# Connecting to Monday
Monday.com is a versatile work operating system that streamlines project management and team collaboration. It features customizable workflows, visual dashboards, and automation tools to enhance productivity. Users can track tasks, manage resources, and communicate effectively in one integrated platform.
**Topics**
+ [AWS Glue support for Monday](monday-support.md)
+ [Policies containing the API operations for creating and using connections](monday-configuring-iam-permissions.md)
+ [Configuring Monday](monday-configuring.md)
+ [Configuring Monday connections](monday-configuring-connections.md)
+ [Reading from Monday entities](monday-reading-from-entities.md)
+ [Monday connection option reference](monday-connection-options.md)
+ [Limitations](monday-connector-limitations.md)
+ [Create a new Monday account:](#monday-account-creation)
# AWS Glue support for Monday
AWS Glue supports Monday as follows:
**Supported as a source?**
Yes. You can use AWS Glue ETL jobs to query data from Monday.
**Supported as a target?**
No.
**Supported Monday API versions**
v2.
# Policies containing the API operations for creating and using connections
The following sample policy describes the required AWS permissions for creating and using connections. If you are creating a new role, create a policy that contains the following:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"glue:ListConnectionTypes",
"glue:DescribeConnectionType",
"glue:RefreshOAuth2Tokens",
"glue:ListEntities",
"glue:DescribeEntity"
],
"Resource": "*"
}
]
}
```
------
You can also use the following managed IAM policies to allow access:
+ [ AWSGlueServiceRole ](https://console.aws.amazon.com/iam/home#policies/arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole) – Grants access to resources that various AWS Glue processes require to run on your behalf. These resources include AWS Glue, Amazon S3, IAM, CloudWatch Logs, and Amazon EC2. If you follow the naming convention for resources specified in this policy, AWS Glue processes have the required permissions. This policy is typically attached to roles specified when defining crawlers, jobs, and development endpoints.
+ [ AWSGlueConsoleFullAccess ](https://console.aws.amazon.com/iam/home#policies/arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess) – Grants full access to AWS Glue resources when an identity that the policy is attached to uses the AWS Management Console. If you follow the naming convention for resources specified in this policy, users have full console capabilities. This policy is typically attached to users of the AWS Glue console.
# Configuring Monday
Before you can use AWS Glue to transfer data from Monday, you must meet these requirements:
## Minimum requirements
+ You have a Monday developer account with Email and Password. For more information, see [Create a new Monday account:](connecting-to-monday.md#monday-account-creation).
+ Your Monday developer account is enabled for API access. All use of the Monday APIs available at no additional cost within trial period. Once trial period is over you need to buy subscription to create and access data. For more information, see [Monday’s licensing page](https://developer.monday.com/api-reference/reference/about-the-api-reference) for more details.
If you meet these requirements, you’re ready to connect AWS Glue to your Monday account. For typical connections, you don't need do anything else in Monday.
# Configuring Monday connections
Monday supports following two types for authentication mechanism:
1. OAuth Auth: Monday supports AUTHORIZATION\$1CODE grant type for OAuth2.
+ This grant type is considered “three-legged” OAuth as it relies on redirecting users to the third party authorization server to authenticate the user. It is used when creating connections via the AWS Glue Console. The user creating a connection may by default rely on a AWS Glue-owned connected app where they do not need to provide any OAuth related information except for the Monday instanceurl. The AWS Glue Console will redirect the user to Monday where the user must login and allow AWS Glue the requested permissions to access their Monday instance.
+ Users should opt to create their own connected app in Monday and provide their own client id and client secret when creating connections through the AWS Glue Console. In this scenario, they will still be redirected to Monday to login and authorize AWS Glue to access their resources.
+ This grant type results in a refresh token and access token. The access token is active for one hour, and may be refreshed automatically without user interaction using the refresh token.
+ For more information, see [documentation on creating a connected app for AUTHORIZATION\$1CODE OAuth flow](https://developers.Monday.com/docs/api/v1/Oauth).
1. Custom Auth:
+ For public Monday documentation on generating the required API keys for custom authorization, see [ https://developer.monday.com/api-reference/docs/authentication\$1api-token-permissions ](https://developer.monday.com/api-reference/docs/authentication#api-token-permissions).
