# Merion Developers

> API and integrations documentation for approved partners and integrators of the Merion commercial debt-recovery platform. Merion Pty Limited (ACN 684 211 390).

## API hub

Base URL: https://api.merion.com.au

The Merion API is the system-of-record hub for the partner and client portals. Access is restricted to approved partners and integrators. Most routes require an OIDC bearer token (auth.merion.com.au, ES256, PKCE S256). The one genuinely open write endpoint is POST /public/forms/{key}.

## Public endpoints (no authentication required)

- `GET https://api.merion.com.au/health` — JSON status: `{"status":"ok","timestamp":"..."}`. Use for uptime monitoring.
- `GET https://api.merion.com.au/docs` — Human-readable interactive API documentation page.
- `GET https://api.merion.com.au/openapi.yaml` — OpenAPI 3.x specification (YAML). Full authenticated and public surface.
- `GET https://api.merion.com.au/.well-known/openid-configuration` — OIDC discovery document (served by auth.merion.com.au). Contains issuer, authorization_endpoint, token_endpoint, jwks_uri.
- `POST https://api.merion.com.au/public/forms/{key}` — Marketing and partner form intake. Body: `{"form":"<key>","fields":{...},"hp":""}`. Returns `{"data":{"message":"...","redirect":"..."}}` or `{"error":{"code":"...","message":"...","details":{...}}}`.

## Forms API — available keys

- `contact` — General enquiry. Fields: name (req), email (req), phone, message (req, min 10 chars).
- `refer-a-debt` — Refer an overdue account. Fields: name (req), email (req), company (req), debtor_name (req), amount (req), notes.
- `request-a-quote` — Quote request. Fields: name (req), email (req), company, debt_amount (req), debt_age.
- `partner-referral` — Partner account referral. Fields: partner_name (req), partner_email (req), client_name (req), client_email (req), debtor_name (req), amount (req), notes.
- `become-a-partner` — Partner programme application. Fields: name (req), email (req), company (req), role, message.

Honeypot: always send `"hp": ""`. Non-empty value causes silent discard.

## Authentication

- Auth server: https://auth.merion.com.au
- Algorithm: ES256 (ECDSA P-256 + SHA-256)
- Flow: OIDC authorisation code with PKCE S256
- Bearer: `Authorization: Bearer <token>`
- CORS: *.merion.com.au only — proxy required for third-party browser origins

## Webhooks

Stripe payment events are handled internally. Outbound partner webhooks are on the roadmap — contact Merion for bespoke arrangements.

## Status & support

- Status page: https://status.merion.com.au
- Health endpoint: GET https://api.merion.com.au/health
- Support email: contact@merion.com.au (subject: "API Access Request" or "API Incident")
- Office hours: Mon–Fri 09:00–17:00 AWST

## Documentation sections

- [Overview](https://developers.merion.com.au/) — What the API is and who can integrate.
- [Getting Started](https://developers.merion.com.au/getting-started/) — Base URL, auth, PKCE, CORS, rate limits, requesting access.
- [API Reference](https://developers.merion.com.au/reference/) — All public endpoints with curl examples and response shapes.
- [Forms API](https://developers.merion.com.au/forms-api/) — POST /public/forms/{key} payload, keys, validation, envelopes.
- [Webhooks](https://developers.merion.com.au/webhooks/) — Stripe handling and partner webhook roadmap.
- [Status & Support](https://developers.merion.com.au/status-and-support/) — Status page, health endpoint, how to get help.

## Company

Merion Pty Limited · ACN 684 211 390 · contact@merion.com.au · (08) 6325 5761
Australian commercial debt recovery — Queensland, Victoria, New South Wales, ACT.