# Link Account ## OpenAPI Specification ```yaml openapi: 3.0.1 info: title: '' description: '' version: 1.0.0 paths: /api/aof/request-qr: post: summary: Link Account deprecated: false description: >+ The API returns a QR code or an ABA Mobile deeplink, enabling users to either scan the QR code or use the deeplink to automatically launches the ABA Mobile app and prompts the customer to select an ABA account to link to your platform. Once the user finished linking, PayWay will send pushback account details and token to the merchant through the `return_url`. :::highlight orange 💡 Before using this API, please make sure your profile has enabled Account on File feature. If your merchant profile has not enabled this feature yet, please contact our merchant digital support (digitalsupport@ababank.com) for sandbox profile, and for a production merchant profile, please contact our merchant acquisition team (paywaysales@ababank.com). ::: tags: - Credentials on File parameters: - name: Content-Type in: header description: '' required: true example: application/json schema: type: string requestBody: content: application/json: schema: type: object properties: req_time: type: string description: Request date and time in UTC format as YYYYMMDDHHmmss. merchant_id: type: string description: A unique merchant key which provided by ABA Bank. maxLength: 20 return_param: type: string description: >- Extra information that you want to include when payment gateway call your `return_url`. return_url: type: string description: >- Once the user has linked their account, the details of the token and other important information will be sent via this URL. This is an optional field. If left empty, it will default to the merchant profile’s `pushback_url`. If you provide a value, ensure that your domain is whitelisted in your merchant profile. **PHP Sample Code** ```php $return_url = base64_encode("YOUR RETURN URL VALUE"); ``` return_deeplink: type: string description: >- After the user links their account on ABA Mobile, they will see a success screen with a **Done** button. Your return deep link will be embedded in this button. When the user taps **Done**, they will be redirected to your app. **PHP Sample Code** ```php $deeplink_format = array( "ios_scheme" => "{YOUR IOS DEEPLINK URL}", "android_scheme" => "{YOUR ANDROID DEEPLINK URL}", ); $return_deeplink = base64_encode(json_encode($deeplink_format)); ``` hash: type: string description: >- The hash is a Base64-encoded HMAC-SHA512 hash of the concatenated values: `merchant_id`, `req_time`, and `return_deeplink`, using the `public_key`. **PHP Sample Code** ```php // public key provided by ABA Bank $api_key = "API KEY PROVIDED BY ABA BANK"; // Prepare the data to be hashed $b4hash = $merchant_id . $req_time . $return_deeplink; // Generate the HMAC hash using SHA-512 and encode it in Base64 $hash = base64_encode(hash_hmac('sha512', $b4hash, $api_key, true)); ``` x-apidog-orders: - req_time - merchant_id - return_param - return_url - return_deeplink - hash required: - req_time - return_param - merchant_id - hash example: req_time: '20210723080525' merchant_id: ec000002 return_param: REQ0012 return_url: RBqpuvSB7BA...CX+X1Sxtg4U+== hash: waNDRBqpuvSBACX...3+cOwJQn/eHYw== responses: '200': description: '' content: application/json: schema: type: object properties: deeplink: type: string description: >- If your integration is on a mobile app, either Android or iOS, you can open this deep link to redirect the user to ABA Mobile and complete the account linking process. qr_string: type: string description: >- If your integration is on a web browser, you can render this QR code so that users can scan and complete the linking process. qr_image: type: string description: Full URL of the QR image. expire_in: type: number description: Date and time (timestamp) of the token expiry. status: type: object properties: code: type: string description: |- - `00` – Success - `04` – Request parameter required - `11` – Server-side error message: type: string description: Please see more details in the `code` property above. x-apidog-orders: - code - message required: - code - message x-apidog-orders: - deeplink - qr_string - qr_image - expire_in - status required: - deeplink - qr_string - qr_image - expire_in - status headers: {} x-apidog-name: OK security: [] x-apidog-folder: Credentials on File x-apidog-status: released x-run-in-apidog: https://app.apidog.com/web/project/831852/apis/api-14530828-run components: schemas: {} securitySchemes: {} servers: - url: https://checkout-sandbox.payway.com.kh/ description: StillZeroBug security: [] ```