Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/sistemashm24/pagos_hotspot_api/llms.txt

Use this file to discover all available pages before exploring further.

Conekta is a Mexico-focused payment processor that supports credit and debit card charges, OXXO cash payments, and bank transfers. The Pagos Hotspot API uses Conekta’s Orders API (POST /orders) to charge cards tokenized on the captive portal frontend. Because the API is multi-tenant, every company (Empresa) stores its own Conekta credentials independently — one company’s keys are completely isolated from another’s.

How credentials are stored

Each Empresa record in the database holds three Conekta-related fields:
FieldColumn typeDescription
conekta_private_keyString(100)Server-side key used to authenticate API requests to api.conekta.io
conekta_public_keyString(100)Client-side key embedded in the captive portal to tokenize card data
conekta_modeString(10)"test" or "live" — controls which Conekta environment is used
When you retrieve the current configuration via GET /api/v1/admin/mi-empresa/conekta, the conekta_private_key field is always masked as "********" in the response body. The actual key is never returned through the API.

Setting Conekta credentials

There are two equivalent endpoints for saving credentials. Both accept the same request body and require a valid client-admin session token.
POST /api/v1/admin/mi-empresa/configurar-conekta

Option B — Legacy endpoint

PUT /api/v1/admin/mi-empresa/conekta-config
Request body fields:
conekta_private_key
string
Your Conekta private key. Test keys begin with sk_test_; live keys begin with sk_live_. If omitted or null, the stored value is left unchanged.
conekta_public_key
string
Your Conekta public key. Test keys begin with pk_test_; live keys begin with pk_live_. If omitted or null, the stored value is left unchanged.
conekta_mode
string
default:"test"
Operating mode. Accepted values: "test" or "live". This field is always updated when the request is made; it defaults to "test" if not provided.
curl -X POST https://api.example.com/api/v1/admin/mi-empresa/configurar-conekta \
  -H "Authorization: Bearer <session_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "conekta_private_key": "sk_test_xxxxxxxxxxxxxxxxxx",
    "conekta_public_key": "pk_test_xxxxxxxxxxxxxxxxxx",
    "conekta_mode": "test"
  }'
Successful response:
{
  "message": "Credenciales de Conekta actualizadas correctamente"
}

Retrieving current configuration

GET /api/v1/admin/mi-empresa/conekta
Returns the current Conekta configuration for the authenticated company. The private key is masked.
curl https://api.example.com/api/v1/admin/mi-empresa/conekta \
  -H "Authorization: Bearer <session_token>"
Response:
{
  "message": "Configuración cargada",
  "configuracion_actual": {
    "conekta_public_key": "pk_test_xxxxxxxxxxxxxxxxxx",
    "conekta_mode": "test",
    "conekta_private_key": "********"
  }
}

Exposing the public key to the captive portal

The captive portal frontend needs the public key to tokenize card data in the browser using ConektaJS. The public key is included in the public configuration endpoint that does not require authentication:
GET /api/v1/config/public
The relevant field in the response is empresa.conekta_public_key. Your portal should call this endpoint at load time and pass the key to Conekta.setPublicKey().
const config = await fetch('/api/v1/config/public').then(r => r.json());
Conekta.setPublicKey(config.empresa.conekta_public_key);

Test cards

When conekta_mode is set to "test", use the following card numbers to simulate different scenarios without charging real cards.
Card numberNetworkCVVExpiryResult
4242 4242 4242 4242Visa123Any future dateApproved
4000 0000 0000 0002Visa123Any future dateDeclined
5555 5555 5555 4444Mastercard123Any future dateApproved
Test tokens are single-use. A conekta.errors.processing.tokenization.used error is returned if you attempt to reuse a token. Always generate a fresh token for each payment attempt in your portal.

Switching to live mode

1

Obtain live credentials from Conekta

Log in to the Conekta dashboard, navigate to Developers → API Keys, and create or copy your live private and public keys (prefixed sk_live_ and pk_live_).
2

Update credentials via the API

Call POST /api/v1/admin/mi-empresa/configurar-conekta with the live keys and "conekta_mode": "live".
3

Verify with a real transaction

Process a small real transaction through the captive portal to confirm end-to-end connectivity. Check the Conekta dashboard for the order record.

Build docs developers (and LLMs) love