Get Started
Personal Access Tokens Management
Generate and manage secure access tokens for Monime API integration
Overview
To programmatically interact with your Monime Spaces, you need Access Tokens (API Keys). These tokens authenticate your applications and grant permission to perform actions across all Monime Spaces associated with your Monimeer account.Security Critical: Treat your Access Tokens like passwords. Never share
them publicly, commit them to code repositories, or expose them on the
client-side of applications.
Accessing the Developer Portal
1
Log In to Your Dashboard
Navigate to my.monime.io and log in with your Monimeer
credentials
2
Access Developer Portal
From the left sidebar navigation, click on Developer You’ll see a list of
all your Monime Spaces with their unique Space IDs (e.g.,
spc_xxxxxxxxx)3
Navigate to Access Tokens
In the Developer Portal sidebar, click on Access Tokens This page shows
all your existing tokens, their status (ACTIVE, EXPIRED), and creation dates
Creating a New Access Token
1
Initiate Token Creation
Click the Create token button at the top right of the Access Tokens page A
full-screen configuration dialog will appear
2
Configure Token Settings
Fill out the token configuration form with the following details:
Token Configuration Options
Token Name (Required)
Token Name (Required)
Purpose: A descriptive label to identify this token’s purposeExamples:
- “Main Website Integration”
- “Mobile App v2”
- “Inventory Sync Script”
Use meaningful names to easily identify tokens later
Expiry Date
Expiry Date
Purpose: Defines how long the token remains active (security best practice)
Options: - 2 Months: Short-term projects or testing - 1 Year:
Production applications - Custom: Set a specific future expiration date -
No Expiry: Indefinite access (use with caution)
Tokens without expiry dates pose higher security risks if compromised
Default API Release
Default API Release
Purpose: Specifies which API version this token targets Select your
preferred API version from the dropdown (e.g., “v1.0.0”, “v2.1.0”)
For more information on API versions, visit our API Versioning
documentation
Test Mode
Test Mode
Purpose: Toggle between test and production environments When Test Mode
is ON: - Expiry date defaults to 2 months (non-editable) - Whitelist options
are disabled - Token prefix:
mon_test_ - Only processes simulated
transactions When Test Mode is OFF: - Full configuration options available- Token prefix:
mon_- Processes real money transactions
Whitelist Space (Production Only)
Whitelist Space (Production Only)
Purpose: Restricts token access to a specific Monime Space Use the combobox
to search and select a specific Space by name or ID
This adds an extra security layer by preventing accidental cross-Space
operations
Whitelist IP Address (Production Only)
Whitelist IP Address (Production Only)
Purpose: Limits token usage to specific IP addresses Examples: - Single
IP:
203.0.113.45 - CIDR range: 203.0.113.0/24Ensure your production servers’ IP addresses are included to avoid access
issues
Service Selection
Service Selection
Purpose: Filter API services to manage permissions more easily Choose from
available services: - Payments - Payouts - Customers - Analytics - And more…
This selection affects the available roles in the next section
Roles & Permissions
Roles & Permissions
Purpose: Define specific actions the token can performImplementation of Least Privilege:
- Only grant permissions your application actually needs
- Selected roles appear as removable “pills” or “tags”
- Different services have different available roles
payments:read- View payment informationpayments:write- Create new paymentscustomers:read- Access customer datapayouts:write- Initiate payouts
Finalize Token Creation
After configuring all settings, click the Create button to generate your token.Securing Your New Token
One-Time Display: Your token will be shown only once. If you close the
dialog without copying it, you’ll need to generate a new token.
1
Copy Your Token
When the token dialog appears, immediately click the Copy button The token
will look like: - Test:
mon_test_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - Live:
mon_YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY2
Store Securely
Save your token in a secure location: - Environment variables - Secrets
manager (AWS Secrets Manager, Azure Key Vault, etc.) - Encrypted configuration
files - Password vault
✅ Secure Storage
- Environment variables - Secrets management services - Encrypted configuration - Server-side only
❌ Insecure Storage
- Hardcoded in source code - Public repositories - Client-side code - Plain text files
Token Types & Environments
Test Tokens
Prefix:
mon_test_ Purpose: Development and testing with simulated
transactions Limitations: 2-month expiry, no whitelist optionsLive Tokens
Prefix:
mon_ Purpose: Production environment with real money
transactions Full Features: All configuration options availableManaging Existing Tokens
From the Access Tokens page, you can:View Token Details
See name, creation date, expiry, and status of all tokens
Revoke Tokens
Immediately invalidate compromised or unused tokens
Monitor Usage
Track API calls and usage patterns
Rotate Credentials
Replace tokens regularly for security
Security Best Practices
Token Rotation
Token Rotation
- Regularly rotate tokens (every 3-6 months)
- Replace tokens immediately if compromised
- Use expiry dates appropriate for your use case
Access Control
Access Control
- Grant minimum necessary permissions - Use Space whitelisting when possible - Implement IP address restrictions - Monitor token usage patterns
Storage Security
Storage Security
- Never commit tokens to version control - Use environment variables or secrets managers - Encrypt tokens at rest - Audit access to token storage
Application Security
Application Security
- Keep tokens server-side only
- Use HTTPS for all API calls
- Implement proper error handling
- Log security events
Next Steps
Once you have your Access Token, you’re ready to start integrating with
Monime’s APIs!