Getting Started With Xfers Plus

With Xfers Plus, you can manage payments between you and your providers/users. Xfers Plus enables you to build a custom checkout experience on any platform for your marketplace platforms and businesses.

Getting Started With Xfers Plus

1. How do I manage other users' Xfers Wallet on my app?
2. Will user_api_token expire? 
3. FAQ 
4. Xfers Connect Documentation

1. How do I manage other users' Xfers Wallet?

There are two steps to this:

Step 1

Go to to signup / login to your Xfers Sandbox account, using your X-XFERS-APP-API-KEY.

At Xfers, phone numbers act as the identity of the user. Therefore, we require the phone number of the user at this step in order to

a) Check whether the number is already registered. If so, attempt a login instead of creating an account
b) Send an OTP to the user - which he will enter through the UI of your app. This OTP is used for Step 2. 

Step 2

If the OTP is entered correctly, Xfers would know the user has granted access to the app. You need to pass the OTP as params of this endpoint. This is a necessary security feature because doing the Connect flow allows merchants to control the user's Xfers wallet/account.

The sign_up_url returned: All it does is to let the user provide an email and password to complete the registration (Such that he/she can login and visit the Xfers dashboard). This is entirely optional. Some users don't complete the registration at this step, which is fine.

You can still use the user_api_token returned to do's-next. Should the user decide to complete the registration at a later stage, he can simply go to the Xfers main website without using the sign_up_url. The sign up process is the same, just that he would need to enter his phone number.

2. Will user_api_token expire?

user_api_token will not change or expire. However the user is able to see merchants which have access to their API keys from the dashboard and disable them should they want to
Xfers connect API
Xfers Connect API

3. FAQs

The APIs seem like an easy way to generate OTPs for my platform. Can I use it solely for this purpose?
No, it is not designed for this purpose and we have backend monitoring systems to check any abuse of our APIs.