Skip to main content

Acquirer API

Introduction

The acquirer REST API gives you programmatic access to every resource of your acquirer — the same capabilities available to acquirer users in the dashboard, exposed for machine-to-machine integration through acquirer API keys.

All requests are scoped to the acquirer that owns the API key: you can only see and manage your own merchants and their data.

Base URLs

EnvironmentBase URL
Productionhttps://pg.moyasar.com
Sandbox / staginghttps://pg.mysr.dev

Available APIs

APIWhat it does
MerchantsCreate, update, activate / deactivate and delete merchants.
Merchant UsersManage merchant dashboard users, invitations and password resets.
OrdersList and inspect the orders of your merchants.
TransactionsList scheme-level transactions across your acquirer.
Transaction ExportsStream transactions as CSV for reconciliation.
AgreementsList, inspect and disable stored cardholder agreements.
Card AuthenticationsInspect 3-D Secure authentications.
Payment ControlsManage acquirer-level and merchant-level allow / deny rules.
Audit LogsQuery the audit trail of your acquirer and its merchants.
End-of-Day StatementsList and download daily settlement statement files.

Conventions

  • Authentication — every endpoint expects an Authorization: Bearer acquirer_key_... header; see Authentication.
  • Permissions — each endpoint requires a specific permission granted to the key; the required permission is stated on every endpoint page.
  • Pagination — list endpoints return countless pagination metadata (meta.current_page, meta.next_page, meta.prev_page) and accept an items parameter (max 100 per page).
  • Amounts — monetary values are integers in the smallest currency unit (100 = 1.00 SAR).
  • Errors401 unauthenticated, 403 missing permission, 404 not found (or owned by another acquirer), 400 business rule violation, 422 validation error. Error bodies always carry a message field.