Added

OAuth 2.0 Support for the API, SDK, and CLI

The API now supports OAuth 2.0 client-credentials (machine-to-machine) authentication, working end to end across the API, SDK, and CLI, with a credential management surface built into the app.

You can create two kinds of OAuth clients: personal clients, which act as you for usage tied to your own user, and service clients, intended for shared or production usage and scoped by authorization groups. Each client can hold up to two secrets, enabling zero-downtime rotation — generate a new secret, roll your integrations over, then delete the old one with no interruption.

A new OAuth and API keys tab on the user profile lists every credential — API keys, MCP keys, and personal OAuth clients — with created and expiry dates, one-click revoke, and a Revoke all option. Maximum expiration is now capped at one year for personal keys, MCP keys, and personal OAuth clients, while service credentials remain flexible for long-lived production use.


Learn more here: https://docs.getmontecarlo.com/docs/api-authentication