When a customer connects to a MikroTik captive portal and wants to buy internet access, the Pagos Hotspot API orchestrates a precise sequence of events: it creates the MikroTik user before charging the card, then validates the payment status with a double check, and automatically rolls back the router user if anything fails. This document walks through every step of that lifecycle for both Conekta and Mercado Pago.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/sistemashm24/pagos_hotspot_api/llms.txt
Use this file to discover all available pages before exploring further.
Step 1 — Fetch the Product Catalog
Before presenting any payment UI, the captive portal retrieves the list of available plans. The API Key in the header identifies which company and router to scope the catalog to.The catalog is scoped automatically by the API Key. A key issued for Router A will never expose products from Router B, even within the same company.
Step 2 — Tokenize the Card (Conekta.js)
Card data never travels through your server. The captive portal frontend uses Conekta.js directly in the browser to convert raw card details into a single-use token.Retrieve the
conekta_public_key from GET /api/v1/config/public at page load. Never hardcode it.Step 3 — Submit the Conekta Payment Request
With a tokenized card and a selectedproduct_id, the portal POSTs to the payment endpoint.
| Field | Required | Description |
|---|---|---|
product_id | ✅ | ID from the catalog |
card_token | ✅ | Token from Conekta.js |
customer_name | ✅ | Customer full name |
customer_email | ✅ | Valid email address |
customer_phone | ❌ | Customer phone number |
user_type | ❌ | "usuario_contrasena" (default) or "pin" |
mac_address | ❌ | Device MAC for auto-connect |
ip_address | ❌ | Device IP for auto-connect |
auto_connect | ❌ | true to attempt auto-login (default: false) |
The Server-Side Flow
Once the request arrives, the server executes the following steps in strict order:Validate product and company ownership
The API Key is decoded to extract the
empresa_id and router_id. The server verifies that product_id exists and belongs to the empresa resolved from the key. A mismatch returns HTTP 404.Normalize user type
The
user_type field is normalized to exactly "usuario_contrasena" or "pin". Any invalid or missing value defaults to "usuario_contrasena".usuario_contrasena→ generates a username likeAB3C9Dplus a fixed password1234pin→ generates a 6-digit numeric PIN as the password; username field is still populated but the PIN is the primary credential shown to the user
Generate MikroTik credentials
mikrotik_service.generate_credentials(user_type=user_type) produces a credentials dict with username and password keys. These are used in all subsequent steps.Create MikroTik user (critical — happens BEFORE payment)
The user is registered on the MikroTik router immediately, before any payment is attempted.
Charge the card via Conekta
With a successfully created MikroTik user, the server calls the Conekta API to charge the tokenized card for the product price. The company’s
conekta_private_key (stored server-side and never exposed) is used for the request.Double-validate payment status
The Conekta response is inspected for
payment_status. Only "paid" is considered successful. All other statuses — including "pending", "declined", "expired", "failed" — trigger an HTTP 402 and an immediate MikroTik rollback.Rollback on payment failure
If payment validation fails,
rollback_usuario() deletes the MikroTik user that was created in Step 4, and the database transaction is rolled back. No credentials are issued.Save transaction to database
On success, a
Transaccion record is committed to PostgreSQL containing the Conekta order ID, empresa/router IDs, product, amount, customer info, and the generated credentials.Execute auto-connection (optional)
If
auto_connect=true and mac_address was provided, ejecutar_auto_conexion() is called to inject a MAC cookie and log the device into the hotspot automatically. The result is included in the response as auto_conexion.Conekta Payment — Successful Response
Mercado Pago Payment Flow
The Mercado Pago flow —POST /api/v1/payments/pagar-mercado-pago — is nearly identical to the Conekta flow with two important differences:
-
Amount validation: The server checks that
transaction_amountin the request matches the product price within a tolerance of0.01. A mismatch returnsHTTP 400immediately, before any MikroTik user is created. -
Status mapping: Mercado Pago uses
"approved"(not"paid") as the success state. The status"pending"is also accepted with a warning in the response.
Error Reference
| HTTP Status | Cause | Rollback? |
|---|---|---|
404 | Product not found or wrong company | No (user never created) |
400 | MP amount mismatch / MP not configured | No |
402 | Payment declined, expired, cancelled, etc. | ✅ Yes |
500 | MikroTik unreachable / unexpected error | ✅ Yes (if user was created) |
User Type Credential Summary
usuario_contrasena
Username: 6-character alphanumeric (e.g.,
AB3C9D)Password: Fixed 1234Best for traditional login pages where users type credentials manually.pin
Username: 6-character alphanumeric (still generated)Password (PIN): 6-digit numeric (e.g.,
482931)Best for simplified portals with a single PIN entry field.