Skip to main content

Create a new UI Session

Each session represents a single, self-contained interaction. Your customer completes onboarding or account management actions within the embedded experience and exits when finished. Because the experience runs in a WebView, your application must provide a way for your customer to leave the flow. This is typically a custom navigation bar or close control in the host application. Each time your customer re-enters the Virtual Accounts experience, you must create a new authentication session and launch a new embedded experience. This ensures that access is explicit, time-bound, and scoped to a single interaction. Your application must follow the sequence below each time a customer enters the Virtual Accounts experience:
1

Create a UI Session

Your backend calls the Virtual Accounts API to create a new session and provide user details in the customer object with a unique customerId.
2

Build the Session URL

The Virtual Accounts API returns a sessionKey that you use to generate a fully formed sessionURL. Pass this URL to the client without modification.
sessionURL = `https://sandbox.va.meridianpay.com?sessionKey=${sessionKey}`
3

Load a WebView

The client loads the sessionURL directly inside a WebView that meets the required configuration and permission requirements.
4

User completes the flow and exits

Your customer completes onboarding or account actions and exits the experience using the host application’s navigation controls.

UI Session lifecycle

Virtual Accounts sessions follow these rules:
  • Sessions are single-use and must not be reused.
  • Sessions are short-lived and expire after 30 minutes.
  • Sessions are payload-bound to the customer identifier and any onboarding or receiver details submitted at creation time.
  • Any change to customer identifiers, KYC information, or receiver details requires creating a new session.
  • Session URLs must not be cached or stored for later use.
These constraints ensure data freshness, deterministic behavior, and secure access to the hosted experience.