Basic Authentication

Note the following when generating or requesting your API Keys or Credentials:

  • Maya has two (2) environments, Sandbox and Production, each with distinct keys or credentials. Refer here for more details
  • API credentials are specific to the Maya solution you will be using

Acquiring your API Keys

API Keys will be used to authenticate your application so save it in a secure location. Misuse or mishandling of tokens or keys within the jurisdiction of the Partner could entail risks and vulnerability of transactions.

If your API keys are lost or breached, delete the old API keys and generate new ones in the same environment.

Generate via Maya Manager 1.0

Log in to Maya Manager 1.0 and generate your API Keys.

Applicable to Maya’s Online Payment Solutions


Step 1: Login to Maya Manager Sandbox .

Step 2: Go to the menu on the left side of the screen and look for API Keys.

Step 3: On the main navigation, select the name of the Merchant that you registered earlier. Then generate the API key by clicking Generate API Key.

Step 4: After being redirected to another screen, create keys for both Public and Secret policies.

Step 5: Click Create then your unencrypted API keys will be shown on the screen. This is the only time that you can visibly see this; once you exit, only the masked values will be reflected.

Step 6: Copy and store the generated public and secret API keys in a secure and encrypted location. Do not store your keys anywhere that unauthorized personnel can access.

Generate via Maya Business Manager

Log in to Maya Business Manager and generate your API Keys.

Applicable to Maya’s Online Payment Solutions


  1. Login in to Maya Business Manager .
  2. On the sidebar, navigate through “Solutions” and choose an activated online payment solution; for example “Maya Checkout”.

  1. Click “Set up Online Payments”.

  1. On the Set up Online Payments form, fill out the website name field, choose where will you be using the Maya Checkout, and select the platform you are using. Click Submit.

  1. Unencrypted API keys will be shown on the screen. This is the only time that you can visibly see this; once you exit, only the masked values will be reflected.
  2. Copy and store the generated public and secret API keys in a secure and encrypted location. Do not store your keys anywhere that unauthorized personnel can access.

Acquire from Relationship Manager

Contact your Maya Relationship Manager to provide your API Keys.

Applicable to Fund a Maya Wallet, Disbursement API, Add Money using Cash In Code, Remittance API, Payments Processing Platform


During onboarding, your Maya Relationship Manager will ask you to nominate a key recipient and provide their public GPG key and email address. Your Maya Relationship Manager will assist you with the onboarding.

Once onboarded, the API keys or credentials will be sent to your nominated key recipient. These credentials will be stored in an encrypted file using the submitted public GPG key. Refer to the GPG guide for instructions on decrypting the file.


Authenticate Requests using the API Keys

To verify your identity as an authorized entity accessing Maya's endpoints, API Authentication must be performed during transaction requests. Authentication is done via HTTP Basic Authentication.

Review the API endpoint and check which type of API key is required, whether it is a Public (pk-....) or Secret (sk-....) API key.

To identify what type of API key is required for an endpoint, look for reminders or callouts that look like below:

For Basic Authentication, use PUBLIC API KEY. Learn more


For Basic Authentication, use SECRET API KEY. Learn more

Steps on Basic Authentication:

  1. Use the required key as the Username, followed by a ':' (colon) and then the Password which should be left blank. If your API key is pk-Z0OSzLvIcOI2UIvDhdTGVVfRSSeiGStnceqwUE7n0Ah, the resulting string is:
pk-Z0OSzLvIcOI2UIvDhdTGVVfRSSeiGStnceqwUE7n0Ah:
  1. Apply Base64 encoding to the resulting string from Step 1. Using the sample value above, the Base64 encoded string will be:
cGstWjBPU3pMdkljT0kyVUl2RGhkVEdWVmZSU1NlaUdTdG5jZXF3VUU3bjBBaDo=
  1. Indicate the authorization method i.e. “Basic” followed by a space then the Base64 encoded string in Step 2. An example is shown below:
Authorization: Basic cGstWjBPU3pMdkljT0kyVUl2RGhkVEdWVmZSU1NlaUdTdG5jZXF3VUU3bjBBaDo=