This section is a curated reservoir of insights, providing quick solutions and clarifications to streamline the Monotype API integration process. With clarity and conciseness, it is an essential reference point for navigating the intricacies of the integration landscape and ensuring a smoother journey for developers.
Overview
The enterprise paid customers can access the premium font inventory. Hence, the enterprise customers are integrated with authorization code flow. It means that the users are also authenticated along with the application validation.
Prerequisite
You are an enterprise customer.
You need to share a redirect URL for the API integration process. Monotype will use this URL to register the URI in the Monotype Desktop application setup.
You accept the invitation to onboard your user to be a part of the organization.
Tokens
Access Token: An access token is a short-lived, temporary token that is issued to a client. This token is used to gain access to protected resources, like data or services. Access tokens are typically timebound and provide an additional level of security. The access token expiry is set to 30 minutes.
Refresh Token: Unlike access tokens, refresh tokens are not intended to access resources directly. Instead, their primary purpose is to obtain new access tokens when the existing ones expire or become invalid. When an access token expires or is no longer valid for some reason, you can use the refresh token to request a new access token without re-entering your credentials.
Authorization
User Login
Obtain an Application Client ID and Client Secret from your sales representative or partner contact at Monotype.
Use the Client ID and Redirect URL to redirect the user to login screen. Execute the below URL.
https://api.monotype.com/v2/oauth/authorize?client_id=<clientid>&redirect_uri=<redirecturi>&response_type=code
| clientId obtained from Monotype |
| URL shared by the client, on which the code would be sent after successful login |
The URL will redirect your user to the Monotype Login page. Your user will then enter the user credentials. These credentials were initially set at the time when the user accepts the invite from Monotype.
Enter the login details.
After successful login, authorization code is sent to the redirect URL.
Token Generation
Extract the authorization code from the redirect URL. The authorization code is appended as a query parameter.
Execute the below curl command to generate the access token and refresh token.
curl --location 'https://api.monotype.com/v2/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <authcode>' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=<code>' \
--data-urlencode 'redirect_uri=<redirecturi>'
| Base64 encoded string Clientid:Clientsecret. |
| Extracted from redirect URL after user login. Note: The code could be used just once to generate the token or to execute the above curl command. |
| Shared by registered customer of Monotype |
After successful execution, record the generated access token and refresh token.
You can use the access token to invoke the APIs. After the expiry of access token, you can refresh the access token using refresh tokens flow.
Refresh Tokens
Execute the curl below to refresh the tokens. Refresh Tokens could be used just once to generate the new access token. The curl below will return the new access token and new refresh token that should be used to generate the new tokens.
curl --location 'https://api.monotype.com/v2/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <authcode>' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=<refreshtoken>'
| Base64 encoded string Clientid:Clientsecret |
| Generate and record the refresh token |
After successful execution, the new access token and new refresh token are generated. Record the new access token and refresh token.
Revoke the existing refresh token with revoke token flow. Use the new refresh token to generate the tokens again.
On using same refresh token again, a refresh token reuse is detected, all the generated refresh tokens get invalidated, and you need to re-login to generate the tokens.
Revoke Tokens
Execute the below curl command to revoke the token.
curl --location 'https://api.monotype.com/v2/oauth/token/revoke' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <authcode>' \
--data-urlencode 'token=<token>'
| Base64 encoded string Clientid:Clientsecret. |
| Refresh token that needs to be revoked. |
Token will be revoked with status code 200.
Invoking APIs
Use the access token to invoke the Monotype APIs. Example:
curl --location --request POST 'https://api.monotype.com/v1/fonts/search' \
--header 'Authorization: Bearer <accesstoken>'
| The access token generated from Authorization API. |