Conekta is a Mexico-focused payment processor that supports credit and debit card charges, OXXO cash payments, and bank transfers. The Pagos Hotspot API uses Conekta’s Orders API (Documentation Index
Fetch the complete documentation index at: https://mintlify.com/sistemashm24/pagos_hotspot_api/llms.txt
Use this file to discover all available pages before exploring further.
POST /orders) to charge cards tokenized on the captive portal frontend. Because the API is multi-tenant, every company (Empresa) stores its own Conekta credentials independently — one company’s keys are completely isolated from another’s.
How credentials are stored
EachEmpresa record in the database holds three Conekta-related fields:
| Field | Column type | Description |
|---|---|---|
conekta_private_key | String(100) | Server-side key used to authenticate API requests to api.conekta.io |
conekta_public_key | String(100) | Client-side key embedded in the captive portal to tokenize card data |
conekta_mode | String(10) | "test" or "live" — controls which Conekta environment is used |
When you retrieve the current configuration via
GET /api/v1/admin/mi-empresa/conekta,
the conekta_private_key field is always masked as "********" in the
response body. The actual key is never returned through the API.Setting Conekta credentials
There are two equivalent endpoints for saving credentials. Both accept the same request body and require a valid client-admin session token.Option A — New endpoint (recommended)
Option B — Legacy endpoint
Your Conekta private key. Test keys begin with
sk_test_; live keys begin
with sk_live_. If omitted or null, the stored value is left unchanged.Your Conekta public key. Test keys begin with
pk_test_; live keys begin
with pk_live_. If omitted or null, the stored value is left unchanged.Operating mode. Accepted values:
"test" or "live". This field is always
updated when the request is made; it defaults to "test" if not provided.Retrieving current configuration
Exposing the public key to the captive portal
The captive portal frontend needs the public key to tokenize card data in the browser usingConektaJS. The public key is included in the public configuration endpoint that does not require authentication:
empresa.conekta_public_key. Your portal should call this endpoint at load time and pass the key to Conekta.setPublicKey().
Test cards
Whenconekta_mode is set to "test", use the following card numbers to simulate different scenarios without charging real cards.
| Card number | Network | CVV | Expiry | Result |
|---|---|---|---|---|
4242 4242 4242 4242 | Visa | 123 | Any future date | Approved |
4000 0000 0000 0002 | Visa | 123 | Any future date | Declined |
5555 5555 5555 4444 | Mastercard | 123 | Any future date | Approved |
Switching to live mode
Obtain live credentials from Conekta
Log in to the Conekta dashboard, navigate to
Developers → API Keys, and create or copy your live private and public
keys (prefixed
sk_live_ and pk_live_).Update credentials via the API
Call
POST /api/v1/admin/mi-empresa/configurar-conekta with the live keys
and "conekta_mode": "live".