Authentication
bearer_auth
OAuth Authentication In order to interact with the Moota API, you or your application must authenticate.
The Moota API handles this through OAuth, an open standard for authorization. OAuth allows you to delegate access to your account in full or in read-only mode.
You can generate an OAuth token by visiting the Apps & API section of the Moota control panel for your account.
An OAuth token functions as a complete authentication request. In effect, it acts as a substitute for a username and password pair.
Because of this, it is absolutely essential that you keep your OAuth tokens secure. In fact, upon generation, the web interface will only display each token a single time in order to prevent the token from being compromised.

How to Authenticate with OAuth

In order to make an authenticated request, include a bearer-type Authorization header containing your OAuth token. All requests must be made over HTTPS.
Authenticate with a Bearer Authorization Header

Content-type and Accept Header

Moota API uses JSON format for both input and output, therefore it is required to specify JSON as content type & accept JSON as response. The header specifications are as below.
HTTP(s) Header
Type
Description
Content-Type
application/json
It indicates that JSON format will be used in the request. Moota API accepts JSON requests.
Accept
application/json
It indicates that JSON format is acceptable as response for the request. Midtrans API responds back in JSON.
Authorization
Bearer
The Authorization field in Bearer Auth format, Server Key is used as username, and the password is blank.
Authenticate with a Bearer Authorization Header
1
curl -X $HTTP_METHOD -H "Authorization: Bearer <secret_token>" "https://app.moota.co/v2/$OBJECT"
Copied!

Get Access Token

post
https://app.moota.co/
api/v2/auth/login
Auth
Scopes
api
Permision fo all access endpoint
user
Permision for manage user only
user_read
Permision only read profile without action
bank
Permision for manage bank account only
bank_read
Persmision only read data bank account without action
mutation
Permision for manage all data mutation
mutation_read
Permision only read data mutation without action