Initial Settings

This guide provides the necessary information to configure your system and begin integrating with the Localpayment API.

Prerequisites for Integration

Before you begin, ensure you meet the following requirements:

  • Documentation Submission: Ensure all required documentation is submitted and validated to obtain your test credentials.
  • Obtain Test Credentials: After verification, you'll receive your test credentials.
  • Application Configuration: Configure your application to point to the appropriate environment (sandbox).

API Credentials

All API requests to Localpayment must include valid API credentials to authenticate and verify that the request originates from an authorized account. These credentials ensure secure communication between your application and our platform, protecting your transactions and data.

Environments

Localpayment offers two environments for integration:

Sandbox

A testing environment that simulates production without affecting real data.

Endpoint: https://api.stage.localpayment.com

Production

The live environment where real transactions are processed.

Endpoint: https://api.v3.localpayment.com

Obtaining your API Credentials

After establishing a partnership with Localpayment, you'll receive credentials for the Stage Environment.

To obtain your credentials for the Production Environment, you'll need to integrate with the Localpayment API and successfully complete a certification process. This ensures you're fully prepared to handle real payments securely and efficiently.

API Authentication

Localpayment uses OAuth 2.0 for API authentication. Include the Authorization header with the Bearer schema and your access token in each request.

Generate an Access Token

Before making API requests, you need to obtain an access token by sending a request to the Generate an Access Token endpoint.

Request example:

curl --request POST \
     --url https://api.stage.localpayment.com/api/token/ \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "username": "[email protected]",
  "password": "KD##ow^&Z2zD6^2FL29m"
}
'

Response example:

{
  "refresh": "eyJ0eXAiOiJKV1QiLCJhbGccM5kYO7o4iOiJIU18jaiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTczNTMxOTkyOSwianRpIjoiZWUxMDE3MTUwY2JhNGM1NTg0MjYyZmRkZTdiOThiNGQiLCJ1c2VyX2lkIjoxMDAwLCJzdXBlcnVzZXIiOnRydWUsImlzX3N0YWZmIjp0cnVlLCJybaCIsImV4cCI62xlcyI6WyJBTEwiXSwiY291bnRyaWVzIjpbIkFMTCJdLCJjb21wYW55IjoiQUxMIiwiY2xpZW50X2NvZGUiOiJBNzaW9uTEwiLCJwZXJtaXcyI6W119.6siymomkQ72yMvHGU9sMCO4h-cxpNgQXor",
  "access": "eyJ0eXAiOiJKV1QiLCJhJIUzI1NiJ9.eyJ0b2tlbl90eXBlIbGciOijoiYWNjZXNzIiwiZXhwIjoxNzM1MjMzODI5LCJqdGkiOiJiMDRmNzQ3YWEjOCIsIn4Mjg0YjM0YmMwN2Y4ZjVkOWM0NWFVzZXJfaWQiOjEwMDAsInN1cGVydXNlciI6dHJ1ZSwiaXNfc3RhZmYiOnRy3VudHJpZXMiOljpbIkFsiQUxMIl0sImNvbXBhbnkiOiJBTEwiLCJjbGllbnRfY29kZSI6IkFMTCIsInBlcm1pc3Npb25zIjpdWUsInJvbGVzIMTCJdLlqEnH7GrECJjbbXX0.sWOLKFxCcXQkUcPvTjYceXBp39hDF3-Snc"
}

Use the Access Token

Once you receive the access token, include it in the Authorization header as a Bearer token for all subsequent API requests.

Request example:

curl --request POST \
     --url https://api.stage.localpayment.com/api/validation/document \
     --header 'Authorization: Bearer <your_access_token>' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "country": "ARG",
  "document": {
    "id": "1791234561009",
    "type": "RUC"
  }
}
'

View detailed information about authentication.

Best Practices for Using Credentials

Your API credentials are the key to your Localpayment integration, and safeguarding them is essential to protecting your account and transactions. Follow these best practices to maintain their security:

  • Store Credentials Securely:

    • Never hardcode your API Key or Secret Key directly in your application code.

    • Use environment variables or secure vaults (e.g., AWS Secrets Manager, Azure Key Vault) to store and manage your credentials.

    • Avoid committing credentials to version control systems like Git. Add them to your .gitignore file to prevent accidental exposure.

  • Limit Access to Credentials:

    • Share credentials only with authorized team members who require access for development or integration purposes.
    • Use role-based access control to restrict permissions within your Localpayment account.
    • If you suspect a credential has been compromised, revoke it immediately and generate a replacement.
  • Use Different Credentials for Sandbox and Production:

    • Always use separate credentials for your Sandbox (testing) and Production environments.

    • This ensures that test data and live transactions remain isolated, reducing the risk of errors or security breaches.

  • Monitor API Activity:

    • Regularly review API logs and transaction reports in the Localpayment dashboard to detect any unusual activity.
  • Never Expose Credentials Publicly:

    • Avoid embedding credentials in client-side code, mobile apps, or public repositories.
    • If credentials are accidentally exposed, revoke them immediately and generate new ones.

Whitelisting IPs

Whitelisting an IP address in Localpayment ensures that only trusted IP addresses can access the API.

Enabling Payment Methods

Contact our support team to add or remove payment methods for your account.

Notifications and Responses

Configure an endpoint in your system to receive webhook notifications for various events in your Localpayment account. This allows you to receive real-time updates on payment statuses and other important events.

View the documentation about webhooks.

Security Considerations

To ensure a secure integration:

  • Comply with PCI DSS: Follow PCI DSS standards for handling sensitive data.
  • Use HTTPS: Ensure all API requests are made over HTTPS.
  • Validate Inputs: Sanitize and validate all user inputs to prevent injection attacks.

Support and Documentation

Localpayment provides the following resources to assist you during integration: