API Reference
GuidesAPI ReferenceGo to DashboardSite >
Start typing to search…

Authentication Overview

Localpayment uses OAuth 2.0 Bearer token authentication to secure API access. All API requests require a valid access token included in the Authorization header. This guide provides an overview of authentication concepts and security requirements.

Secure authentication is fundamental to API integration. Localpayment's token-based authentication ensures only authorized requests can access your account data and process transactions.

OAuth 2.0

Industry-standard Bearer token authentication

Short-lived Tokens

5-minute access tokens for enhanced security

Security Requirements

🔒

Critical Security Requirements

Follow these practices to ensure secure API integration.

HTTPS Encryption

All API communication must use HTTPS to protect data in transit

Server-Side Only

API requests must originate from secure server environments only

IP Whitelisting

Configure IP whitelisting in dashboard to authorize API calls

Secure Credential Storage

Use environment variables or secret management systems

Authentication Endpoints

Manage your API authentication using these dedicated endpoints:

Get Access Token

Obtain new access and refresh tokens using your API credentials

Refresh Access Token

Get new access tokens using your refresh token without re-authentication

Quick Example

Generate Token:

curl --request POST \
     --url https://api.stage.localpayment.com/api/token/ \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "username": "[email protected]",
  "password": "KD##ow^&Z2zD6^2FL29m"
}
'

Use Token:

curl --request POST \
     --url https://api.stage.localpayment.com/api/validation/document \
     --header 'Authorization: Bearer <your_access_token>' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "country": "ARG",
  "document": {
    "id": "1791234561009",
    "type": "RUC"
  }
}
'

Token Expiration

Localpayment uses short-lived tokens for enhanced security:

Access Token

5 minutes
Used for API requests
Short lifetime for security

Refresh Token

24 hours
Used to obtain new access tokens
Long lifetime for convenience

Token Refresh Flow

  1. Initial Authentication: Get access and refresh tokens
  2. API Requests: Use access token for 5 minutes
  3. Token Expiry: Receive 401 Unauthorized response
  4. Token Refresh: Use refresh token to get new access token
  5. Continue Requests: Use new access token for API calls

Implementation Tip

Build automatic token refresh into your integration. Check token expiration and refresh proactively to avoid 401 errors during API operations.

Error Handling

401 Unauthorized

Invalid or expired token
Solution: Refresh token or re-authenticate.

403 Forbidden

IP not whitelisted
Solution: Configure IP whitelisting in dashboard