Valid API Key But Still Getting Authentication Errors in Maya Checkout

Integration and Tech Inquiries
,
1

Hello!

I’ve been stuck on this for a while and starting to wonder if I’m missing something really small. I’m integrating Maya Checkout in sandbox, and I keep getting “invalid API key” / authentication failed responses.

What’s confusing is:

  • I’ve verified the API keys are from Sandbox

  • Merchant account is correct

  • Keys have been regenerated multiple times

  • Endpoint is pointing to sandbox

But auth still fails consistently.

Here’s the a part of my implementation:

const mayaCheckoutUrl: string = config.maya_checkout.url
const hostUrl: string = config.host_url

// generate auth token
const token: string = Buffer
    .from(`${config.maya_checkout.pub_api_key}:`)
    .toString('base64')

const requestReferenceNumber: string = uuidv4()

export const createCheckout = async (cart: Cart, buyer: User) => {
    const req: CheckoutRequest = {
        totalAmount: {
            currency: 'PHP',
            value: cart.totalAmount
        },
        items: cart.items.map((item): CheckoutItem => ({
            amount: {
                value: item.product.unitPrice,
                details: {
                    subtotal: item.product.unitPrice
                }
            },
            totalAmount: {
                value: item.totalPrice
            },
            name: item.product.name,
            quantity: item.quantity
        })),
    }

    const response = await fetch(`${mayaCheckoutUrl}/checkout`, {
        method: "POST",
        headers: { 
            "Content-Type": "application/json",
            "Authorization": `Basic ${token.trim()}` 
        },
        body: JSON.stringify({
            ...req, requestReferenceNumber: requestReferenceNumber
        })

     }) return response.json() 
}

Has anyone encountered something similar?

2

It seems you may be referring to the endpoint /checkout/v1/checkouts, which is the correct path for creating a checkout in Maya Checkout. Your current endpoint /checkout is invalid and causes authentication to fail even with correct keys, as documented in the API reference.

Fix your code by updating the endpoint URL:

const mayaCheckoutUrl: string = config.maya_checkout.url; // e.g., "https://pg-sandbox.paymaya.com"

// Correct endpoint
const response = await fetch(`${mayaCheckoutUrl}/checkout/v1/checkouts`, {
  method: "POST",
  headers: { 
    "Content-Type": "application/json",
    "Authorization": `Basic ${token.trim()}` 
  },
  body: JSON.stringify({
    ...req,
    requestReferenceNumber: requestReferenceNumber,
    redirectUrl: { // Required field
      success: `${hostUrl}/success`,
      failure: `${hostUrl}/failure`,
      cancel: `${hostUrl}/cancel`
    }
  })
});

Additionally, ensure:

  • You are using the Public Key (pk-...) for this endpoint (correct in your code).
  • The redirectUrl object is included — it is required.
  • You are not using a Secret Key for this endpoint.

The “invalid API key” error is misleading — it occurs because the endpoint doesn’t exist, triggering a generic auth validation failure (error code K004). Once the endpoint is corrected, authentication should work as expected.

For Sandbox concerns and other technical implementation inquiries, please get in touch with us via:

  • Sandbox Health Page: Check real-time service status updates.
  • Maya Developer Hub Service Desk: File
    a ticket in Sandbox.

To Know More:

We value your input and would love to hear your insights. Please submit you feedback here.

1 Like
3

Hello~

Apologies for that typo. I have corrected the URL but still encountering the same error :sob:

Here’s the updated code:

const mayaCheckoutUrl: string = config.maya_checkout.url
const hostUrl: string = config.host_url

// generate auth token
const token: string = Buffer
    .from(`${config.maya_checkout.pub_api_key}:`)
    .toString('base64')

const requestReferenceNumber: string = uuidv4()

export const createCheckout = async (cart: Cart, buyer: User) => {
    const req: CheckoutRequest = {
        totalAmount: {
            currency: 'PHP',
            value: cart.totalAmount
        },
        items: cart.items.map((item): CheckoutItem => ({
            amount: {
                value: item.product.unitPrice,
                details: {
                    subtotal: item.product.unitPrice
                }
            },
            totalAmount: {
                value: item.totalPrice
            },
            name: item.product.name,
            quantity: item.quantity
        })),
    }

    const response = await fetch(`${mayaCheckoutUrl}/checkout/v1/checkouts`, {
        method: "POST",
        headers: { 
            "Content-Type": "application/json",
            "Authorization": `Basic ${token.trim()}` 
        },
        body: JSON.stringify({
            ...req, requestReferenceNumber: requestReferenceNumber
        })

     }) return response.json() 
}
4

Hello @kuro.mias22,

You may need to normalize the API key before encoding. Use .trim() to remove invisible whitespace/newlines from your env vars.

const rawApiKey = config.maya_checkout.pub_api_key.trim()

You could also try to explicitly define the encoding behavior (e.g., binary) to ensure consistency.

const token: string = Buffer.from(`${rawApiKey}:`, 'binary').toString('base64')