Acquirer API
Introduction
The acquirer REST API gives you programmatic access to every resource of your acquirer — the same capabilities available to acquirer users in the dashboard, exposed for machine-to-machine integration through acquirer API keys.
All requests are scoped to the acquirer that owns the API key: you can only see and manage your own merchants and their data.
Base URLs
| Environment | Base URL |
|---|---|
| Production | https://pg.moyasar.com |
| Sandbox / staging | https://pg.mysr.dev |
Available APIs
| API | What it does |
|---|---|
| Merchants | Create, update, activate / deactivate and delete merchants. |
| Merchant Users | Manage merchant dashboard users, invitations and password resets. |
| Orders | List and inspect the orders of your merchants. |
| Transactions | List scheme-level transactions across your acquirer. |
| Transaction Exports | Stream transactions as CSV for reconciliation. |
| Agreements | List, inspect and disable stored cardholder agreements. |
| Card Authentications | Inspect 3-D Secure authentications. |
| Payment Controls | Manage acquirer-level and merchant-level allow / deny rules. |
| Audit Logs | Query the audit trail of your acquirer and its merchants. |
| End-of-Day Statements | List and download daily settlement statement files. |
Conventions
- Authentication — every endpoint expects an
Authorization: Bearer acquirer_key_...header; see Authentication. - Permissions — each endpoint requires a specific permission granted to the key; the required permission is stated on every endpoint page.
- Pagination — list endpoints return countless pagination metadata (
meta.current_page,meta.next_page,meta.prev_page) and accept anitemsparameter (max 100 per page). - Amounts — monetary values are integers in the smallest currency unit (
100= 1.00 SAR). - Errors —
401unauthenticated,403missing permission,404not found (or owned by another acquirer),400business rule violation,422validation error. Error bodies always carry amessagefield.