Mooov Docs

Environments

Audience: anyone integrating Mooov. One page answering "which hostname, which key, and where do I test?". What to actually do in the sandbox (test cards, simulated webhooks, the go-live checklist) lives on the sandbox page.

Mooov runs two environments. The Sandbox is a full deployment of the gateway wired to PSP test mode: same API surface, same HMAC auth, same webhook envelopes, no real money. Production moves real money and has no test mode.

1. Hostnames

Surface Sandbox Production
API gateway https://sandbox.api.mooov.money https://api.mooov.money
Connect authorize https://sandbox.connect.mooov.money/authorize https://connect.mooov.money/authorize
Merchant portal (Mooov3) https://sandbox.mooov3.mooov.money https://mooov3.mooov.money
Merchant portal (Mooov6, high-risk route) https://sandbox.mooov6.mooov.money https://mooov6.mooov.money
Docs https://docs.mooov.money (no sandbox variant) same
MCP server https://mcp.mooov.money/mcp (no sandbox variant) same

Docs and the public MCP server serve no account data, so they have a single hostname shared by both audiences.

Integrated before the sandbox hostnames existed? The legacy staging.*.mooov.money hostnames continue to work as permanent aliases for the same sandbox environment — no migration required. New integrations should use sandbox.*.

2. Credentials

Credential Sandbox Production
Merchant API key mk_test_* mk_live_*
Platform (Connect) key mk_platform_* (Mooov-Test-Mode key) mk_platform_* (live key)
Webhook signing secret whsec_* (sandbox destination's) whsec_* (production destination's)

The environment is baked into the credential at minting time. Merchant key prefixes make the environment greppable — a mk_test_ key leaked into a production config is spotted at a glance. A key only works against its own environment's hostname: pair mk_test_* keys with sandbox.api.mooov.money and mk_live_* keys with api.mooov.money. Platform keys share the mk_platform_ prefix in both environments but are different secrets minted in separate ceremonies.

3. Separation rule

Sandbox and production are fully separate: separate deployments, separate databases, separate keys, separate merchants, separate Connect grants, separate webhook destinations and signing secrets. Nothing you create in the sandbox exists in production, and no credential works across the boundary. A sandbox key against api.mooov.money (or vice versa) fails authentication; it cannot accidentally move real money.

For platforms this means the consent flow has to be run per environment: a tenant who connected on the sandbox is not connected on production.

4. There is no sandbox mode on production

Production has no test flag, no magic test cards, and no dry-run header. The verification path is:

  1. Certify end to end against the sandbox, including webhooks and failure paths, using the go-live checklist.
  2. Switch to production credentials and base URLs.
  3. Make one low-value live transaction (and refund it) as the final smoke test.

If you find yourself wanting to "test something quickly" on production, the answer is the sandbox. It is the same code.

5. Switching

Going from sandbox to production changes exactly three things: the base URL(s), the key pair in your secret manager, and the webhook signing secret. The API surface, signing scheme, and event shapes are identical. Quickstarts: merchants, platforms.