Guides
GuidesAPI ReferenceGo to DashboardSite >
Start typing to search…

Authentication

Localpayment uses OAuth 2.0 for API authentication. Learn how to generate and use access tokens securely with best practices.

Localpayment uses OAuth 2.0 for API authentication. Include the Authorization header with the Bearer schema and your access token in each request.

Generate an Access Token

Before making API requests, you need to obtain an access token by sending a request to the Generate an Access Token endpoint.

Request example:

curl --request POST \
     --url https://api.stage.localpayment.com/api/token/ \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "username": "[email protected]",
  "password": "KD##ow^&Z2zD6^2FL29m"
}
'

Response example:

{
  "refresh": "eyJ0eXAiOiJKV1QiLCJhbGccM5kYO7o4iOiJIU18jaiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTczNTMxOTkyOSwianRpIjoiZWUxMDE3MTUwY2JhNGM1NTg0MjYyZmRkZTdiOThiNGQiLCJ1c2VyX2lkIjoxMDAwLCJzdXBlcnVzZXIiOnRydWUsImlzX3N0YWZmIjp0cnVlLCJybaCIsImV4cCI62xlcyI6WyJBTEwiXSwiY291bnRyaWVzIjpbIkFMTCJdLCJjb21wYW55IjoiQUxMIiwiY2xpZW50X2NvZGUiOiJBNzaW9uTEwiLCJwZXJtaXcyI6W119.6siymomkQ72yMvHGU9sMCO4h-cxpNgQXor",
  "access": "eyJ0eXAiOiJKV1QiLCJhJIUzI1NiJ9.eyJ0b2tlbl90eXBlIbGciOijoiYWNjZXNzIiwiZXhwIjoxNzM1MjMzODI5LCJqdGkiOiJiMDRmNzQ3YWEjOCIsIn4Mjg0YjM0YmMwN2Y4ZjVkOWM0NWFVzZXJfaWQiOjEwMDAsInN1cGVydXNlciI6dHJ1ZSwiaXNfc3RhZmYiOnRy3VudHJpZXMiOljpbIkFsiQUxMIl0sImNvbXBhbnkiOiJBTEwiLCJjbGllbnRfY29kZSI6IkFMTCIsInBlcm1pc3Npb25zIjpdWUsInJvbGVzIMTCJdLlqEnH7GrECJjbbXX0.sWOLKFxCcXQkUcPvTjYceXBp39hDF3-Snc"
}

Use the Access Token

Once you receive the access token, include it in the Authorization header as a Bearer token for all subsequent API requests.

Request example:

curl --request POST \
     --url https://api.stage.localpayment.com/api/validation/document \
     --header 'Authorization: Bearer <your_access_token>' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "country": "ARG",
  "document": {
    "id": "1791234561009",
    "type": "RUC"
  }
}
'

View detailed information about authentication.

Best Practices for Using Credentials

Your API credentials are the key to your Localpayment integration, and safeguarding them is essential to protecting your account and transactions. Follow these best practices to maintain their security:

  • Store Credentials Securely:

    • Never hardcode your API Key or Secret Key directly in your application code.

    • Use environment variables or secure vaults (e.g., AWS Secrets Manager, Azure Key Vault) to store and manage your credentials.

    • Avoid committing credentials to version control systems like Git. Add them to your .gitignore file to prevent accidental exposure.

  • Limit Access to Credentials:

    • Share credentials only with authorized team members who require access for development or integration purposes.
    • Use role-based access control to restrict permissions within your Localpayment account.
    • If you suspect a credential has been compromised, revoke it immediately and generate a replacement.

  • Use Different Credentials for Sandbox and Production:

    • Always use separate credentials for your Sandbox (testing) and Production environments.

    • This ensures that test data and live transactions remain isolated, reducing the risk of errors or security breaches.

  • Monitor API Activity:

    • Regularly review API logs and transaction reports in the Localpayment dashboard to detect any unusual activity.

  • Never Expose Credentials Publicly:

    • Avoid embedding credentials in client-side code, mobile apps, or public repositories.
    • If credentials are accidentally exposed, revoke them immediately and generate new ones.

Updated 4 days ago