At Monkey, we use the OAuth2 standard to secure our APIs. Your API Client linked to an integration user will be able to make requests to the APIs according to your access profile.

To start using the APIs, you first need to register on our platform. Before beginning the registration process, you will need to understand a few key points.

1. Each client within Monkey is separated into a concept we call a Program. The programs are segregated, and you need to register for each of the programs you want to participate in.

2. Each user within a program can manage one or more profiles; these profiles are essentially company registrations. There are three types of profiles within our platform:

   Sponsors: These are the profiles of buyers of goods and services, or Anchors, who send information about their accounts payable to their suppliers.

   Sellers: These are the sellers of goods and services, or Suppliers, who have invoices outstanding with the Anchors in their accounts receivable.

   Buyers: These are Financial Institutions interested in advancing payment of the Supplier’s accounts receivable registered in the Anchor’s program.

3. All our APIs follow the following standard
   version/profile/idprofile, so let's say you have an financial institution profile and are going to perform a query of purchases made on the platform, then the URL would be v1/buyers/564654 (in this example, the profile id would be 564654).

4. The profile ID is crucial for Monkey to understand which company you are performing the action for, and you can check the ID by accessing the platform and going to the Settings menu where the company's registration data will be displayed.

5. Monkey has two environments, the Staging environment, which is used for testing, and the Production environment. These environments are segregated, so the data from one environment is not visible in the other.

Now that the fundamental concepts have been clarified, let's move on to the step-by-step process of how you will log in via API on our platform:

Step 1. Creating Your User ID

To begin integration, you will need to create a user ID. For this, you need to have and access the URL of the program you will register for. If you do not have the program's URL, please contact us by email at [email protected]. When you access the URL, click on the 'Register' option and fill in the details with your information:

After registering the user, if there is not yet a registration for your company, it will be necessary to create a profile. You can do this by following the on-screen instructions.

For cases where the company is already registered, it will be necessary to add this new user to the profile, and you can do so by following these steps:

1. Access the Company Profile:

2. Go to Settings:

3. Access the Users option:

4. Add the Registered User:

Step 2. Creating Your API Client

As explained above, you will need an API Client to make requests to our platform. Once you have created one, we will generate your client_id and client_secret, and they will be used at the time of generating the authentication token:

1. After Logging In, Click on the 'My Profile' option:

2. Click on API Settings:

3. Enter the name of your API (This is used to identify your requests):

4. Your client_id and client_secret have been generated and you are ready to make requests:

Step 3. Obtaining the Authentication Token

After creating your User and API Client, you will be able to obtain the authentication token, which is necessary for all API calls.

To obtain the authentication token, you must make a request in the following manner:

Headers:

Content-Type: application/x-www-form-urlencoded

Example:

Properties:

client_id: Value generated in the API Client creation step
client_secret: Value generated in the API Client creation step
username: Email of the User Registered on the Platform
password: Password of the User Registered on the Platform
grant_type: Fixed value, always send the value: password
scope: Fixed value, always send the value: server

Example:

If the operation is successful, you will receive a response that will contain your token (access_token), which should, in turn, be sent with all requests transmitted to the platform.

See the example in the return Payload below:

{
  "access_token": "8bf8047e-eb30-45cb-9145-73c759f2a594",
  "token_type": "bearer",
  "refresh_token": "ed6f1cca-2d0f-4341-b7d1-82f9a21171d7",
  "expires_in": 430507,
  "scope": "api"
}

See how the header should be sent in all requests using the returned access_token:

Authorization: Bearer 8bf8047e-eb30-45cb-9145-73c759f2a594

See the API details here .

Step 4. Refreshing the Authentication Token

As mentioned above in obtaining the Token, there is an expiration time.

Once the Token has expired, it is possible to refresh this token.

To obtain a new authentication token, you must make a request in the following manner:

Headers:

Content-Type: application/x-www-form-urlencoded

Example:

Properties:

client_id: Value generated in the API Client creation step
client_secret: Value generated in the API Client creation step
grant_type: Fixed value, always send the value: refresh_token
refresh_token: Value of the refresh_token returned in the Token Generation Request

Example:

If the operation is successful, you will receive a response that will contain your token (access_token), which should, in turn, be sent with all requests transmitted to the platform.

See the example in the return Payload below:

{
  "access_token": "8bf8047e-eb30-45cb-9145-73c759f2a594",
  "token_type": "bearer",
  "refresh_token": "ed6f1cca-2d0f-4341-b7d1-82f9a21171d7",
  "expires_in": 430507,
  "scope": "api"
}

See how the header should be sent in all requests using the returned access_token:

Authorization: Bearer 8bf8047e-eb30-45cb-9145-73c759f2a594

See the API details here.

Step 5. Obtaining Profiles Linked to Your User

After registering on the platform, you will be able to manage one or more companies. The listing of your profiles contains hypermedia links to the base resources. See the details here.