Skip to main content
Moneda uses OAuth 2.0 with PKCE to securely connect your account to AI clients. This is the same standard used by Google, GitHub, and other services when you click “Sign in with…”.

How does the OAuth flow work?

  1. Your AI client requests access — it opens a Moneda authorization page in your browser
  2. You sign in and approve — you see which permissions the AI is requesting and choose to approve or deny
  3. A secure token is issued — the AI client receives a token to access your account data. Your password is never shared.
  4. Tokens refresh automatically — the connection stays active without you needing to re-authorize

What permissions does my AI assistant need?

When you authorize, you’ll see a consent screen listing the specific permissions your AI needs. These are grouped into read and write scopes:
  • Read scopes let your AI view data (balances, transactions, contacts, etc.)
  • Write scopes let your AI take actions (update your display name, categorize transactions, initiate payments)
See the full list of permissions on the Scopes page.
Payments always require your approval. Even with write permissions, payment requests are sent to the Moneda app on your phone where you must confirm with biometric authentication before any money moves.

How do I revoke access?

You can revoke your AI client’s access at any time from the Moneda app. Once revoked, the AI client will no longer be able to access your account data.

Learn more

Scopes reference

Full list of 16 read and 5 write permission scopes.

Security

How Moneda protects your funds and data.