moat developer docs
Build payment integrations on moat's API. Accept cards, ACH, and digital wallets — with built-in surcharge support.
Get started in five minutes
Three steps to your first live transaction:
- Grab your API keys from Settings → API Keys in your Control Panel.
- Send a test charge against the sandbox using the
/api/transactionendpoint. - Handle the response and move to production when you're ready.
A public key (pub_...) for client-side tokenization, and a secret API key (api_...) for server-side calls. Public keys can ship in browser code; secret keys never should.
What are you building?
Pick the integration path that matches your use case:
| If you want to... | Start here |
|---|---|
| Accept one-time payments on a website | Tokenizer — hosted payment fields |
| Save cards for repeat customers | Customer Vault |
| Set up subscriptions or recurring billing | Recurring API |
| Send a payment link | Simple Payments |
| Add Apple Pay or Google Pay | WalletJS |
| Integrate with WooCommerce | WooCommerce plugin |
| Recover card processing fees | Fee Programs |
Core APIs
Transactions
Process payments, capture authorizations, issue refunds, and query history.
| Endpoint | Description |
|---|---|
| Sale / Auth | Charge cards, ACH, or stored payment methods |
| Capture | Capture a previously authorized amount |
| Refund | Refund a settled transaction in full or part |
| Void | Cancel a transaction before settlement |
| Search | Query transaction history with filters |
Customer & recurring
Store payment credentials and bill customers on a schedule.
| Endpoint | Description |
|---|---|
| Customer Vault | Create, update, and charge stored customers |
| Recurring | Subscription plans and scheduled payments |
Other endpoints
| Endpoint | Description |
|---|---|
| Invoices | Create and send payment requests |
| Batch | Upload transaction files for processing |
| BIN Lookup | Card metadata and surchargeability by BIN |
| Settlement Batches | Daily settlement records |
| Terminals | Physical terminal integrations |
| Custom Fields | Attach custom data to transactions |
| Cart | Shopping cart management |
Services & tools
| Service | What it does | Best for |
|---|---|---|
| Tokenizer | Hosted payment form delivered in an iframe | Keeping your site out of PCI scope |
| Simple Payments | Hosted "Pay Now" checkout page | Quick setup without custom code |
| Webhooks | Real-time event notifications | Automating downstream workflows |
| Fraud Protection | Risk scoring and decision rules | Reducing chargebacks and fraud losses |
| WalletJS | Apple Pay and Google Pay buttons | Mobile-friendly checkout |
Integration workflows
Step-by-step guides for common patterns:
| Workflow | Description |
|---|---|
| Tokenizer → Customer → Payment | Collect a card, save it to the vault, charge it later |
| Invoice Payment | Create an invoice, send the link, collect payment |
| Duplicate Detection | Prevent accidental double charges with idempotency keys |
| Fee Programs | Surcharge, cash discount, and dual pricing |
E-commerce plugins
Pre-built integrations for popular platforms:
| Platform | Status |
|---|---|
| WooCommerce | WordPress e-commerce |
| Magento | Enterprise e-commerce |
| Gravity Forms | WordPress forms |
Testing
Sandbox environment
All development runs against the sandbox. It accepts the same requests as production but never moves real money. Use the test card numbers on the Test Data page to simulate approvals, declines, partial auths, and other scenarios.
A few test cards to start with
| Card number | Result |
|---|---|
4111111111111111 | Approved |
4000000000000002 | Declined |
4000000000009995 | Insufficient funds |
4000000000000051 | Partial approval (half the amount) |
View the full test data reference →
Quick reference
Authentication
Every API request carries your secret key in the Authorization header:
-H "Authorization: YOUR_API_KEY"Request format
- Content-Type:
application/json - Method:
POSTfor create operations,GETfor reads - Amounts: always in cents —
1000means $10.00
Response format
{
"status": "success",
"msg": "success",
"data": { }
}Common response codes
| Code | Meaning |
|---|---|
100 | Approved |
200 | Declined |
201 | Declined — call issuer |
300 | Gateway error |
Full request & response documentation →
Need help?
- API errors: check the
msgfield on the response — it explains what went wrong. - Integration questions: walk through the Workflows for the common patterns.
- Testing problems: confirm you're pointing at sandbox and using the documented test data.
- Account issues: reach support through your Control Panel.