Authentication
How to authenticate against the Core API.
Core uses static API keys for authentication, the same mechanism Banking uses. Every request carries the key as a Bearer token in the Authorization header. There is no session, no refresh, and no expiry — keys are valid until you revoke them in the Mono Dashboard.
If you have read api-standards/authentication, this page only adds the Core-specific details: where to generate the key, what scopes Core supports, and what the failure responses look like.
This page is an authentication scaffold. The full version will document scope catalog, dashboard screenshots for key generation, and example responses for each error case.
Before you start
You need a Mono account with Core access enabled and Dashboard access at mi.cuentamono.com.
Generating a key
In the Mono Dashboard, go to Settings → API keys, choose the environment (sandbox or production), and create a key with the scopes your integration needs. Store the key in a secrets manager — Mono shows the secret value only once.
Sending the key
Authorization: Bearer <your_core_api_key>Example:
curl https://api.cuentamono.com/v1/ledger_accounts \
-H "Authorization: Bearer $MONO_CORE_API_KEY"Scopes
Core supports per-resource scopes (read, write, admin) for ledger, cards, spending controls, and payouts. Choose the minimum scope your integration needs. The scope catalog lives in the Dashboard and is mirrored in the api-reference for Core.
Failures
| Status | Meaning |
|---|---|
401 Unauthorized | Key missing, malformed, or revoked. |
403 Forbidden | Key valid but lacks the scope for this endpoint. |
See Errors and retries for the response envelope.
Next steps
- Architecture — how a request flows after authentication.
- Idempotency Keys — required for safe retries on writes.
- Best practices — key rotation, scope minimization, and credential storage.