API Reference
Authentication
All Orchestrator API requests are authenticated using API keys generated from the Keys & Sync page.
API Keys
API keys are generated per merchant workspace. Each key is prefixed with mkr_ and can be revoked at any time from the Keys & Sync settings page.
Only the last 4 characters of each key are stored as a hint for identification. The full key is only shown once at generation time — store it securely.
Authorization Header
Include your API key in the Authorization header of every request:
Authorization: Bearer mkr_your_api_key_here
Sandbox vs Live
API keys are scoped to the environment of the merchant workspace they belong to. A sandbox merchant's keys will only work against the sandbox Moolre environment, and live keys only against production. Switch environments from the dashboard header toggle.
Sandbox
Use for testing and development. Transactions are simulated and no real funds move. Switch to sandbox mode from the dashboard header.
Live
Real transactions with real funds. Ensure your routing rules are tested in sandbox before switching to live.
Example Request
curl -X POST https://your-orchestrator-domain.com/api/v1/split \
-H "Authorization: Bearer mkr_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"externalId": "order_12345",
"amount": 10000,
"currency": "GHS"
}'Error Responses
| Status | Meaning |
|---|---|
| 401 | Missing or invalid API key |
| 403 | Valid key but insufficient permissions for this merchant |
| 429 | Rate limit exceeded — retry after the window resets |