Mokapen API Documentation
Authentication
All API requests require a Bearer access token. How you obtain the token depends on whether your application is public or private.
Bearer token header
Include the access token on every API request:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...
Accept: application/jsonPublic apps — OAuth 2.0 authorization code
Public apps use the standard OAuth 2.0 authorization code grant.
Authorization request
Redirect the user to the authorization endpoint:
GET https://mokapen.com/oauth/authorize
Query parameters:
client_id (required) Your Client ID
redirect_uri (required) Must match a registered redirect URL
response_type (required) Must be "code"
scope (required) Space-separated scopes, e.g. tasks.read tasks.write
state (required) Random value (min. 16 chars) to prevent CSRFDuring authorization, the user selects the organization to grant access to. The issued access token is bound to that organization.
Authorization request example (PHP)
$params = [
'client_id' => 'YOUR_CLIENT_ID',
'redirect_uri' => 'https://example.com/oauth/callback',
'response_type' => 'code',
'scope' => 'tasks.read tasks.write',
'state' => bin2hex(random_bytes(8)),
];
$url = 'https://mokapen.com/oauth/authorize?' . http_build_query($params);
header('Location: ' . $url);Exchange authorization code for tokens
After the user approves access, Mokapen redirects to your redirect_uri with a code parameter. Exchange it for tokens:
POST https://mokapen.com/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&redirect_uri=https://example.com/oauth/callback
&code=AUTHORIZATION_CODE_FROM_CALLBACKToken response example
{
"token_type": "Bearer",
"expires_in": 31536000,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
"refresh_token": "def50200...",
"organization_id": 849,
"organization_name": "Your Organization"
}The
organization_id in the response reflects the organization the user selected during authorization. Use this same ID in API URLs (see Organizations).Refresh token
When the access token expires, request a new one using the refresh token:
POST https://mokapen.com/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&refresh_token=YOUR_REFRESH_TOKENPrivate apps — Client credentials
Private apps do not require an OAuth redirect. From the Developer dashboard, open your application, go to Credentials, and click Generate Token.
The token is created using the client_credentials grant and is scoped to your current organization session. Store it securely and never share it publicly.
POST https://mokapen.com/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&scope=tasks.read tasks.write contacts.read
&organization_id=849Always pass
organization_id when requesting a private app token. The organization ID is stored in the token and enforced on subsequent API calls.Making your first API request
$url = 'https://mokapen.com/api/v1/849/contacts';
$token = 'YOUR_ACCESS_TOKEN';
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
'Authorization: Bearer ' . $token,
'Accept: application/json',
],
]);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);Besoin d'aide?
est fait à la main
Paiements sécurisés avec
|
Mokapen Srl - Startup Innovativa - Via Francesco Arese 12, 20159, Milano (Italie) - C.F./P.IVA 12021740969 - R.E.A. 2635193 - info@mokapen.com
© 2026 Mokapen. Tous les droits sont réservés.