Skip to main content

Documentation Index

Fetch the complete documentation index at: https://dev.moonpay.com/llms.txt

Use this file to discover all available pages before exploring further.

During the preview, we will work with you directly to set up your account and credentials.

Server credentials

Secret key

A server-to-server credential passed as an Authorization header.
Keep your secret key secure and never expose it. Never commit it to your codebase or send it to your frontend.
Authorization: "Api-Key sk_test_123"

Client credentials

Use these to make API requests from your frontend and initialize frames for sensitive actions.
Never persist client credentials to disk or storage. Hold them in memory only. Use your server to get a new sessionToken on each app visit. When you receive new credentials (for example, authenticated credentials after a connect flow), replace the previously stored ones.

Session token

A token you create on your server and send to your frontend. You use it to start a connect flow.

Access token

A token returned from the check frame and the connect frame. Use it to make API requests from your frontend (via the SDK or directly), such as:
  • Getting quotes
  • Listing payment methods
  • Listing transactions
Anonymous credentials returned when connectionRequired give you a scoped access token. Authenticated credentials returned after the connect flow give you a fully-privileged one. Always replace stored credentials when you receive new ones. This token is intended for client use and shouldn’t be persisted to disk.

Client token

A token returned from the check frame and the connect frame. Use it to initialize subsequent frames (for example, the Apple Pay frame or the connect frame). Within frames, this token is used to make authenticated requests. When connectionRequired is returned, pass this anonymous clientToken to the connect frame. After authentication, replace it with the clientToken from the authenticated credentials. This token is intended for client use and shouldn’t be persisted to disk.