Authentication
We use OAuth 2.0 for API authentication. Learn how you can generate and use access tokens securely by following our best practices.
Make sure you include the Authorization header with the Bearer scheme and your access token in each request you send.
Generate an Access Token
Before making API requests, you need to obtain an access token by sending a request to the Generate an Access Token endpoint.
Request example
curl --request POST \
--url https://api.stage.localpayment.com/api/token/ \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"username": "[email protected]",
"password": "KD##ow^&Z2zD6^2FL29m"
}
'Response example
{
"refresh": "eyJ0eXAiOiJKV1QiLCJhbGccM5kYO7o4iOiJIU18jaiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTczNTMxOTkyOSwianRpIjoiZWUxMDE3MTUwY2JhNGM1NTg0MjYyZmRkZTdiOThiNGQiLCJ1c2VyX2lkIjoxMDAwLCJzdXBlcnVzZXIiOnRydWUsImlzX3N0YWZmIjp0cnVlLCJybaCIsImV4cCI62xlcyI6WyJBTEwiXSwiY291bnRyaWVzIjpbIkFMTCJdLCJjb21wYW55IjoiQUxMIiwiY2xpZW50X2NvZGUiOiJBNzaW9uTEwiLCJwZXJtaXcyI6W119.6siymomkQ72yMvHGU9sMCO4h-cxpNgQXor",
"access": "eyJ0eXAiOiJKV1QiLCJhJIUzI1NiJ9.eyJ0b2tlbl90eXBlIbGciOijoiYWNjZXNzIiwiZXhwIjoxNzM1MjMzODI5LCJqdGkiOiJiMDRmNzQ3YWEjOCIsIn4Mjg0YjM0YmMwN2Y4ZjVkOWM0NWFVzZXJfaWQiOjEwMDAsInN1cGVydXNlciI6dHJ1ZSwiaXNfc3RhZmYiOnRy3VudHJpZXMiOljpbIkFsiQUxMIl0sImNvbXBhbnkiOiJBTEwiLCJjbGllbnRfY29kZSI6IkFMTCIsInBlcm1pc3Npb25zIjpdWUsInJvbGVzIMTCJdLlqEnH7GrECJjbbXX0.sWOLKFxCcXQkUcPvTjYceXBp39hDF3-Snc"
}Use the Access Token
Once you receive the access token, include it in the Authorization header as a Bearer token for all subsequent API requests.
Request example
curl --request POST \
--url https://api.stage.localpayment.com/api/validation/document \
--header 'Authorization: Bearer <your_access_token>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"country": "ARG",
"document": {
"id": "1791234561009",
"type": "RUC"
}
}
'View detailed information about authentication.
Best Practices for Using Credentials
Your API credentials are critical to your Localpayment integration. Keep them secure by following these best practices:
- Store credentials securely using environment variables or secret managers—never hardcode or commit them to version control.
- Limit access to authorized team members and revoke any credential you suspect is compromised.
- Use separate credentials for Sandbox and Production environments.
- Monitor API logs regularly to detect unusual activity.
- Never expose credentials in client-side code, mobile apps, or public repositories.
Updated 3 days ago