Download OpenAPI specification:Download
Note: We're currently in pre-release of our API. We expect breaking changes before launching v1 so please join our slack organization (request an invite) or mailing list for more updates and notices.
The Moov API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. We use built-in HTTP features, like HTTP authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients. We support cross-origin resource sharing, allowing you to interact securely with our API from client-side web applications (never expose your secret API key in any public website's client-side code). JSON is returned by all API responses, including errors, although you can generate client code via OpenAPI code generation to convert responses to appropriate language-specific objects.
The Moov API offers two methods of authentication, Cookie and OAuth2 access tokens. The cookie auth is designed for web browsers while the OAuth2 authentication is designed for automated access of our API.
When an API requires a token generated using OAuth (2-legged), no end user is involved. You generate the token by passing your client credentials (Client Id and Client Secret) in a simple call to Create access token (/oauth2/token). The operation returns a token that is valid for a few hours and can be renewed; when it expires, you just repeat the call and get a new token. Making additional token requests will keep generating tokens. There are no hard or soft limits.
Cookie auth is setup by provided (/users/login) a valid email and password combination. A Set-Cookie header is returned on success, which can be used in later calls. Cookie auth is required to generate OAuth2 client credentials.
The following order of API operations is suggested to start developing against the Moov API:
After signup clients can submit ACH files (either in JSON or plaintext) for validation and tabulation.
The Moov API offers many services:
ACH is implemented a RESTful API enabling ACH transactions to be submitted and received without a deep understanding of a full NACHA file specification.
An Originator can initiate a Transfer as either a push (credit) or pull (debit) to a Customer. Originators and Customers must have a valid Depository account for a Transfer. A Transfer is initiated by an Originator to a Customer with an amount and flow of funds.
Originator -> Gateway -> Customer
- OriginatorDepository - CustomerDepository
- Type (Push or Pull)
- Amount (USD 12.43)
- Status (Pending) If you find a security related problem please contact us at security@moov.io.
Customer objects are an individual or business used to perform transfer's with an originator and track multiple transactions associated with the customer. The API allows you to create, delete, and update your customers. You can retrieve individual customers as well as a list of all your customers. (Entry Detail)
| offset | integer >= 1 Default: 0 The number of items to skip before starting to collect the result set |
| limit | integer [ 0 .. 100 ] Default: 25 Example: 10 The number of items to return |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
A list of Customer objects
Production server
| X-Idempotency-Key | string Example: "a4f88150" Idempotent key in the header which expires after 24 hours. These strings should contain enough entropy for to not collide with each other in your requests. |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
| email required | string <e-mail> The customers email address |
| defaultDepository required | string The depository account to be used by default per transfer. ID must be a valid Customer Depository account |
| metadata | string Additional meta data to be used for display only |
A JSON object containing a new Customer
Invalid Customer Object
Production server
| customerId required | string Example: "feb492e6" Customer ID |
| offset | integer >= 1 Default: 0 The number of items to skip before starting to collect the result set |
| limit | integer [ 0 .. 100 ] Default: 25 Example: 10 The number of items to return |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
A Customer object for the supplied Customer ID
A customer object with the specified ID was not found.
Production server
| customerId required | string Example: "feb492e6" Customer ID |
| X-Idempotency-Key | string Example: "a4f88150" Idempotent key in the header which expires after 24 hours. These strings should contain enough entropy for to not collide with each other in your requests. |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
| email required | string <e-mail> The customers email address |
| defaultDepository required | string The depository account to be used by default per transfer. ID must be a valid Customer Depository account |
| metadata | string Additional meta data to be used for display only |
A JSON object containing a new Customer
Invalid Customer Object
A customer object with the specified ID was not found.
Production server
| customerId required | string Customer ID |
| Authorization | string Example: "Bearer A4CA3074" OAuth2 Bearer token |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
Permanently deleted Customer.
A customer with the specified ID was not found.
Production server
| customerId required | string Example: "feb492e6" Customer ID |
| offset | integer >= 1 Default: 0 The number of items to skip before starting to collect the result set |
| limit | integer [ 0 .. 100 ] Default: 25 Example: 10 The number of items to return |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
A list of Depository objects for a Customer ID
Production server
| customerId required | string Example: "feb492e6" Customer ID |
| depositoryId required | string Example: "0c5e215c" Depository ID |
| offset | integer >= 1 Default: 0 The number of items to skip before starting to collect the result set |
| limit | integer [ 0 .. 100 ] Default: 25 Example: 10 The number of items to return |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
A Depository objects for the supplied ID
A resource object with the specified ID was not found.
