Magento plugin
moat's Magento 2 extension adds card and ACH acceptance, tokenization, saved cards, refunds, and fee programs as native payment methods.
The moat extension for Magento 2 installs as a payment method in Magento's admin and surfaces on the storefront at checkout. Card data is tokenized client-side and never touches your Magento server — you stay in SAQ A PCI scope. Admin actions (refund, void, capture) work from the standard Magento order screen.
Requirements
- Magento Open Source or Adobe Commerce 2.4.4 or later.
- PHP 8.1+.
- A moat account with at least one approved processor.
- HTTPS on your storefront (required for tokenization).
Install
Via Composer (recommended)
composer require moat/module-payment
bin/magento module:enable Moat_Payment
bin/magento setup:upgrade
bin/magento setup:di:compile
bin/magento setup:static-content:deploy
bin/magento cache:flushVia archive upload
If Composer is not available, download the latest release archive from the Control Panel under Integrations → Magento, extract into app/code/Moat/Payment, and run the same four commands starting at module:enable.
Connect to moat
- In Magento admin, go to Stores → Configuration → Sales → Payment Methods → moat.
- Set Enabled to
Yes. - Enter your Public key (
pub_...) and Secret key (api_...). Get these from Settings → API Keys in the Control Panel. - Choose Environment —
SandboxorProduction. - Set Payment Action —
Authorize(capture later from the order) orAuthorize and Capture(charge immediately). - Save and flush the config cache.
Configuration options
| Setting | Purpose |
|---|---|
| Title | The label shown on the checkout (e.g. "Credit Card", "Pay with card"). |
| Payment Action | Auth-only or Auth + Capture. |
| Accept ACH | Offer ACH alongside card. |
| Allow saved cards | Customers can save a card to their Magento account (stored in moat's vault). |
| 3D Secure | Off / Required / Required for EU. See 3D Secure. |
| Fee program | Surcharge, cash discount, or dual pricing. See Fee Programs. |
| Debug logging | Write extension API calls to var/log/moat.log. Useful during setup; disable on production. |
Fee programs on Magento
When a fee program is enabled, the surcharge (or discount) displays in the checkout totals as its own line. The extension calls moat's BIN lookup client-side after the customer types the first six digits of their card number, and hides the surcharge line if the card is debit or prepaid. The recovered fee flows through to the order, to the invoice, and to accounting reports as a separate line item.
Surcharging is prohibited in some US states (e.g. Connecticut, Massachusetts) and regulated in others. moat enforces the rules server-side — transactions that would violate them are either processed without surcharge or rejected with a clear error. Keep this in mind when testing: a sandbox success in one state does not guarantee a production success in another.
Order operations
All actions against a moat-paid order run from the standard Magento order screen:
| Magento action | moat behaviour |
|---|---|
| Invoice (from an auth-only order) | Captures the authorization via /api/transaction/{id}/capture. |
| Credit Memo | Refunds the captured amount via /api/transaction/{id}/refund. Partial credits supported. |
| Cancel | Voids an uncaptured authorization. |
Saved cards
If "Allow saved cards" is enabled, customers who are logged in during checkout get an option to save their card for next time. Saved cards live in moat's Customer Vault, not in Magento. The Magento customer record stores a reference (moat_customer_id) linking to the vault.
Subscriptions (Aheadworks / Magento Subscriptions)
The moat extension integrates with common Magento subscription extensions. Recurring renewals are handled by moat's Recurring API, so renewals happen automatically even if the customer is not actively visiting your store. When using a subscription extension alongside the moat plugin, ensure the subscription extension is set to use the moat payment method.
Troubleshooting
| Symptom | Check |
|---|---|
| Payment method not visible at checkout | Enabled? Country / currency restrictions in Magento? Flush cache after config changes. |
| "Unauthorized" on transactions | Wrong key for environment (sandbox key on production, etc.). |
| Tokenization fails | HTTPS? Browser blocking third-party frames? Check the browser console. |
| Orders stuck in "pending payment" | Webhook not received. Check the webhook log in the Control Panel; confirm your store's webhook URL is reachable. |