To configure a Monday connection:
1. In AWS Secrets Manager, create a secret with the following details. It is required to create a secret for each connection in AWS Glue.
1. For OAuth auth:
+ For customer managed connected app - Secret should contain the connected app Consumer Secret with USER\$1MANAGED\$1CLIENT\$1APPLICATION\$1CLIENT\$1SECRET as key.
1. For Custom auth:
+ For customer managed connected app - Secret should contain the connected app Consumer Secret with `personalAccessToken` as key.
1. In AWS Glue Studio, create a connection under **Data Connections** by following the steps below:
1. Under Data Connections, choose **Create connection**.
1. When selecting a **Data Source**, select Monday.
1. Provide your Monday **instanceURL**.
1. Select the IAM role that AWS Glue can assume and has permissions for following actions:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:PutSecretValue",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
],
"Resource": "*"
}
]
}
```
------
1. Select Authentication Type to connect to Monday
+ For OAuth auth: Provide the **Token URL** and **User Managed Client Application ClientId ** of the Monday you want to connect to.
+ For Custom auth: Select Authentication Type **CUSTOM** to connect to Monday.
1. Select the `secretName` which you want to use for this connection in AWS Glue to put the tokens.
1. Select the network options if you want to use your network.
1. Grant the IAM role associated with your AWS Glue job permission to read `secretName`. Choose **Next**.
1. In your AWS Glue job configuration, provide `connectionName` as an **Additional network connection**.
# Reading from Monday entities
**Prerequisites**
+ A Monday Object you would like to read from. Refer the supported entities table below to check the available entities.
**Supported entities for Source**
Entities list:
+ Account: [ https://developer.monday.com/api-reference/docs/account\$1queries ](https://developer.monday.com/api-reference/docs/account#queries)
+ Board: [ https://developer.monday.com/api-reference/docs/boards\$1queries ](https://developer.monday.com/api-reference/docs/boards#queries)
+ Column: [ https://developer.monday.com/api-reference/docs/columns\$1queries ](https://developer.monday.com/api-reference/docs/columns#queries)
+ Docs: [ https://developer.monday.com/api-reference/docs/docs\$1queries ](https://developer.monday.com/api-reference/docs/docs#queries)
+ Document Block: [ https://developer.monday.com/api-reference/docs/blocks\$1queries ](https://developer.monday.com/api-reference/docs/blocks#queries)
+ Files: [ https://developer.monday.com/api-reference/docs/files\$1queries ](https://developer.monday.com/api-reference/docs/files#queries)
+ Folders: [ https://developer.monday.com/api-reference/docs/folders\$1queries ](https://developer.monday.com/api-reference/docs/folders#queries)
+ Groups: [ https://developer.monday.com/api-reference/docs/groups\$1queries ](https://developer.monday.com/api-reference/docs/groups#queries)
+ Item: [ https://developer.monday.com/api-reference/docs/items\$1queries ](https://developer.monday.com/api-reference/docs/items#queries)
+ Subitems: [ https://developer.monday.com/api-reference/docs/subitems\$1queries ](https://developer.monday.com/api-reference/docs/subitems#queries)
+ Tags: [ https://developer.monday.com/api-reference/docs/tags-queries\$1queries ](https://developer.monday.com/api-reference/docs/tags-queries#queries)
+ Teams: [ https://developer.monday.com/api-reference/docs/teams\$1queries ](https://developer.monday.com/api-reference/docs/teams#queries)
+ Updates: [ https://developer.monday.com/api-reference/docs/updates\$1queries ](https://developer.monday.com/api-reference/docs/updates#queries)
+ Users: [ https://developer.monday.com/api-reference/docs/users\$1queries ](https://developer.monday.com/api-reference/docs/users#queries)
+ Workspaces: [ https://developer.monday.com/api-reference/docs/workspaces\$1queries ](https://developer.monday.com/api-reference/docs/workspaces#queries)
| Entity | Can be Filtered | Supports Limit | Supports Order By | Supports Select \$1 | Supports Partitioning |
| --- | --- | --- | --- | --- | --- |
| Account | No | No | No | Yes | No |
| Boards | Yes | Yes | No | Yes | No |
| Columns | No | No | No | Yes | No |
| Docs | Yes | Yes | No | Yes | No |
| Document Blocks | No | Yes | No | Yes | No |
| Files | Yes | No | No | Yes | No |
| Groups | No | No | No | Yes | No |
| Item | Yes | Yes | No | Yes | No |
| Subitems | No | No | No | Yes | No |
| Tags | Yes | No | No | Yes | Yes |
| Teams | Yes | No | No | Yes | No |
| Updates | No | Yes | No | Yes | No |
| Users | Yes | Yes | No | Yes | No |
| Workspaces | Yes | Yes | No | Yes | No |
| Folders | Yes | Yes | No | Yes | No |
**Example**
```
monday_read = glueContext.create_dynamic_frame.from_options(
connection_type="monday",
connection_options={
"connectionName": "connectionName",
"ENTITY_NAME": "account",
"API_VERSION": "v2"
}
```
# Monday connection option reference
The following are connection options for Monday:
+ `ENTITY_NAME`(String) - (Required) Used for Read/Write. The name of your Object in Monday.
