API Keys

At this point, you already have access to the Maya Manager 1.0.

Learn the Environments

Maya allows its partners to integrate with Maya solutions through the Sandbox and Production environments.

  • Sandbox - The Sandbox environment provides an instance for integrating Maya solutions and testing development builds, without the risk of impacting live transactions and real customers. During this testing phase, you may use our Sandbox Credentials and Cards .
  • Production - The Production environment represents the live setting where actual transactions result in real charges. To conduct live transaction testing in the Production environment, you must use real cards and e-wallet accounts.

Domains and IP Addresses

The table below shows the Payment Gateway domains and the IP addresses it resolves to:


Environment Domains Domain Description Inbound IP Address
Sandbox https://pg-sandbox.paymaya.com API URL Hostname Dynamic IP Address
https://payments-web-sandbox.paymaya.com Returned Web URL Hostname Dynamic IP Address
https://manager-sandbox.paymaya.com Maya Manager 1.0
Production https://pg.maya.ph API URL Hostname 18.140.194.9
54.179.96.150
46.137.225.171
13.251.180.11
52.74.222.228
52.76.49.45
https://payments.maya.ph
https://payments.paymaya.com
Returned Web URL Hostname Dynamic IP Address
https://manager.paymaya.com Maya Manager 1.0

Access to Maya Manager 1.0

Access to the Maya Manager 1.0 is granted primarily to your nominated company representative. Should you need access to the Maya Manager 1.0, kindly direct your request to your nominated company representative, who will handle the provisioning of your access to the Maya Manager 1.0 and provide permission to generate your API keys.

Refer to the video below for the detailed instructions on managing User Access Management

Generate your API Keys

Before you can proceed with accepting payments, you need to generate and set up your API keys. In technical terms, API keys securely identify and authenticate your transaction requests to Maya. The API keys you generate will establish payment integration on your platform, enabling you to accept online payments.

Steps how to generate your API Keys


🧠 Keep in mind

Things to note prior to generating your API Keys:

  • The environment you will be working on. As mentioned in Learn the Environments , Maya has two (2) environments, Sandbox and Production. Each environment has a distinct Maya Manager 1.0 portal.
  • The Maya Solution you will be implementing. API Keys that will be generated are exclusive to the particular solution.

Step 1: Login to Maya Manager Sandbox .

Step 2: Go to the menu on the left side of the screen and look for API Keys.

Step 3: On the main navigation, select the Merchant name you registered earlier, then generate the API key by clicking Generate API Key.

Step 4: After being redirected to another screen, create keys for both Public and Secret policies.

Step 5: Click Create then your unencrypted API keys will be shown on the screen. This is the only time you can visibly see this; only the masked values will be reflected once you exit.

Step 6: Copy and store the generated public and secret API keys in a secure and encrypted location. Do not store your keys anywhere that unauthorized personnel can access.

🔐Save your API key in a secured location

Misuse or mishandling of tokens or keys within the jurisdiction of the Partner, could entail risks and vulnerability of transactions.

⚠️ If your API keys are lost or breached, delete the old API keys and generate new ones in the same environment.


Authenticate with Maya's APIs

For every Maya solution, there are multiple API endpoints that you as a Partner can utilize. To verify your identity as an authorized entity accessing Maya's endpoints, API Authentication must be performed during transaction requests.

Authentication is done via HTTP Basic Authentication. Review the API endpoint and check which type of API key is required, whether it is a Public (pk-....) or Secret (sk-....) API key.

To identify what type of API key is required for an endpoint, look for reminders or callouts that look like below:

⚠️ For Basic Authentication, use PUBLIC API KEY. Learn more →

⚠️ For Basic Authentication, use PRIVATE API KEY. Learn more →

Steps how to use your API Keys


  1. Use the appropriate or required key as the Username, followed by a ':' (colon) and then the Password which should be left blank. If your API key is pk-Z0OSzLvIcOI2UIvDhdTGVVfRSSeiGStnceqwUE7n0Ah, the resulting string is:
pk-Z0OSzLvIcOI2UIvDhdTGVVfRSSeiGStnceqwUE7n0Ah:
  1. Apply Base64 encoding to the resulting string from Step 1. Using the sample value above, the Base64 encoded string will be:
cGstWjBPU3pMdkljT0kyVUl2RGhkVEdWVmZSU1NlaUdTdG5jZXF3VUU3bjBBaDo=
  1. Indicate the authorization method i.e. “Basic” followed by a space then the Base64 encoded string in Step 2. An example is shown below:
Authorization: Basic cGstWjBPU3pMdkljT0kyVUl2RGhkVEdWVmZSU1NlaUdTdG5jZXF3VUU3bjBBaDo=

See also: HTTP Basic Auth