Mokapen API Documentation

Overview Getting Started Authentication Organizations Scopes & Permissions Rate Limits Error Codes Webhooks API Reference Open Swagger UI

Getting Started

Before calling any API endpoint, create and configure an application in your Mokapen Developer account.

Overview

The Mokapen API is a REST API. All requests must include a valid Authorization: Bearer <access_token> header unless noted otherwise.

Base URL: https://mokapen.com/api

API version prefix: v1 (example: /api/v1/{org_id}/contacts).

Step 1 — Create an application

Sign in to Mokapen, open your organization, and go to Account → Developer → My Applications. From there you can view existing apps or create a new one.

Mokapen supports two application types:

Public app — intended for integrations used by multiple Mokapen users. Uses the OAuth 2.0 authorization code flow. Users authorize your app and select which organization to grant access to.
Private app — intended for internal automation within your organization. Uses the client_credentials grant. Tokens are generated from the Developer dashboard without an end-user OAuth redirect.

Application requirements

Field	Public app	Private app
Company name	Required	Required
Company website URL	Required	Required
Application name	Required	Required
Company logo	Required	Required
Redirect URL	Required	Not required
Dedicated user	Not required	Required
Stakeholders	Optional	Optional

For private apps, the Dedicated user field defines which organization member the integration acts on behalf of. API access respects that user's permissions and scopes.

Step 2 — Select API scopes

After filling in the application details, click Continue to choose the API scopes (permissions) your app needs, then save the application.

Only scopes you enable during setup can be requested at authorization time (public apps) or included in tokens (private apps).

Step 3 — Activation & credentials

Private applications are activated immediately after creation. Organization owners and admins can disable or re-enable them at any time from the application page.

Public applications start as Pending review. Mokapen reviews the requested scopes before activating the app. Once status is Active, open the Credentials tab to retrieve your client_id and client_secret and start the OAuth authorization code flow.

If you change scopes on an active public application, it returns to pending review and existing tokens are revoked.

Store credentials securely. Never expose the client secret in client-side code or public repositories.

Next steps

Public apps → follow the Authentication guide (OAuth authorization code).
Private apps → generate a token from the Credentials tab, then see Private app tokens.
Browse endpoints in the API Reference.

Začnite delati in prihranite čas.

ali

Rezerviraj predstavitev

Potrebujete pomoč?