Download OpenAPI specification:Download
Note: We're currently in pre-release of our API. We expect breaking changes before launching v1 so please join our slack organization (request an invite) or mailing list for more updates and notices.
The Moov API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. We use built-in HTTP features, like HTTP authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients. We support cross-origin resource sharing, allowing you to interact securely with our API from client-side web applications (never expose your secret API key in any public website's client-side code). JSON is returned by all API responses, including errors, although you can generate client code via OpenAPI code generation or the OpenAPI editor to convert responses to appropriate language-specific objects.
The Moov API offers two methods of authentication, Cookie and OAuth2 access tokens. The cookie auth is designed for web browsers while the OAuth2 authentication is designed for automated access of our API.
When an API requires a token generated using OAuth (2-legged), no end user is involved. You generate the token by passing your client credentials (Client ID and Client Secret) in a simple call to Create access token (/oauth2/token
). The operation returns a token that is valid for a few hours and can be renewed; when it expires, you just repeat the call and get a new token. Making additional token requests will keep generating tokens. There are no hard or soft limits.
Cookie auth is setup by provided (/users/login
) a valid email and password combination. A Set-Cookie
header is returned on success, which can be used in later calls. Cookie auth is required to generate OAuth2 client credentials.
The following order of API operations is suggested to start developing against the Moov API:
After signup clients can submit ACH files (either in JSON or plaintext) for validation and tabulation.
The Moov API offers many services:
ACH is implemented a RESTful API enabling ACH transactions to be submitted and received without a deep understanding of a full NACHA file specification.
An Originator can initiate a Transfer as either a push (credit) or pull (debit) to a Receiver. Originators and Receivers must have a valid Depository account for a Transfer. A Transfer is initiated by an Originator to a Receiver with an amount and flow of funds.
Originator -> Gateway -> Receiver
- OriginatorDepository - ReceiverDepository
- Type (Push or Pull)
- Amount (USD 12.43)
- Status (Pending)
If you find a security related problem please contact us at security@moov.io
.
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
Service is running properly
Production server
Moov local development setup
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
Service is running properly
Production server
Moov local development setup
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
Service is running properly
Production server
Moov local development setup
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
Service is running properly
Production server
Moov local development setup
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
Service is running properly
Production server
Moov local development setup
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
Service is running properly
Production server
Moov local development setup
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
Service is running properly
Production server
Moov local development setup
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
Service is running properly
Production server
Moov local development setup
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
X-Idempotency-Key | string Example: a4f88150 Idempotent key in the header which expires after 24 hours. These strings should contain enough entropy for to not collide with each other in your requests. |
email required | string Email address associated to the User |
password required | string Password associated to User |
firstName required | string Legal first name |
lastName required | string Legal last name |
phone required | string Phone number associated to user. Dots, hyphens and spaces are trimmed. +1 is the assumed country code. |
companyUrl | string <uri> Company URL associated to user |
User object
Invalid user information, check error(s).
Internal error, check error(s) and report the issue.
Production server
Moov local development setup
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
User object
Cookie data is invalid or expired. Login required.
Production server
Moov local development setup
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
X-Idempotency-Key | string Example: a4f88150 Idempotent key in the header which expires after 24 hours. These strings should contain enough entropy for to not collide with each other in your requests. |
Authenticating with an email and password
string Email address associated to the User | |
password | string Password associated to User |
Successful login
Invalid request body, check error(s).
Invalid email and password combination. Retry with correct information.
Production server
Moov local development setup
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
User cookies are invalidated.
Production server
Moov local development setup
userID required | string Example: 3f2d23ee214 Moov API User ID |
X-Idempotency-Key | string Example: a4f88150 Idempotent key in the header which expires after 24 hours. These strings should contain enough entropy for to not collide with each other in your requests. |
X-Request-ID | string Example: rs4f9915 Optional Request ID allows application developer to trace requests through the systems logs |
User profile information
firstName | string Legal first name |
lastName | string Legal last name |
phone | string Phone number associated to user. Dots, hyphens and spaces are trimmed. +1 is the assumed country code. |
companyUrl | string <uri> Company URL associated to user |
User profile updated
Invalid request body, check error(s).
Production server
Moov local development setup