API Reference

Authentication

All Orchestrator API requests are authenticated using API keys generated from the Keys & Sync page.

API Keys

API keys are generated per merchant workspace. Each key is prefixed with mkr_ and can be revoked at any time from the Keys & Sync settings page.

Only the last 4 characters of each key are stored as a hint for identification. The full key is only shown once at generation time — store it securely.

Authorization Header

Include your API key in the Authorization header of every request:

Header Format
Authorization: Bearer mkr_your_api_key_here

Sandbox vs Live

API keys are scoped to the environment of the merchant workspace they belong to. A sandbox merchant's keys will only work against the sandbox Moolre environment, and live keys only against production. Switch environments from the dashboard header toggle.

Sandbox

Use for testing and development. Transactions are simulated and no real funds move. Switch to sandbox mode from the dashboard header.

Live

Real transactions with real funds. Ensure your routing rules are tested in sandbox before switching to live.

Example Request

cURL
curl -X POST https://your-orchestrator-domain.com/api/v1/split \
  -H "Authorization: Bearer mkr_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "externalId": "order_12345",
    "amount": 10000,
    "currency": "GHS"
  }'

Error Responses

StatusMeaning
401Missing or invalid API key
403Valid key but insufficient permissions for this merchant
429Rate limit exceeded — retry after the window resets