Business Rules to Code for Online Payments

Learn the Environments

Maya allows its partners to integrate with Maya solutions through the Sandbox and Production environments.

  • Sandbox - The Sandbox environment provides an instance for integrating Maya solutions and testing development builds, without the risk of impacting live transactions and real customers. During this testing phase, you may use our Sandbox Credentials and Cards .
  • Production - The Production environment represents the live setting where actual transactions result in real charges. To conduct live transaction testing in the Production environment, you must use real cards and e-wallet accounts.

Domains and IP Addresses

List of the Payment Gateway domains and their corresponding IP addresses.

Environment Domains Domain Description Inbound IP Address
Sandbox https://pg-sandbox.paymaya.com API URL Hostname Dynamic IP Address
https://payments-web-sandbox.paymaya.com Returned Web URL Hostname Dynamic IP Address
https://manager-sandbox.paymaya.com Maya Manager 1.0
Production https://pg.maya.ph API URL Hostname 18.140.194.9
54.179.96.150
46.137.225.171
13.251.180.11
52.74.222.228
52.76.49.45
https://payments.maya.ph
https://payments.paymaya.com
Returned Web URL Hostname Dynamic IP Address
https://manager.paymaya.com Maya Manager 1.0

Webhook IP Addresses

List of the source IP addresses of Maya Webhook notifications.


Webhook notifications should come from this IP address list. It is recommended to whitelist the list in your network.

EnvironmentIP Addresses
Sandbox13.229.160.234
3.1.199.75
Production18.138.50.235
3.1.207.200

Generate your API Keys

Most of Maya's Online Payment Solutions require API keys to authenticate incoming requests. Be guided on how to Generate API Keys for Online Payments .


Business Rules to Code

Payment Statuses

Payment status changes from initial to final states during processing. Each state varies based on different factors and certain conditions. This must be considered before you proceed to the next steps in completing the payment.

The Payment Statuses guide shows the transition flow for each payment status.

Payment Expiry

The default expiration from time of creation (unless indicated otherwise below) is 1 hour.

Payment Expiration:

  • From the creation of P2M transaction: 15 minutes
  • From tokenization (i.e. Maya account bound to the transaction) of P2M transaction: 30 seconds
  • From the creation of the Pay with Maya transaction: 30 minutes
  • From the creation of Terminal (card-present) transactions: 15 minutes

Card Vaulting Transactions Expiration:

  • The paymentTokenId or stored card data will be deleted after use (linking or payment) or if not used within 15 minutes.

Voids and Refunds

Transactions created can be voided or refunded following certain conditions.

Void and Refund functionality is available via Manager or API. To enable this functionality reach out to your Maya Relationship Manager.

Refer to the Void and Refunds for more details.


Security and Compliance

Payment Facilitator

When initiating a payment as a Payment Facilitator, you need to provide the Payment Facilitator information in the metadata object. For more information, refer to the Payment Facilitator page.

Fraud Protection

Maya’s Fraud Protection is a functionality enabled to your merchant account, which handles and validates the card transaction; intending to prevent fraudulent payments. There is mandatory information that your platform is required to provide under the Buyer object.

Maya’s Fraud Protection is a functionality enabled on your merchant account, that validates card transactions to prevent fraud. Your platform must provide the mandatory information within the Buyer object.

For further details, review the Fraud Protection guide.

PCI DSS Merchant Compliance

Do not store any card information (i.e. name, card number, expiry dates, cvv/cvc) on your application unless your platform is PCI-DSS certified.

All Merchants that accept cards and/or are involved with the processing, transmitting, or storing of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS) .

For more details, make sure to read PCI DSS Merchants Guideline .


Development Considerations

UTC Timezone

UTC offset 0 is our timezone in our systems/applications in Sandbox and Production. This is done to cater to all merchant integrators in all time zones.

Preparing for Sandbox Testing

Set up your sandbox environment. Your technical team is responsible for developing, debugging, and testing your sandbox.

Sandbox Access

You will be onboarded to Maya’s sandbox environment for access and testing. Generate your API keys via Maya Manager or coordinate with your Maya Relationship Manager.

You must use these sandbox keys for building and testing your integration in the sandbox.

Sandbox Test Accounts

Use the sandbox Maya Wallet account and mock cards listed in Sandbox Credentials and Cards .

Maya is the only e-wallet available for testing in Sandbox. Other e-wallets like GCash, QRPh, ShopeePay, and WeChat can only be tested in the Production environment. For further inquiries, you may reach out to your Maya Relationship Manager.

Testing Use Cases

Conduct your testing in the sandbox, covering successful transactions, and error handling.

Not all errors can be tested in the Sandbox. However, clients should check all possible scenarios to ensure their system handles them correctly.


Refer to the API reference or troubleshooting guides for the list of errors and handling. Alternatively, use the search box (upper right corner of the Maya Developer Hub) to find the related information.

If you require technical assistance, please submit a ticket to the Maya Developer Hub Service Desk (also known as the ASKMAYADEV). For more information about the ASKMAYADEV, refer to this guide .