Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/sistemashm24/pagos_hotspot_api/llms.txt

Use this file to discover all available pages before exploring further.

The /api/v1/config/public endpoint is the first call a captive portal frontend should make after loading. It returns the public API keys needed to initialize Conekta.js and the Mercado Pago SDK in the browser, along with human-readable metadata about the company and the router serving the portal. All sensitive private keys remain server-side and are never exposed through this endpoint.

Request

Method: GET
Path: /api/v1/config/public

Headers

X-API-Key
string
required
Router API Key in the format jwt_<token>. This key identifies both the company and the specific router. Generated when creating a router in the admin panel.Example: jwt_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Request Body

None — this is a GET endpoint with no query parameters or body.

Response

Returns a JSON object with two top-level keys: empresa (company configuration) and router (router metadata).
empresa
object
Public configuration scoped to the company that owns this router.
router
object
Metadata about the specific router that issued the API Key.

Example

cURL

curl -X GET "https://api.example.com/api/v1/config/public" \
  -H "X-API-Key: jwt_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb3V0ZXJfaWQiOjEsImVtcHJlc2FfaWQiOjF9.SIG"

Response 200 OK

{
  "empresa": {
    "id": 1,
    "nombre": "Café Internet Centro",
    "conekta_public_key": "key_ZLyDaKGqDkBbVhKFmHIXsA",
    "mercadopago_public_key": "TEST-4c1e2f3b-1234-5678-abcd-ef0123456789",
    "conekta_mode": "test"
  },
  "router": {
    "id": 3,
    "nombre": "Router Principal",
    "ubicacion": "Planta Baja - Entrada"
  }
}

Error Responses

StatusMeaning
401 UnauthorizedMissing or invalid X-API-Key header.
403 ForbiddenAPI Key is revoked or expired.
500 Internal Server ErrorServer-side error fetching configuration.
conekta_public_key and mercadopago_public_key are safe to expose in the browser. Never use or expose the corresponding private/access token keys on the frontend — those are stored server-side and used internally by the payment endpoints.

Build docs developers (and LLMs) love