The Pagos Hotspot API is configured entirely through environment variables, following the twelve-factor app methodology. All variables are loaded viaDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/sistemashm24/pagos_hotspot_api/llms.txt
Use this file to discover all available pages before exploring further.
pydantic-settings from a .env file at the project root. Variables marked required have no default value and will cause the application to refuse to start if missing.
Database
PostgreSQL connection string in SQLAlchemy format. The async
asyncpg driver
is expected.Example: postgresql+asyncpg://user:password@localhost:5432/pagos_hotspotNumber of persistent connections SQLAlchemy keeps in its connection pool.
Increase this value for high-traffic deployments.
JWT & Authentication
Secret used to sign router API Key JWTs (the tokens prefixed with
jwt_
that captive portals send in the X-API-Key header). Must be a long,
random, unguessable string — a minimum of 32 bytes of entropy is recommended.Secret used to sign admin session JWTs returned by the login endpoint.
Must be different from
JWT_APIKEY_SECRET.JWT signing algorithm. The default
HS256 (HMAC-SHA256) is appropriate for
most deployments. Do not change this unless you fully understand the
security implications.Number of days before a generated router API Key expires. Set to a lower
value in security-sensitive environments.
Number of hours before an admin session token expires. Users are required
to log in again after this period.
General Security
General-purpose application secret key used for miscellaneous cryptographic
operations. Generate with
openssl rand -hex 32 or equivalent.Cost factor passed to
bcrypt when hashing admin passwords. Higher values
increase security at the cost of slower login responses. Valid range is
typically 10–14 for production servers.CORS
Comma-separated list of allowed CORS origins. Accepts a plain string (parsed
at startup) or a JSON array. Leave empty to disallow all cross-origin
requests.Example:
https://portal.example.com,https://admin.example.comSuper Admin Bootstrap
Email address used to create the initial super-admin account on first
startup. This account has global access across all tenant companies.
Password for the initial super-admin account. Change this immediately after
the first login. The value is stored as a bcrypt hash — the plaintext is
never persisted.
Conekta (Optional)
System-level fallback private key for Conekta. In a fully multi-tenant
deployment each company stores its own key in the database; this variable
acts as a default when a company has not yet configured its own Conekta
credentials. Can be left empty.
System-level fallback public key for Conekta. Same behaviour as
CONEKTA_DEFAULT_PRIVATE_KEY. Can be left empty.Mercado Pago Encryption
A URL-safe base64-encoded 32-byte Fernet
key used to encrypt Mercado Pago If this variable is left empty, tokens are stored without encryption. Setting
it is strongly recommended for any production environment.
access_token and webhook_secret values
before they are stored in the database. Generate one with:Application
Display name shown in the OpenAPI (Swagger) documentation UI at
/docs.Enables verbose debug output and FastAPI’s debug mode. Never enable this
in production — it can expose internal stack traces to clients.
Complete .env Example
.env
Generate strong secrets with
openssl rand -hex 32 (for SECRET_KEY,
JWT_APIKEY_SECRET, JWT_SESSION_SECRET) and
python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())" for ENCRYPTION_KEY_MERCADO_PAGO.