Environments & Base URLs

Migo exposes a Sandbox (integration/testing) environment and a Production environment. Credentials, webhook endpoints, and Ed25519 keys are not shared across environments — request separate credentials for each.

Environment matrix

Environment	Purpose	Data
Sandbox / QA	Integration development and testing	Test data only — no real funds
Production	Real funds, real cardholders	Persistent, PCI-scoped

Base URLs

Wallet Gateway (ali-api-gw-rest)

Environment	URL
Production	https://api.ali.app/rest
QA	https://ali-qa.ali.app/rest
Local	http://localhost:3010

Middleware (migo-api)

Environment	URL
Production	https://mw.migopayments.com
Sandbox	https://sb-mw.migopayments.com
Local	http://localhost:3000

CMS Backoffice (ali-api-cms-rest)

Environment	URL
Production	https://api.ali.app/cms/rest
QA	https://ali-qa.ali.app/cms/rest
Local	http://localhost:3000

Required headers

Every request must include:

Header	Value	Notes
Authorization	Bearer <jwt>	See Authentication
applicationId	Your application identifier	Required only by the Wallet Gateway config endpoints (GET/PATCH /configs) — not by user login or general requests
x-user-token	CMS user token	CMS API only
Content-Type	application/json	For POST / PUT / PATCH

Going from sandbox to production

Before flipping to production URLs:

1. Rotate credentials — production keys are separate.
2. Switch your webhook receiver to HTTPS with a valid certificate.
3. Confirm any IP allowlisting requirements with Migo.
4. Walk through the Go-live checklist.

Rate limits

Confirm with Migo

The gateway application code does not enforce request rate limiting itself. If any throttling applies to your integration, it is configured per agreement at the edge — confirm the limits that apply to you with Migo before load-testing or running high-volume traffic.

If a limit is breached you may receive 429 Too Many Requests. Exponential backoff is the recommended client behavior.