Development Considerations
See Maya Partner Journey for the development activities you need to consider.
Maya App’s In-app Webview Limitations
Maya Mini App currently does not support the following:
- Open an external browser/app
- Open new tab
- Open media picker
- Open camera (take photo/video) or any external app
- Landscape orientation
Maya Mini App Tokens
The differences between the Maya Mini App Tokens
In summary, the user access token identifies and authorizes the user, the client token authorizes your application to make API requests, and the refresh token renews the user access token and refresh token to maintain continuous access.
| Token Type | Customer Access Token | Client Credentials Token | Customer Refresh Token |
|---|---|---|---|
| Token | accessToken | access_token | refreshToken |
| Obtained from | This token is sent to your Session URL endpoint along with its Customer Refresh Token (refreshToken) during session initiation;Can also be obtained via the Refresh Token refreshToken | This token is acquired during OAuth 2.0 Authentication | This token is initially received alongside the Customer Access Token (accessToken) during session initiation; This can also be acquired via the Refresh Token |
| Purpose | This token is necessary for most APIs that require user identification, such as accessing user profiles or performing transactions on behalf of the user | This token is used to authorize API calls at the application level, with scopes or permissions that are granted to your application rather than to individual users | This token is used to generate new tokens: the Customer Access Token and the Customer Refresh Token |
| Usage | This token is used to authenticate the user and identify the user’s Maya account | This token is used for the Bearer Authentication to verify your identity as an authorized entity accessing Maya's endpoints | This token is used to generate a new Customer Access Token and a new Customer Refresh Token. This ensures the user can continue accessing your application without needing to re-authenticate |
| Expiry | 600 seconds | 3600 seconds | 1200 seconds |
Handling Expired Maya Mini App Tokens
In line with Maya’s privacy and security standards, each Maya Mini App Access Token has a specific lifetime consistent across all Maya Mini App partners.
Your application should monitor and handle expiring tokens. See below the scenarios and their proper handling:
| Token Type | Scenario | Handling |
|---|---|---|
Client Credentials Token (access_token) | If your Mini App needs to call the Maya Mini App endpoints AND the Client Credentials Token ( access_token) is already expired | Call the OAuth 2.0 Authentication client_credentials grant type |
Customer Access Token (accessToken) | If the user initiates a transaction from your Mini App AND the Customer Access Token ( accessToken) is already expired | Call the Refresh Token refreshToken);Note that this endpoint requires the Client Credentials Token ( access_token) generated during OAuth 2.0 Authentication client_credentials grant type |
Customer Refresh Token (refreshToken) | If the user is still active in your Mini App AND the Customer Refresh Token ( refreshToken) is about to expire | Call the Refresh Token refreshToken);Note that this endpoint requires the Client Credentials Token ( access_token) generated during OAuth 2.0 Authentication client_credentials grant type |