Fund a Maya Wallet
Helps your customer to transfer their funds from your application onto their Maya wallet.
Maya’s Fund a Maya Wallet enables users to withdraw their funds from your application to their Maya Wallet.
To use Fund a Maya Wallet, you need to integrate with Maya Connect for user authentication, which is to enhance security and privacy, and with Money Movement for transferring funds.
Maya allows transfers from external wallets to an upgraded (KYC1) Maya account only, otherwise transaction will be rejected with error code M133 (see Money Movement Errors
for the list of error codes).
Maya recommends handling this error by prompting user to upgrade their Maya account via the Maya app. For more details, contact your Maya Relation Manager.
1 Getting started
Prior to initiating the integration process, it is essential to familiarize yourself with critical information about the solution and have accomplished the onboarding process.
Please refer to the Know Before you Code page to access relevant and important details regarding Money Movement.
For the onboarding requirements and checklists, consult the Quickstart guide.
2 Get authorization from your user
Are you a Maya Mini App partner?
Maya Mini App partners no longer need to implement this step. You may proceed to Funding a Maya Wallet .
Do you want to become a Maya Mini App partner? Check its use case and learn more
This solution requires authorization from the user to fund their own Maya wallet. User needs to input their Maya credentials to authorize the transaction.
Step 1: Get authorization
In order to obtain authorization from the user, you need to redirect them to Maya Connect's URI. At this stage, the user will be presented with the Maya login screen, where user will need to enter their Maya Credentials and OTP (One-Time Password).
Upon successful authorization, an authorization code will be generated and returned to your system.
Keep in mind
The authorization code is only valid for
5 minutesand is intended for single-use only. Maya will invalidate the code after initial use.
What happens during authorization:
- The user accesses your application and initiates a transfer of their funds to their Maya wallet.
- Using the provisioned Connect secret keys and following the API contract, your system sends an API request to GET
https://connect-sb-issuing.paymaya.com/authorize - Maya Connect displays the login and authorization form to the user.
- The user provides the necessary credentials and approves the authorization form.
- Maya Connect contacts your system by utilizing the designated redirect URL, supplying the authorization code and setting cookies.
API Contract
Request
Sample Request:
GET https://connect-sb-issuing.paymaya.com/authorize?
response_type=code&
client_id=myapp&
redirect_uri=https://myapp.com/callback&
state=sf9xm&
prompt=login&
user_id=+639412345678&
Request Parameters
| Parameter | Type | Description |
|---|---|---|
response_type REQUIRED |
string | Indicates the authorization processing flow to be used. When using the Authorization Code
Flow, this value is code. |
client_id REQUIRED |
string | Client ID |
redirect_uri REQUIRED |
string | Where the response will be sent. Must exactly match one of the Redirection URI values registered for the Client ID. |
state OPTIONAL |
string | Recommended. Used to maintain state between the request and the callback. This can be used to mitigate Cross-Site Request Forgery (CSRF) attacks. |
prompt OPTIONAL |
string | Expected value for Fund a Maya Wallet integration, if specified:
|
user_id OPTIONAL |
string | Expected value for Fund a Maya Wallet integration, if specified:
|
Successful Response
Once the user grants authorization, they will be redirected back to the specified redirect URI, accompanied by the following information:
Sample Request:
https://myapp.com/callback?code=X2wy4L&state=sf9xm&userId=%2B639*****5678&profileId=772988142429
Redirect URI Parameters
| Parameter | Description |
|---|---|
code |
The generated authorization code. |
state |
The same state value as supplied in the authorization request. |
error |
Added if there is any error. e.g. login_required |
userId |
Masked user ID |
profileId |
A unique numeric system identifier for User |
Login Scenarios
Maya Connect has a variety of login scenarios depending on the user_id value.
| Scenario | Result |
|---|---|
If user_id was not initially provided in the browser request |
Redirects to Maya log in page |
|
If AND
|
Redirects to Maya login page with prefilled mobile number.
|
|
If AND
|
Redirects to Maya registration form with prefilled username. |
Step 2: Get the user access token
At this point, you should have the following tokens:
codeValid authorization code, you've obtained during authorization of the user. See Step 1: Get authorization .
Secret KeyYour Maya Connect API key which will be provided to you by Maya during onboarding. See Quickstart
Upon obtaining the authorization code, you need to exchange it for the user access token through the POST /token.
A successful call to this endpoint will generate and provide the user access token, refresh token, and token expiry. At the same time, Maya will invalidate the authorization code.
| Token | Lifetime |
|---|---|
| User Access Token | 3600 seconds |
| Refresh Token | 604800 seconds |
Keep in mind
The user access token has a validity of only
3600 seconds. Once it expires, you have the following options:
- Utilize the
refresh_tokento generate new user access token. Learn more.- Return to Step 1, where the user needs to authorize the request by logging in again.
What happens during get token:
- With the Connect secret keys provisioned to you and following the API contract, send the API request to POST
https://connect-sb-issuing.paymaya.com/tokenproviding the authorization code. - Maya Connect will respond with a user access token, refresh token and their token expiry details.
