API authentication

You can now use basic authentication to authenticate with the Moov API! It’s important that you only use this for server-to-server communication and not in a browser.

Once you’ve created an API key, within your server-side app set the Authorization header to Basic <credentials> where credentials is the Base64 encoding of public key and private key joined by a single colon :. When using this authentication method you don’t need to set scopes, but keep in mind that your API key will have read and write access to every Moov endpoint within your account.

OAuth 2.0 based authentication with scopes remains the most secure way to communicate with the Moov API from a browser and can still be used to create restricted access tokens for server-to-server communication.

Account capabilities

You no longer need to request the transfers capability after creating an account because it will automatically be requested and enabled as soon as the account is created. This change simplifies the process of creating accounts that will be charged or sent a payout that don’t require verification.