+ `API_VERSION`(String) - (Required) Used for Read/Write. Monday Rest API version you want to use. Example: v2.
+ `SELECTED_FIELDS`(List) - Default: empty(SELECT \$1). Used for Read. Columns you want to select for the object.
+ `FILTER_PREDICATE`(String) - Default: empty. Used for Read. It should be in the Spark SQL format.
+ `QUERY`(String) - Default: empty. Used for Read. Full Spark SQL query.
# Limitations
The following are limitations for the Monday connector:
+ The dynamic metadata response has certain conflicts with the documentation as mentioned below:
+ Group, Column entity supports filter operations, but it is not present in the dynamic metadata endpoint, hence it's kept as non-filterable entity.
+ The dynamic endpoint consists of around 15000\$1 lines and returns metadata of all the entities in a single response, because of this the fields are taking an average of 10 seconds to load hence, this would require some additional time while running a job.
+ Refer the below table for Monday rate limit. The significant size of the dynamic entity's response data causes a noticeable delay, with fields requiring an average of 10 seconds to load.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/glue/latest/dg/monday-connector-limitations.html)
## Create a new Monday account:
1. Navigate to Monday’s homepage, [https://monday.com/](https://monday.com/) and choose **Login**.
1. You will be re-directed to the login page. On the bottom of the page, choose **Sign up**.
1. Enter your email address and choose **Continue**. Alternately, you can sign in with Google.
1. Enter the required details and choose **Continue**.
1. Complete the survey questions and follow the steps to complete the account creation process.
**Register an OAuth application:**
1. Log into your monday.com account. Click on your avatar (picture icon) in the bottom left corner of your screen.
1. Choose **Developer**.
1. Choose **Create app**.
1. Complete the required fields for name and description.
1. Navigate to “OAuth” section present on the right side add the scopes and choose “Save Feature”.
1. Navigate to “Redirect URLS” tab beside the scope and add the redirect URL and choose “Save Feature”.
1. Under the **Redirect URLs** tab, provide the URL of your app. This should be https://\$1region-code\$1.console.aws.amazon.com/appflow/oauth. For example, if you are using `us-east-1 `you can add `https://us-east-1.console.aws.amazon.com/appflow/oauth`.
1. The application is now ready to use. You can find your credentials, in the “Basic Information” section. Note your Client ID and Client secret strings. These strings are used to make a connection with this app using an AppFlow connector.
**Generate personal access token:**
Currently, monday.com only offers our V2 API tokens, which are all personal tokens. To access your API tokens, you can use one of two methods depending on your user level. Admin users can utilize both methods to acquire their API tokens. Member users can access their API tokens from their Developer tabs.
Admins - If you are an admin user on your monday.com account,you can access your API tokens from the "Admin" tab with the following steps:
1. Log into your monday.com account. Click on your avatar (picture icon) in the bottom left corner of your screen.
1. Select “Administration” from the resulting menu (this requires you to have admin permissions).
1. Navigate to the “API”Section and generate a “API V2 Token”. You can copy your token and use it.
Developer - If you are a member user on your monday.com account, you can access your API tokens from the Developer tab with the following steps:
1. Log into your monday.com account. Click on your avatar (picture icon) in the bottom left corner of your screen.
1. Select “Developers” from the resulting menu.
1. In the top menu, choose the "Developer" drop-down menu. Select the first option on the drop-down menu titled "My Access Tokens."