CMS / Backoffice API
RESTRICTED API
This API is restricted to authorized Migo partners and internal operators. Access requires a CMS user token (x-user-token) plus RBAC permissions granted by Migo.
Contact support@migopayments.com if you believe you need access.
The CMS API (ali-api-cms-rest) is the backoffice surface for partner operations β managing partners, CMS users, permissions, and their downstream cardholders. It is not designed for end-user / wallet app flows; use the Wallet Gateway for that.
Base URLβ
Production: https://api.ali.app/cms/rest
QA: https://ali-qa.ali.app/cms/rest
Authenticationβ
Every request requires two tokens:
Authorization: Bearer <app-access-token>
x-user-token: Bearer <cms-user-token>
The x-user-token value must include the Bearer prefix β the guard rejects a raw token.
See Authentication β CMS for the login flow.
Sectionsβ
- Overview β the CMS data model
- Partners β tenants and their configuration
- CMS users β operators managing partners
- Permissions & roles β RBAC
- Cardholders β operator-managed cardholder records
- Bulk uploads β Excel ingestion with SSE progress
- Process requests β partner balance top-up requests with evidence upload and approval flow