OAuth2 connection type as alternative to API key

Doesnt seem to be a feature request/feedback section on the site yet.

I’d like to see the Make App support OAuth 2.0 as an alternate connection type to the API key. That way we could use a custom App to provide API access vs. having to use an individual account API key. That way, we don’t need an additional license for a dummy account (which has GUI access), nor risk having everything tied to an individual API key that gets shut down if a user leaves.


That would be great. Basically all it would take would be to allow the connection/token to be dynamically mapped; which would be cool even if it was to just select a different, preexisting connection/token.

It is theoretically possible to access the monday API using Oauth now. Once you have the access token, you would just need to use http modules to do the calls.

Jim - The Monday Man (YouTube Channel)
Watch Our Latest Video: The ITEM ID column - What most people don’t know.
Contact me directly here: Contact – The Monday Man

The other “trick” is you can use Postman to do the Oauth, and capture the token and use it as the api key in the existing modules :slight_smile: Which for now looks to be my preferred method, however that does have limits since you can’t simply reauthenticate if the client secret changes (for some reason).

I should add since Make lets you assign an “alternate” connection when creating a custom module, it should be trivial when creating connections for modules to create whichever type you want (API Key or OAuth 2) create the connection. Seems that supporting two connection types is already a part of the platform.

I’d also love if there was a “Watch App Trigger” module that has a webhook to receive the payload from a App action, validates the JWT and then puts the token in a variable we can map into the modules for their connection. It would require adding the signing secret when setting up a connection for it. That way we can use Make for a backend for Monday custom apps and use the short lived tokens for API authorization. I’m thinking for private apps. Since we can publish the actions now in such a way they can be used in custom automations - I see a lot of value in this vs. putting a mass of webhooks on each monday board.

It should be possible then on the modules to have a parameter for the SLT from the JWT, which if present, is used as the authorization token rather than the connection. It would just require sanitizing the parameter on every module (or in base but make sure the parameter is always the same?)