Production server
Depository objects represent a US bank or credit union that funds can be debited or credit from a transfer. A Depository must be associated with a customer or an originator. The API allows you to create, delete, and update your depositories. You can retrieve individual depositories as well as a list of all your depositories.
| offset | integer >= 1 Default: 0 The number of items to skip before starting to collect the result set |
| limit | integer [ 0 .. 100 ] Default: 25 Example: 10 The number of items to return |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
A list of Depository objects
Production server
| X-Idempotency-Key | string Example: "a4f88150" Idempotent key in the header which expires after 24 hours. These strings should contain enough entropy for to not collide with each other in your requests. |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
| bankName required | string Legal name of the financial institution. |
| holder required | string Legal holder name on the account |
| holderType required | string Enum:"individual" "company" Defines the type of entity of the account holder as an individual or company |
| type required | string Enum:"Checking" "Savings" Defines the account as checking or savings |
| routingNumber required | string The ABA routing transit number for the depository account. |
| accountNumber required | string The account number for the depository account |
| metadata | string Additional meta data to be used for display only |
Created
Invalid Depository Object
Production server
| depositoryId required | string Example: "0c5e215c" Depository ID |
| offset | integer >= 1 Default: 0 The number of items to skip before starting to collect the result set |
| limit | integer [ 0 .. 100 ] Default: 25 Example: 10 The number of items to return |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
A depository object for the supplied ID
A resource object with the specified ID was not found.
Production server
| depositoryId required | string Example: "feb492e6" Depository ID |
| X-Idempotency-Key | string Example: "a4f88150" Idempotent key in the header which expires after 24 hours. These strings should contain enough entropy for to not collide with each other in your requests. |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
| bankName required | string Legal name of the financial institution. |
| holder required | string Legal holder name on the account |
| holderType required | string Enum:"individual" "company" Defines the type of entity of the account holder as an individual or company |
| type required | string Enum:"Checking" "Savings" Defines the account as checking or savings |
| routingNumber required | string The ABA routing transit number for the depository account. |
| accountNumber required | string The account number for the depository account |
| metadata | string Additional meta data to be used for display only |
A JSON object containing a new Depository
Invalid Depository Object
A resource object with the specified ID was not found.
Production server
| depositoryId required | string Depository ID |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
Permanently deleted Depository.
A depository with the specified ID was not found.
Production server
| depositoryId required | string Example: "feb492e6" Depository ID |
| X-Idempotency-Key | string Example: "a4f88150" Idempotent key in the header which expires after 24 hours. These strings should contain enough entropy for to not collide with each other in your requests. |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
Micro deposits initiated
Problem initiating micro deposts, see error.
Production server
| depositoryId required | string Example: "978e6ddb" Depository ID |
| X-Idempotency-Key | string Example: "a4f88150" Idempotent key in the header which expires after 24 hours. These strings should contain enough entropy for to not collide with each other in your requests. |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
| amounts required | Array of string |
Micro deposits confirmed
Invalid Amounts
A depository with the specified ID was not found.
Too many attempts. Bank already verified.
Production server
Event objects are a notification of a state change of a resource. When an Event is created any active webhooks will be notified.
| offset | integer >= 1 Default: 0 The number of items to skip before starting to collect the result set |
| limit | integer [ 0 .. 100 ] Default: 25 Example: 10 The number of items to return |
| startDate | string <date-time> Example: "2006-01-02T15:04:05Z07:00" Filter objects created after this date. ISO-8601 format YYYY-MM-DD. Can optionally be used with endDate to specify a date range. |
| endDate | string <date-time> Example: "2006-01-02T15:04:05Z07:00" Filter objects created before this date. ISO-8601 format YYYY-MM-DD. Can optionally be used with startDate to specify a date range. |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
A list of Event objects
Production server
| eventId required | string Example: "94cf1126" Event ID |
| offset | integer >= 1 Default: 0 The number of items to skip before starting to collect the result set |
| limit | integer [ 0 .. 100 ] Default: 25 Example: 10 The number of items to return |
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
A Event object for the supplied Customer ID
A event object with the specified ID was not found.
Production server
File contains the structures of a ACH File. It contains one and only one File Header and File Control with at least one Batch. Batch objects within Files hold the Batch Header and Batch Control and all Entry Records and Addenda records for the Batch.
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
A list of File objects
Production server
| X-Request-Id | string Example: "rs4f9915" Optional Request ID allows application developer to trace requests through the systems logs |
| X-Idempotency-Key | string Example: "a4f88150" Idempotent key in the header which expires after 24 hours. These strings should contain enough entropy for to not collide with each other in your requests. |
| id | string File ID |
| fileHeader required | object (FileHeader) |
| batches | Array of object (Batch) |
| IATBatches | Array of object (IATBatch) |
| fileControl | object (FileControl) |
A JSON object containing a new File
Invalid File Header Object
Production server