Mooov Docs
Reference material for integrating with Mooov.
- Connect your AI agent
Mooov runs a public MCP server at `https://mcp.mooov.money/mcp` (MCP Streamable HTTP). Point your agent at it and it can search these docs, list the gateway API operations, and pull exact request, response, and webhook schemas instead of guessing them.
- API reference
``` Production https://api.mooov.money Sandbox https://sandbox.api.mooov.money (see /sandbox/) ```
- Mooov Connect protocol
This document is the integrator-facing surface of Mooov Connect. If you're a merchant integrating Mooov directly for your own business, you don't need this page — use a per-merchant API key instead (see the [merchant quickstart](/merchant-quickstart/)).
- Connect scopes reference
Scopes appear in two places: on your **platform key** (what Mooov has authorised your integration to do at all) and on each **grant** (what one tenant has authorised you to do on their account). On every on-behalf-of call your effective permissions are the **intersection** of the two sets. Revoking a scope on either side blocks the action immediately, even if the other side still carries it.
- Environments
Mooov runs two environments. The **Sandbox** is a full deployment of the gateway wired to PSP test mode: same API surface, same HMAC auth, same webhook envelopes, no real money. **Production** moves real money and has no test mode.
- `merchant_not_charge_capable`
This page covers the response shape, the lifetime of the embedded setup link, the security properties of the link itself, and the recommended UX on your side. The broader `/v1/payment_intents` contract lives in the [Connect protocol](/connect-protocol/) reference.
- `provider_operation_unsupported`
Some providers do not expose every lifecycle operation. The clearest example is a provider that captures at authorization: there is no separate capture step to call, and there is nothing to void once the funds are already captured. Rather than surface an opaque provider error or a `502`, Mooov returns this typed `422` so your integration can branch on a stable code.
- Merchant quickstart
Time to first test payment: about fifteen minutes.
- Platform quickstart
A **merchant** holds one API key scoped to one business. A **platform** holds one `mk_platform_*` key and acts on behalf of any tenant who has connected to it: each tenant approves you once through a hosted consent flow, Mooov records a **grant** for the `(platform, merchant)` pair, and from then on you address that tenant with a `Mooov-Merchant` header on ordinary API calls. No grant, no access. The full contract is the [Connect protocol](/connect-protocol/); this page is the shortest path through it.
- Sandbox
The sandbox is a full deployment of the Mooov gateway wired to PSP test mode. Same API surface, same HMAC auth, same webhook envelopes, same state machine — no real money moves.
- Webhook event catalog
Signature verification, retry schedule, and dedupe guidance live in [§6 of the Connect protocol](/connect-protocol/) and apply to both audiences unchanged: `X-Mooov-Signature: t=<unix>,v1=<hex>` where the HMAC-SHA256 input is `<t>.<raw body>`, retries on non-2xx with exponential backoff (1s, 5s, 30s, 5m, 30m, 2h, 12h), dedupe on `X-Mooov-Delivery` or `event.id`.