Welcome to the Migo Payments Developer Portal
Migo Payments is a payments infrastructure platform. Our public APIs let you accept card payments, operate a wallet and cards program, onboard merchants, run recurring subscriptions, and receive webhooks for every state change.
What you can buildβ
- Accept card payments β one-step charges, two-step auth + capture, 3-D Secure, refunds, and tokenization.
- Run a wallet and cards program β issue physical cards, assign funds, move money card-to-card, rotate PINs, and retrieve CVVs on demand.
- Accept terminal (POS) payments β capture card-present charges and settle them to a balance or a prepaid card.
- Sell subscriptions β create plans, subscribe cardholders, and run scheduled or on-demand charges (including CSV bulk charges).
- Onboard merchants β capture leads with KYC documents, promote them to businesses, and provision branches and terminals.
- Receive webhooks β every payment, settlement, refund, and subscription event pushes to your endpoint with retry semantics.
The three APIsβ
Migo exposes three REST APIs. Pick the one that matches your role.
| API | Audience | Base URL (prod) | Auth |
|---|---|---|---|
Wallet Gateway (ali-api-gw-rest) | Mobile and web apps built on Migo (wallets, card programs, merchant tools) | https://api.ali.app/rest | JWT Bearer |
Middleware (migo-api) | Backend servers issuing hosted Payment Links, running recurring billing, suspensions, and BIN verifications | https://mw.migopayments.com | JWT Bearer; the Payment Link transactions-hook variant accepts privateKey + publicKey body credentials instead |
CMS Backoffice (ali-api-cms-rest) | Authorized Migo partners and internal operators | https://api.ali.app/cms/rest | JWT Bearer + x-user-token |
info
The CMS API is restricted to authorized partners. See the CMS / Backoffice API section for access requirements.
Next stepsβ
- Read Authentication to understand the JWT flow shared across all three APIs.
- Pick the right Environment (sandbox vs production).
- Follow the Quick Start to make your first authenticated request in under 5 minutes.
- Browse the API Reference for the full endpoint catalog, rendered with Scalar.
Conventionsβ
- All responses follow the
CustomResponse<T>envelope β{ statusCode, message, data }on success,{ statusCode, message, error: { code, name, detail } }on failure. See Error Handling. - Business error codes are in the
7000β8099range. Full list in the Error Catalog. - Monetary amounts use
Decimal(20,4)precision β treat them as strings in JavaScript to avoid rounding. - Timestamps are ISO 8601 in UTC unless otherwise noted.
- Pagination uses
page,limit,sortBy,sortOrder,searchTextquery parameters.