Skip to main content
Migo Docs

CMS Overview

RESTRICTED API

Requires partner / operator authorization. See CMS β†’ Home.

Data model​

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  1 N  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  1 N  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  1 N  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚   Partner   │──────►│  CMS User   β”‚       β”‚ Cardholder │──────►│  Card  β”‚
β”‚             β”‚       β”‚             β”‚       β”‚            β”‚       β”‚        β”‚
β”‚ partnerId   β”‚       β”‚ cmsUserId   β”‚       β”‚cardholderIdβ”‚       β”‚ cardId β”‚
β”‚ branding    β”‚       β”‚ email       β”‚       β”‚ documentId β”‚       β”‚        β”‚
β”‚ features    β”‚       β”‚ roles       β”‚       β”‚ profile    β”‚       β”‚        β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜       β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜       β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜       β””β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                                   β–²
                                                   β”‚
                                              belongs to Partner
                                              (via partnerId)
  • A Partner is a Migo tenant operating its own card program β€” often a bank, fintech, or enterprise.
  • CMS Users are operators (Migo or partner employees) who manage a partner's resources via the CMS.
  • Cardholders are end-users of the partner's program. A Partner has many Cardholders; a Cardholder has many Cards.

Audience​

CMS is appropriate for:

  • Partner operations teams (onboarding cardholders, blocking cards, running reports)
  • Migo internal operators (activating partners, managing processor configs)
  • Backoffice automation scripts (bulk imports, periodic exports)

CMS is not appropriate for:

Scope of visibility​

Every request is scoped to one partner via the partnerId in the URL path:

GET /app/partners/{partnerId}/cardholders

A CMS user sees only partners they have been explicitly assigned to. Attempting to access a partner without assignment returns 403 FORBIDDEN.

Common patterns​

List resources with pagination​

GET /app/partners/{partnerId}/cardholders?page=1&limit=50&searchText=&sortBy=createdAt&sortOrder=desc

Sensitive operations require OTP​

Some mutations (e.g. granting permissions, closing cardholders) require the CMS user to have recently completed OTP β€” see Authentication β†’ OTP.

Immediate consistency within a partner​

Updates made via CMS are immediately visible to subsequent CMS calls and to the Wallet Gateway (shared underlying databases).

What CMS does NOT expose​

  • Wallet money-movement and statement flows (use the Wallet Gateway; e.g. POST /cards/{cardId}/statements generates a monthly card statement)
  • Subscription creation (use Middleware POST /v1/subscriptions/verify-card with shouldCreateSubscription: true β€” there is no plain POST /v1/subscriptions)
  • Webhook registration (request via Migo support β€” there is no self-service endpoint)