API Contract
Request
Request Header
| Attribute | Type | Description |
|---|---|---|
Content-Type REQUIRED |
string | application/x-www-form-urlencoded |
Authorization REQUIRED |
string | Base64 encoded string of the provided Connect credentials:
Example: |
Request Body
| Attribute | Type | Description |
|---|---|---|
granType REQUIRED |
string | authorization_code |
code REQUIRED |
string | The authorization code received from the authorization request |
redirect_uri REQUIRED |
string | Identical redirect_uri as the authorization request |
Successful Response
Response Body
| Attribute | Type | Description |
|---|---|---|
access_token |
string | The user access token. Your application should store this securely while also consider the expiration. |
token_type |
string | Bearer |
refresh_token |
string | Token for getting a new user access token. Your application should store this securely while also consider the expiration |
expires_in |
string | Lifetime of the user access token in seconds. |
scope |
string | List of scopes enabled in the client. |
id_token |
string | ID value of the token |
Conditional: Refresh user access token
When user access token expires, you can request new token by using the refresh token. This endpoint will be enabled depends on your use case and user journey. For more information, contact your Maya Relationship Manager.
At this point, you should have the following tokens:
refresh_tokenValid refresh token, you've obtained together with the user access token. See Step 2: Get the user access token .
Secret KeyYour Maya Connect API key which will be provided to you by Maya during onboarding. See Quickstart
What happens during refresh token:
- With the Connect secret keys provisioned to you and following the API contract, send the API request to POST
https://connect-sb-issuing.paymaya.com/tokenproviding the refresh token. - Maya Connect will respond with a new user access token and its token expiry details.
API Contract
Request
Request Header
| Attribute | Type | Description |
|---|---|---|
Content-Type REQUIRED |
string | application/x-www-form-urlencoded |
Authorization REQUIRED |
string | Base64 encoded string of the provided Connect credentials:
Example: |
Request Body
| Attribute | Type | Description |
|---|---|---|
granType REQUIRED |
string | refresh_token |
refresh_token REQUIRED |
string | The refresh token received from during Get user access token |
scope OPTIONAL |
string | Space-delimited list of scopes which should be a subset of the original set of scopes requested. Omitting this will default to requesting the original set of scopes. |
Successful Response
Response Body
| Attribute | Type | Description |
|---|---|---|
access_token |
string | The user access token. Your application should store this securely while also consider the expiration. |
token_type |
string | Bearer |
refresh_token |
string | Token for getting a new user access token. Your application should store this securely while also consider the expiration |
expires_in |
string | Lifetime of the user access token in seconds. |
scope |
string | List of scopes enabled in the client. |
id_token |
string | ID value of the token |
3 Funding user's Maya wallet
For you to proceed in funding user's Maya wallet, you will be needing to provide the user access token upon creating a transfer intent. This time-limited token will be used to identify user and their Maya wallet.
Keep in mind
User access token can be acquired in different ways, depends on your integration:
- For the standalone Fund a Maya Wallet, you will acquire the user access token through Step 2: Get the user access token.
- For Maya Mini App partners, user access token is provided to your system during session initiation
Step 1: Create a Transfer
Once you have acquired the user access tokens you can proceed with creating an intent to transfer, utilizing the user access token as the recipient.
Keep in mind
When using user access tokens to represent the recipient, the account type of the recipient (
recipient.type) in the transfer request must be set as TOKEN.
At this stage, no actual movement of funds will occur. This allows you sufficient time to validate the transfer details, including recipient information, potential fees, and other relevant factors.
Creating transfers always result in a new intent even when using the same request reference number. See also Know Before you Code
What happens during create transfer:
- With the API keys provisioned to you and following the API contract, send the API request to POST
/transfersproviding the user access token. - Maya will respond with the
transferIdand its transfer details.
There is currently no time limit for executing a transfer after creation. Change on this behavior may be imposed in the future.
Step 2: Execute the Transfer
Once the intent to transfer has been created, utilize this endpoint to execute the transfer. To do so, you will need to provide the transferId obtained during the Step 1: Create a Transfer.
The execution of a specific transfer can only be performed ONCE, and any subsequent attempts will result in an error.
Following a successful call, the state will be updated to either APPROVED or DECLINED depending on the status of the transaction processing.
What happens during execute transfer:
- With the API keys provisioned to you and following the API contract, send the API request to PUT
/transfers/{transferId}/execute. - Maya will return the status of the transfer after processing.
Conditional: Retrieve a Transfer
Maya made this endpoint available for you to obtain the transfer details or check the status of a transfer by using the transferId obtained during Step 1: Create a Transfer.
What happens during retrieve transfer:
- With the API keys provisioned to you and following the API contract, send the API request to GET
/transfers/{transferId}. - Maya will return the transfer details and its state.
When to use Retrieve a Transfer
Maya recommends using Retrieve a Transfer when you have encountered the following scenarios during Execute transfer and Retrieve a transfer, to validate the transaction before you proceed to the next steps (For example: Execute a transfer):
- When you did not receive response from Maya.
- When the response from Maya is ambiguous (gateway errors, time outs, anything unparsable). See Money Movement errors
Updated over 1 year ago