Create a new UI Session
Each session represents a single, self-contained interaction. Your customer completes onboarding or account management actions within the embedded experience and exits when finished. Because the experience runs in a WebView, your application must provide a way for your customer to leave the flow. This is typically a custom navigation bar or close control in the host application. Each time your customer re-enters the Virtual Accounts experience, you must create a new authentication session and launch a new embedded experience. This ensures that access is explicit, time-bound, and scoped to a single interaction. Your application must follow the sequence below each time a customer enters the Virtual Accounts experience:Create a UI Session
Your backend calls the Virtual Accounts API to create a new session and provide user details in the
customer object with a unique customerId.Build the Session URL
The Virtual Accounts API returns a
sessionKey that you use to generate a fully formed sessionURL. Pass this URL to the client without modification.Load a WebView
The client loads the
sessionURL directly inside a WebView that meets the required configuration and permission requirements.UI Session lifecycle
Virtual Accounts sessions follow these rules:- Sessions are single-use and must not be reused.
- Sessions are short-lived and expire after 30 minutes.
- Sessions are payload-bound to the customer identifier and any onboarding or receiver details submitted at creation time.
- Any change to customer identifiers, KYC information, or receiver details requires creating a new session.
- Session URLs must not be cached or stored for later use.