Milkipay Client Integration

Requirements

  1. Client ID (client_id) - to be provided by Milkipay
  2. Client Secret (client_secret_token) - to be provided by Milkipay
  3. Oauth url (oauth_url) - to be provided by Milkipay
  4. Redirect url (client-redirect-url.com) - to be provided by client.
    • This url must be secure. (starts with https://)
    • Successful authentication with Milkipay will redirect to this url, with as temporary token as a part of the url
    • The temporary token will be passed as ?code=Token.string.random in the url

Integration

  1. Create a Link or Button that will call Milkipay's Client Oauth url
  2. The url should be in the pattern:
    • https://OAUTH_URL/clients/authorize?client_id=CLIENT_ID&client_token=CLIENT_SECRET_TOKEN
    • visit for live sample

Authentication Flow

  1. Client site triggers Milkipay Oauth url.
  2. Login with Phone prefix and number, together with password
    - Phone: 0000000663
    - Password: !Q2w3e4r
    Note: These credentials will only work on Dev and Staging
  3. On successful login, the page will redirect to the set redirect url together with the temporary token
    • like: https://client-redirect-url.com?code=TEMPORARY.TOKEN.ONLY
  4. Client website/app get the code searchParams in the redirect-url, and use it to get the long-lived processorToken

The table below lists status codes that apply to this specific endpoint.

Status Code Code Description
CAI-100-01 When user's login failed
CAI-100-02 When user is logged in but his account's status is not active.
CAI-100-03 When user is logged & account is active but his current subscription and subscription what client restricted for login is different.
CAI-100-04 When user tried with multiple invalid login & his account will lock.
CAI-100-05 Invalid Password.
CAI-100-06 Client Hash mismatched.
CAI-300-01 Invalid Authentication Token Or User's status is InActive.

Processor Token

Process Token is the long-lived token that is needed to query/connect to Milkipay's Client APIs

Environment Details

Dev Server

  1. Base url (base_url) : apistaging1.milkipay.com

Production Server

  1. Base url (base_url) : api.milkipay.com

How to get the processorToken

Pre-requisite: the temporary token (code) from the auth flow.

  1. POST to https://BASE_URL/api/clients/processor-token
  2. with http headers: Authorization: Bearer [TEMPORARY_CODE]
  3. Response will be in JSON, and will have the token attribute.
  4. This token is the long-lived processToken
  5. From now on, all calls to Milkipay's client API will require the processToken to be a part of the Authorization header.
  6. headers: Authorization: Bearer [processorToken]
  7. Sample Success JSON response:
    1. {
  "ok": true,
  "message": "Generated processor token",
  "token": "PROCESSOR_TOKEN",
  "expiry": "2024-11-21 17:59:00",
  "user": {
    "id": 1290,
    "uuid": "d36bd988-af4b-4ceb-b731-425c230a9a4d",
    "status": "active"
  }
}

User/Customer Status

Pre-requisite: the processToken needs to be part of the header

  1. POST to https://BASE_URL/api/clients/status-user
  2. with http headers: Authorization: Bearer [processorToken]
  3. Response will be in JSON, and will have the active attribute.
  4. Sample Success JSON response:
    1. {
  "ok": true,
  "message": "User status.",
  "active": true
}

User/Customer Payout

Pre-requisite: the processToken needs to be part of the header

  1. POST to https://BASE_URL/api/clients/payout
  2. with http headers: Authorization: Bearer [processorToken]
  3. with POST data
    1. clientId: string
    2. secret: string
    3. transactionId: string
    4. amount: number or float
  4. Response will be in JSON, and will have the ok = true|false attribute.
  5. Sample Success JSON response: 

    1. {
  "ok": true,
  "message": "Payout success.",
  "payout_transaction_id": "b77125e3-51a7-42f6-a790-5ed063808a3a"
}
  6. Sample Error JSON response: 

    1. {
  "ok": false,
  "message": "Unable to process payout for user",
  "error_code": "CAI-000-00"
}

The table below lists status codes that apply to this specific endpoint.

Status Code Code Description
CAI-200-01 Clients Secrets MisMatched.
CAI-200-02 User's device is not added as Trusted device.
CAI-200-03 Same transaction id exits with same Client.
CAI-200-04 Maximum payout call exceeded.
CAI-200-05 Client has no enough balance to proceed this payout.
CAI-200-06 Galileo failed to create payment for user.
CAI-200-07 Galileo payment process error.

Global Error Code

Status Code Code Description
CAI-500-01 When server got an exception.

Example flow

  1. see Working prototype on this documentation