Skip to main content
This integration is currently in preview and subject to change.

​
Base URL

https://api.moonpay.com
Test mode vs live mode is determined by the API key you use, not the URL. Use test API key (sk_test_...) for test mode and live API keys (sk_live_...) for production.

​
Authentication

Authentication depends on whether you’re calling an endpoint from your server or from the client.

​
Server-side Authentication

For server-side requests, send your secret key in the Authorization header. 
const URL = "https://api.moonpay.com/platform/v1/session";

const res = await fetch(URL, {
  headers: {
    "Content-Type": "application/json",
    Authorization: "Api-Key sk_test_123",
  },
  method: "POST",
  body: JSON.stringify({
    externalCustomerId: "your_user_id",
    deviceIp: "203.0.113.1",
  }),
});

​
Client-side Authentication

For client-side API requests, use the accessToken returned from a connection as a Bearer token. 
await fetch("https://api.moonpay.com/platform/v1/quotes", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization: `Bearer ${accessToken}`,
  },
  body: JSON.stringify({
    // ... request body ...
  }),
});

​
Response Format

Responses are returned as JSON with the content-type: application/json header.

​
Pagination

Some requests, like listing transactions, return paginated results using cursor-based pagination. Each response includes a cursor string that you pass to the next request to fetch the next page. The response includes a pageInfo object. If pageInfo.nextCursor is null, there are no more pages. For example: 
{
  "data": [],
  "pageInfo": {
    "nextCursor": "tr_123e4567-e89b-12d3-a456-426614174000"
  }
}

​
Rate limits

Currently, requests for this integration are limited to 30 per second.

​
Debugging

Each API response includes a request ID header. Use this ID when working with support:
Example
X-Request-Id: some-value

​
Error Handling

When a request fails (4xx), the API returns an error object with details:
Example error response
{
  "code": 400,
  "type": "Invalid request",
  "message": "Invalid request. sourceAmount must be greater than 0."
}

​
OpenAPI

The API follows the OpenAPI 3.1 specification. You can use the spec to generate typed clients for any language. See the OpenAPI Spec page for the full specification and code generation instructions.