Authentication

bearer_auth

OAuth Authentication In order to interact with the Moota API, you or your application must authenticate.

The Moota API handles this through OAuth, an open standard for authorization. OAuth allows you to delegate access to your account in full or in read-only mode.

You can generate an OAuth token by visiting the Apps & API section of the Moota control panel for your account.

An OAuth token functions as a complete authentication request. In effect, it acts as a substitute for a username and password pair.

Because of this, it is absolutely essential that you keep your OAuth tokens secure. In fact, upon generation, the web interface will only display each token a single time in order to prevent the token from being compromised.

How to Authenticate with OAuth

In order to make an authenticated request, include a bearer-type Authorization header containing your OAuth token. All requests must be made over HTTPS.

Authenticate with a Bearer Authorization Header

Content-type and Accept Header

Moota API uses JSON format for both input and output, therefore it is required to specify JSON as content type & accept JSON as response. The header specifications are as below.

HTTP(s) Header

Type

Description

Content-Type

application/json

It indicates that JSON format will be used in the request. Moota API accepts JSON requests.

Accept

application/json

It indicates that JSON format is acceptable as response for the request. Midtrans API responds back in JSON.

Authorization

Bearer

The Authorization field in Bearer Auth format, Server Key is used as username, and the password is blank.

Authenticate with a Bearer Authorization Header

curl -X $HTTP_METHOD -H "Authorization: Bearer <secret_token>" "https://app.moota.co/v2/$OBJECT"

Get Access Token

Auth

POST https://app.moota.co/api/v2/auth/login

Request Body

Name
Type
Description

username

string

Username of account moota

password

string

Password of account moota

scopes

array

Scopes of permision access token can di anything you can define with scopes 

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..."
}

Scopes

api

Permision fo all access endpoint

user

Permision for manage user only

user_read

Permision only read profile without action

bank

Permision for manage bank account only

bank_read

Persmision only read data bank account without action

mutation

Permision for manage all data mutation

mutation_read

Permision only read data mutation without action

PreviousGetting StartedNextProfile

Last updated