Change URL to new domain

[lienvdsteen]

At Monarch we recently changed our domain from monarchmoney.com to monarch.com. You can read a bit more in the announcement blog post here.

[tmas]

@lienvdsteen Sorry to comment on such an old PR - Is there any chance we could get a clarification from Monarch (maybe even an official blessing) on unofficial usage of the API? I've seen several supportive posts from Monarch employees online (including this PR), but the official TOS pretty clearly forbids everything we're doing here. I posted a relevant discussion here if you're able to comment, or if you can send it up the chain: #182

[bradleyseanf]

@tmas - I just would like you to be informed that I have just received all of your comments regarding Monarch in all areas in my email Haha.

I've been working with the Monarch Repo in Home Assistant and in other areas for a couple months now and understand how it works from the ground up and problems with it.

• 1.) I have already fixed all issues in my fork on my page.

• 2.) I am going to be cleaning it up and releasing a new package for the MonarchMoney unofficial API wrapper since hammem no longer maintains, I will start work on that tonight.

• 3.) It will be released on PyPi so you can import and pip install.

Regarding your question about ToS Yeah I have seen Monarch acknowledge use of it multiple times, their GraphQL endpoints have usage limits on it and such, I don't see it as big of an issue, just don't try and sell services using it and it doesn't break ToS.

Also I saw you mention something about automatic reauthentication; I'm not sure that's a great idea, the idea of reauthentication is that it expires so you have to manually refresh it. It's more secure this way.

In my experience with the MonarchMoney API reauthentication is like every 6 months or something, at least that is as far as I have tested it, so it's not like you are doing it often.

[tmas]

@bradleyseanf Sorry for the email spam lol, I've been meaning to look into this for a while and finally got some time to read through everything.

I'm not a lawyer, but as I read it the TOS is extremely strict. They even explicitly disallow macros, so you could literally break the rules by mapping a key on your keyboard to press tab a couple of times and using that macro on their site.

Obviously this repo hasn't been flooded with people saying they've been banned by Monarch, so enforcement has been a totally different story so far, but personally I think it'd be better for the community if Monarch modified the TOS so the rules match the enforcement. I could totally understand if it still said "you can't use the API for commercial products", but under the current TOS there's a chance that a new overzealous manager could get hired at Monarch, read the TOS, and instruct one of their developers to ban everybody who's ever used this package.

This feels like it should be an easy change for Monarch to make, but obviously it's not something we can force them to do - I just like the idea of asking for clarification/TOS changes personally since it'd suck to get all of my budgets set up perfectly and then wake up one day to find out the locally-hosted dashboard I built to show me my 5 most recent transactions got me banned.

For the automatic reauthentication thing, the ability to re-auth is kind of secondary - my main point is moving away from accepting the user's primary credentials at any point in the process. Moving to a separate, dedicated account would reduce the risk of credential exposure if somebody builds something and exposes it to the internet. This probably isn't in-scope for the package, but I do think it would be a good idea to remind people not to store the user's primary login credentials. That way if somebody does something stupid and their credentials get exposed, they were at least warned first.

I'm glad to hear you're planning to get the fixes published in a new package! I'm sure lots of people will be very happy about that. I'm personally looking to integrate Monarch with an existing locally-hosted PHP project I've been using to manage my finances since Simple Bank shut down, but I'm planning to use this package (or your replacement for it) as a reference for implementing the API. Depending on how that goes I might end up trying to build a REST API in Python so I can just use the package directly and not worry about updating it myself, but I haven't written any Python in years so I'm trying to avoid it for now. Not to mention Ubuntu requires everything Python-related to live in a venv these days, which is pretty irritating when you don't use Python enough to get used to the workflow.

If I manage to get a working PHP version together, maybe we can kickstart a monarch-awesome repo or something to start listing Monarch tooling in one place. I'm hopeful that we'll get official approval from Monarch at some point, and that offering integration options in multiple language ecosystems will encourage people to build cool stuff that integrates with Monarch!