Link Account

POST

/api/aof/request-qr

The API returns a QR code or an ABA Mobile deeplink, enabling users to either scan the QR code or use the deeplink to automatically launches the ABA Mobile app and prompts the customer to select an ABA account to link to your platform. Once the user finished linking, PayWay will send pushback account details and token to the merchant through the return_url.

💡

Before using this API, please make sure your profile has enabled Account on File feature.
If your merchant profile has not enabled this feature yet, please contact our merchant digital support (digitalsupport@ababank.com) for sandbox profile, and for a production merchant profile, please contact our merchant acquisition team (paywaysales@ababank.com).

Request

Header Params

Content-Type

string

required

Example:

application/json

Body Params application/json

req_time

string

required

Request date and time in UTC format as YYYYMMDDHHmmss.

merchant_id

string

required

A unique merchant key which provided by ABA Bank.

<= 20 characters

return_param

string

required

Extra information that you want to include when payment gateway call your return_url.

return_url

string

optional

Once the user has linked their account, the details of the token and other important information will be sent via this URL.
This is an optional field. If left empty, it will default to the merchant profile’s pushback_url.
If you provide a value, ensure that your domain is whitelisted in your merchant profile.

PHP Sample Code

return_deeplink

string

optional

After the user links their account on ABA Mobile, they will see a success screen with a Done button. Your return deep link will be embedded in this button. When the user taps Done, they will be redirected to your app.

PHP Sample Code

hash

string

required

The hash is a Base64-encoded HMAC-SHA512 hash of the concatenated values: merchant_id, req_time, and return_deeplink, using the public_key.

PHP Sample Code

Example

{
  "req_time": "20210723080525",
  "merchant_id": "ec000002",
  "return_param": "REQ0012",
  "return_url": "RBqpuvSB7BA...CX+X1Sxtg4U+==",
  "hash": "waNDRBqpuvSBACX...3+cOwJQn/eHYw=="
}

Request samples

Shell

JavaScript

Java

Swift

PHP

Python

HTTP

Objective-C

Ruby

OCaml

Dart

curl --location --request POST '/api/aof/request-qr' \
--header 'Content-Type: application/json' \
--data-raw '{
    "req_time": "20210723080525",
    "merchant_id": "ec000002",
    "return_param": "REQ0012",
    "return_url": "RBqpuvSB7BA...CX+X1Sxtg4U+==",
    "hash": "waNDRBqpuvSBACX...3+cOwJQn/eHYw=="
}'

Responses

🟢200OK

application/json

Body

deeplink

string

required

If your integration is on a mobile app, either Android or iOS, you can open this deep link to redirect the user to ABA Mobile and complete the account linking process.

qr_string

string

required

If your integration is on a web browser, you can render this QR code so that users can scan and complete the linking process.

qr_image

string

required

Full URL of the QR image.

expire_in

number

required

Date and time (timestamp) of the token expiry.

status

object

required

code

string

required

00 – Success

04 – Request parameter required

11 – Server-side error

message

string

required

Please see more details in the code property above.

Examples

SuccessException

{
  "status": {
    "code": "00",
    "message": "QR generated successfully"
  },
  "deeplink": "abamobilebank://ababank.com?type=account_on_file&qrcode=ABAAOF%2BhEGxkym0GCTuGTSatzgFses",
  "qr_string": "ABAAOF+hEGxkym0GCTuGTSatzgFsesgxkuw+8P0J3qJEbdUOWAMN0PdBi2Q/+xEVex6SbF19enqLB2xU46jTzVY",
  "qr_image": "https://payway-staging.ababank.com/assets/abaqr/abaqr-8f89f2395ad495aba3a15e70a6e68c5616",
  "expire_in": 1627113926
}

Credentials on File

Link Card