With a server-side integration, you are responsible for directly handling and storing sensitive user information. With a client-side integration, you can use Moov.js and server-generated access tokens to transmit data from your user directly to Moov.
You can use your API key’s public and private keys with Basic authentication.
Authorization header to
Basic <credentials>, where credentials is the Base64 encoding of public key and private key joined by a single colon
A scope is a permission that limits how a specific account can interact with another account. The rest of this guide will reference various scopes that are required for specific actions via Moov.js or any client-side integration.
|Allows a new Moov account to be created, and view all connected accounts
|Access to view or add a linked bank account to a Moov account
|Access to view or add a linked cards to a Moov account
|Access to view payment methods for the account specified
For the full list of scopes, read the scopes documentation.
Within your server-side application, you’ll generate a single-use access token containing information needed to communicate with your Moov account securely. Once you’ve generated this token, you can send it back to your client to use with Moov.js.
For each action you take you will need a unique short lived access token. The example below generates a token that can create a new account. Moov.js requires the