The credentials field enables you to easily store and manage a set of profiles in an integration recipe. The field is useful in a variety of use cases, including:

Storing one or more authentication profiles without building the selection logic yourself
Securely managing login details for multiple users on a shared account

Add the field to an app feature

Watch this video to learn how to add a credentials field to your integration app feature:

Technical reference

The credentials field requires three different URLs to send requests to when the user interacts with the credential selection component in the UI:

Credentials URL
Authorization URL
Delete Credentials URL

The selected credential ID will then be sent to your app when the relevant block executes (i.e., when your custom action runs or your trigger is subscribed to).

1. Credentials URL

The credentials URL is the endpoint to get a list of credentials. monday will send a POST request with an empty body to the URL when a user opens the credentials field. Your app can decode the authorization header to get context about the request.

router.post("/credentials/get", async function getCredentials(req, res) {
  return res.status(200).send([
    { title: "User 1 login", value: "abc1234" },
    { title: "User 2 login", value: "bcd2345" },
  ]);
});

[
    {
        "title": "Dipro (Admin)",
        "value": "salesforce:"
    },
    {
        "title": "Rachel (Admin)",
        "value": "2222"
    }
]

2. Authorization URL

The authorization URL is the redirect URL to add a new credential to the list. monday will redirect the user to this URL when they click Use another account in the UI.

The URL will have a JWT token in the query params that contains backToUrl and shortLivedToken. You can use the shortLivedToken to make requests to the monday API, retrieve user profile information, etc. It is only valid for five minutes. You can use the backToUrl to redirect the user to the sentence configuration page.

{
  accountId: 1800028,
  userId: 4000089,
  boardId: 6440001771,
  backToUrl:
    "https://myaccount.monday.com/boards/1111/app_automations/2222?nodeId=2&fieldKey=account",
  recipeId: 30000047,
  integrationId: "327000608",
  aud: "https://myapptunnel.apps-tunnel.monday.app/credentials/create",
  exp: 1723137005,
  shortLivedToken:
    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzaG9ydExpdmVkIjp0cnVlLCJ1aWQiOjQwMTI2ODksImV4cCI6MTcyMzEzNzAwNSwiaWF0IjoxNzIzMTM2NzA1fQ.tYUTMOfZd72-HUYgverehC0lDs_E8P-01Gfd-yoxh-M",
  iat: 1723136705,
}

router.get("/credentials/create", async function addCredentials(req, res) {
  // verify and decode token data
  const tokenPayload = jwt.verify(
    req.query.token,
    process.env.MONDAY_SIGNING_SECRET,
  );
  
  // add authentication steps here (eg OAuth2, etc)
  console.log({ tokenPayload });

  // once finished, redirect to the back to URL
  return res.redirect(tokenPayload.backToUrl);
});

3. Delete Credentials URL

The delete credentials URL is the endpoint to delete a credential. monday will send a POST request to this URL when a user clicks the delete icon next to a credential. The request body will contain the ID of the credential to be deleted.

router.post("/credentials/delete", async function deleteCredentials(req, res) {
  console.log("hit");
  // extract credential ID
  const id = req.body.payload.credentialId;

  // delete the credential from DB
  const success = removeCredentialFromDatabase(id);

  // return success
  if (success) {
    return res.status(200).send();
  }
});

{
  payload: {
    credentialsId: "bcd2345";
  }
}