The Pagos Hotspot API is built for multi-tenancy: a single deployment serves multiple independent WiFi operators (companies), each with their own MikroTik routers, payment credentials, and product catalogs. A super admin — typically the system operator — controls provisioning. This guide walks through the complete onboarding sequence for bringing a new WiFi operator onto the platform.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/sistemashm24/pagos_hotspot_api/llms.txt
Use this file to discover all available pages before exploring further.
Roles Overview
| Role | Scope | What They Can Do |
|---|---|---|
super_admin | System-wide | Create companies, create routers, generate API Keys, create admin users, view global stats |
cliente_admin | Single company | Configure payment credentials, manage products, view their own transactions and routers |
| End user (API Key) | Single router | Fetch catalog, process payments, auto-reconnect |
Full Onboarding Flow
Log in as super admin
All admin provisioning endpoints require a valid super-admin session JWT in the Response:Save this token — it is used as
Authorization: Bearer header.Bearer <token> in every subsequent admin call.Create the company
Register the new WiFi operator as a company. You can set placeholder Conekta keys now; the client will update them later from their own admin panel.
Response (save the
| Field | Required | Description |
|---|---|---|
nombre | ✅ | Company display name |
contacto_email | ✅ | Primary contact email |
contacto_telefono | ❌ | Phone number |
conekta_private_key | ✅ | Conekta private key (can be placeholder) |
conekta_public_key | ✅ | Conekta public key (can be placeholder) |
conekta_mode | ✅ | "test" or "live" |
id):Add the MikroTik router and generate an API Key
Create the router record for the company’s MikroTik device. This single call provisions the router and generates a unique API Key JWT. Save the
Response:
api_key from the response — it is only shown once and cannot be retrieved again (only regenerated).| Field | Required | Description |
|---|---|---|
empresa_id | ✅ | Company ID from Step 2 |
nombre | ✅ | Friendly name for the router |
host | ✅ | Router IP or hostname reachable from the API server |
puerto | ✅ | RouterOS API port (default: 8728) |
usuario | ✅ | MikroTik API username |
password | ✅ | MikroTik API password |
ubicacion | ❌ | Human-readable physical location |
Create the client's admin user
Create a
Response:
cliente_admin account that the WiFi operator will use to log into their management panel, configure payments, and manage products.| Field | Required | Description |
|---|---|---|
email | ✅ | Login email for the client admin |
password | ✅ | Initial password (client should change it) |
nombre | ✅ | Full name |
rol | ✅ | Must be "cliente_admin" for company-scoped access |
empresa_id | ✅ | The company this admin belongs to |
Deliver credentials to the client
Hand over the following to the new WiFi operator:
Advise the client to immediately:
| Item | Value | Notes |
|---|---|---|
| API Key | jwt_eyJhbG... | Use in X-API-Key header on all portal calls |
| Admin email | [email protected] | For logging into the admin panel |
| Admin password | ClientePass456! | Temporary — advise client to change it |
| API base URL | https://api.tuempresa.com | Base URL for all endpoints |
- Log in to the admin panel and change their password.
- Navigate to payment settings and enter their real Conekta or Mercado Pago credentials.
- Create their product catalog to map MikroTik profiles to prices.
Client configures payment credentials
Once logged in as Mercado Pago credentials:
cliente_admin, the client configures their own payment keys — these are stored encrypted and used when processing payments for their company only.Conekta credentials:Client creates the product catalog
The client maps MikroTik profiles to prices and display names. Each product is scoped to a specific router.
Verify connectivity
Test the router connection from the API to confirm the MikroTik credentials are correct and the API server can reach the device.Then verify MikroTik profiles are accessible:A successful response confirms end-to-end connectivity from the API server to the MikroTik router. The client is now fully operational.
Responsibility Matrix
| Task | Who Does It | Endpoint |
|---|---|---|
| Create company | Super admin | POST /admin/empresas |
| Create router + API Key | Super admin | POST /admin/empresas/{id}/routers |
| Create admin user | Super admin | POST /admin/usuarios |
| Regenerate lost API Key | Super admin | POST /admin/empresas/{id}/routers/{id}/regenerate-api-key |
| Configure Conekta keys | Client admin | POST /api/v1/admin/mi-empresa/configurar-conekta |
| Configure Mercado Pago keys | Client admin | POST /api/v1/payments/configurar-credenciales |
| Create products | Client admin | POST /api/v1/admin/products |
| Process payments | End user (portal) | POST /api/v1/payments/pagar-conekta |
| Fetch catalog | End user (portal) | GET /api/v1/catalogo_perfiles_venta |
API Key Management
API Keys are JWT tokens scoped to a single router, valid for 1 year by default. A super admin can manage them through these endpoints:Check key status
GET /admin/empresas/{id}/routers/{router_id}/api-key-statusReturns expiry date, last-used timestamp, usage count, and warnings if the key is expiring within 30 days.Regenerate a key
POST /admin/empresas/{id}/routers/{router_id}/regenerate-api-keyRevokes the current key and issues a new one. Use when a client loses their key.View all keys
GET /admin/empresas/{id}/routers/{router_id}/api-keysLists all keys (active and historical) for audit purposes.Revoke a specific key
POST /admin/empresas/{id}/routers/{router_id}/api-keys/{key_id}/revokeImmediately invalidates a specific key without issuing a replacement. Use when a key is suspected of being compromised.