-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication
The API uses a Cookie to authenticate you. Once logged-in, you will receive a cid cookie which you will need to store and send with each request for your session to be authenticated.
cid is under the player.monstercat.app or www.monstercat.com domain. It lasts a month from its creation. It is Secure with SameSite=None.
POST /sign-in
Login with email, password and 2FA
| Field | Type | Description |
|---|---|---|
| string | The account email | |
| Password | string | The account password |
| Auth.Email? | string | ID of email 2FA used to poll for completion |
| Auth.SMS? | string | The code sent via SMS or Authy to verify identity |
| Auth.TOTP? | string | The code from the authenticator app |
| Field | Type | Description |
|---|---|---|
| AuthData.Email.Email? | string | The email a 2FA link was sent to |
| AuthData.Email.Id? | string | ID of 2FA email |
| AuthData.SMS.PhoneNumber? | string | Masked phone number 2FA code was sent to |
| AuthData.SMS.State? | string | State of SMS 2FA |
| AuthData.TOTP? | object | An empty object present if the user has TOTP enabled |
| DefaultAuthType? | string | The default 2fa type. "SMS", "Email" or "TOTP" |
| Needs2FA | boolean | Whether 2FA is required to continue or not |
When you receive a successful response with Needs2FA as false, you are signed in.
POST /me/two-factor/resend-sms
Resends a notification to your Authy app or sends a new SMS to get your 2FA token.
| Field | Type | Description |
|---|---|---|
| string | The account email | |
| Password | string | The account password |
| Field | Type | Description |
|---|---|---|
| Id | string | Always empty since Id is not used for SMS 2FA |
POST /me/two-factor/resend-email
Resends an email with a link to verify your identity.
| Field | Type | Description |
|---|---|---|
| string | The account email | |
| Password | string | The account password |
| Field | Type | Description |
|---|---|---|
| Id | string | The ID of the email |
After receiving the ID, the /sign-in endpoint should be polled every few seconds with it.
POST /sign-out
Logs you out
204 No Content
- Home
- Global objects
- Catalog
- Releases
- Playlists
- Artists
-
Me
- Get user info
- Change user info
- Change settings
- Get player code
- Regenerate player code
- Change email
- Change password
- Enable SMS 2FA (deprecated)
- Confirm SMS 2FA (deprecated)
- Disable SMS 2FA (deprecated)
- Enable TOTP 2FA
- Get TOTP QR Code
- Disable TOTP 2FA
- Enable Email 2FA
- Disable Email 2FA
- Change notifications
- Get licenses
- Remove license
- Remove video claims
- Generate discount code
- Authentication
- CDX
- TODO