily identify tokens later
Purpose: Defines how long the token remains active (security best practice) Options: - 2 Months: Short-term projects or testing - 1 Year: Production applications - Custom: Set a specific future expiration date - No Expiry: Indefinite access (use with caution)
Tokens without expiry dates pose higher security risks if compromised
Purpose: Specifies which API version this token targets Select your preferred API version from the dropdown (e.g., “v1.0.0”, “v2.1.0”)
For more information on API versions, visit our API Versioning documentation
Purpose: Toggle between test and production environments When Test Mode is ON: - Expiry date defaults to 2 months (non-editable) - Whitelist options are disabled - Token prefix: mon_test_ - Only processes simulated transactions When Test Mode is OFF: - Full configuration options available
  • Token prefix: mon_ - Processes real money transactions
Purpose: Restricts token access to a specific Monime Space Use the combobox to search and select a specific Space by name or ID
This adds an extra security layer by preventing accidental cross-Space operations
Purpose: Limits token usage to specific IP addresses Examples: - Single IP: 203.0.113.45 - CIDR range: 203.0.113.0/24
Ensure your production servers’ IP addresses are included to avoid access issues
Purpose: Filter API services to manage permissions more easily Choose from available services: - Payments - Payouts - Customers - Analytics - And more… This selection affects the available roles in the next section
Purpose: Define specific actions the token can performImplementation of Least Privilege:
  • Only grant permissions your application actually needs
  • Selected roles appear as removable “pills” or “tags”
  • Different services have different available roles
Common Role Examples:
  • payments:read - View payment information
  • payments:write - Create new payments
  • customers:read - Access customer data
  • payouts:write - Initiate payouts

​
Finalize Token Creation

After configuring all settings, click the Create button to generate your token.

​
Securing Your New Token

One-Time Display: Your token will be shown only once. If you close the dialog without copying it, you’ll need to generate a new token.
1

Copy Your Token

When the token dialog appears, immediately click the Copy button The token will look like: - Test: mon_test_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - Live: mon_YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
2

Store Securely

Save your token in a secure location: - Environment variables - Secrets manager (AWS Secrets Manager, Azure Key Vault, etc.) - Encrypted configuration files - Password vault

✅ Secure Storage

  • Environment variables - Secrets management services - Encrypted configuration - Server-side only

❌ Insecure Storage

  • Hardcoded in source code - Public repositories - Client-side code - Plain text files

​
Token Types & Environments

​
Test Tokens

Prefix: mon_test_ Purpose: Development and testing with simulated transactions Limitations: 2-month expiry, no whitelist options

​
Live Tokens

Prefix: mon_ Purpose: Production environment with real money transactions Full Features: All configuration options available

​
Managing Existing Tokens

From the Access Tokens page, you can:

View Token Details

See name, creation date, expiry, and status of all tokens

Revoke Tokens

Immediately invalidate compromised or unused tokens

Monitor Usage

Track API calls and usage patterns

Rotate Credentials

Replace tokens regularly for security

​
Security Best Practices

  • Regularly rotate tokens (every 3-6 months)
  • Replace tokens immediately if compromised
  • Use expiry dates appropriate for your use case
  • Grant minimum necessary permissions - Use Space whitelisting when possible - Implement IP address restrictions - Monitor token usage patterns
  • Never commit tokens to version control - Use environment variables or secrets managers - Encrypt tokens at rest - Audit access to token storage
  • Keep tokens server-side only
  • Use HTTPS for all API calls
  • Implement proper error handling
  • Log security events

​
Next Steps

Once you have your Access Token, you’re ready to start integrating with Monime’s APIs!

Developer Resources

Tools, documentation, and references to support your development work.

API Reference

Explore our comprehensive API documentation

SDKs & Libraries

Use our official SDKs for faster development

API Testing

Test your integration in our sandbox