Partners

RESTRICTED API

Requires partner / operator authorization. See CMS → Home.

A Partner is a Migo tenant — typically a bank, fintech, or enterprise operating a card program.

List partners

curl "https://api.ali.app/cms/rest/app/partners?page=1&limit=50&searchText=&sortBy=createdAt&sortOrder=desc" \
  -H "Authorization: Bearer <token>" \
  -H "x-user-token: Bearer <cms-user-token>"

Returns only partners the authenticated CMS user is assigned to.

Response (data is a flat array):

{
  "success": true,
  "message": "All partners registered found successfully",
  "data": [
    {
      "id": "partner-id-123",
      "name": "Banco Nacional",
      "merchant": "partner-merchant"
    }
  ]
}

Get a partner

curl https://api.ali.app/cms/rest/app/partners/{partnerId} \
  -H "Authorization: Bearer <token>" \
  -H "x-user-token: Bearer <cms-user-token>"

The partner detail returns branding only:

{
  "success": true,
  "message": "Partner partner-id found successfully",
  "data": {
    "backgroundColor": "#FFFFFF",
    "imageUrl": "https://example.com/logo.png"
  }
}

Assign a CMS user to a partner

Partner assignment is done at user creation time (the partners array of POST /app/partners/users) or afterwards via PATCH /app/partners/users/{cmsUserId} with addPartners / removePartners. There is no POST /app/partners/{partnerId}/users endpoint.

curl -X PATCH "https://api.ali.app/cms/rest/app/partners/users/{cmsUserId}" \
  -H "Authorization: Bearer <token>" \
  -H "x-user-token: Bearer <cms-user-token>" \
  -H "Content-Type: application/json" \
  -d '{ "addPartners": ["partner-123"], "removePartners": [] }'

See CMS users → Create a CMS user for the creation-time flow.

List CMS users of a partner

curl "https://api.ali.app/cms/rest/app/partners/{partnerId}/users" \
  -H "Authorization: Bearer <token>" \
  -H "x-user-token: Bearer <cms-user-token>"

Single user in a partner

curl "https://api.ali.app/cms/rest/app/partners/{partnerId}/users/{cmsUserId}" \
  -H "Authorization: Bearer <token>" \
  -H "x-user-token: Bearer <cms-user-token>"

Update a user's status in a partner

A required otp field must accompany the status change. Allowed status values are active, blocked, inactive.

curl -X PATCH "https://api.ali.app/cms/rest/app/partners/{partnerId}/users/{cmsUserId}/status" \
  -H "Authorization: Bearer <token>" \
  -H "x-user-token: Bearer <cms-user-token>" \
  -H "Content-Type: application/json" \
  -d '{ "status": "blocked", "otp": "123456" }'

Bulk update CMS users status

Updates the status of several CMS users at once. The status is a path parameter (active, blocked, or inactive); the body carries the list of numeric user IDs and a required otp.

curl -X PATCH "https://api.ali.app/cms/rest/app/partners/{partnerId}/users/status/{status}" \
  -H "Authorization: Bearer <token>" \
  -H "x-user-token: Bearer <cms-user-token>" \
  -H "Content-Type: application/json" \
  -d '{ "users": [1, 2, 3], "otp": "123456" }'

CMS users — creating / managing users globally
Permissions & roles

List partners​

Get a partner​

Assign a CMS user to a partner​

List CMS users of a partner​

Single user in a partner​

Update a user's status in a partner​

Bulk update CMS users status​

Related​