GET /gettoken

Merchants can redirect or link their users to this endpoint in order to obtain lptoken for a user.

Important

It is important that users actually visit this endpoint themselves via their browser for our anonymous purchasing system to identify them.

We do not offer an officially supported solution to access the gettoken endpoint asynchronously (via XHR or similar).

After a user visits the /gettoken endpoint they are redirected to the URL specified by merchant (redir parameter to gettoken) with the lptoken passed in as a query parameter.

Additionally, the URL the user is redirected to contains:

  • ts query param - Unix timestamp of when the redirect took place
  • hmac signature for the URL created by LaterPay using merchant’s secret key

Note

It is recommended to verify the signature of incoming requests containing the lptoken.

Parameters

  • redir (required)
    The full URL on the service consumer’s website to redirect to (may contain query parameters and url fragments)
  • cp, hmac, ts (required)
    Common Parameters

Example

  • Merchant redirects the user to
https://api.laterpay.net/gettoken?cp=ExampleID&redir=http%3A%2F%2Fexample.net%2Farticle-123&ts=1458656197&hmac=044ab1be47cb8ccf084ebce6d8d41b4a956fb2ed89a6354bd974a4ca
  • LaterPay redirects the user to
http://example.net/article-123?lptoken=t%7CcvJ1JIH7CjfRPZaxDgEV1RGBnPQPJZ5C5Ih8NggvZsgKR4Wn%2FP%2BPoyPjfuAsfN1oHMLjyXQgvaENpwcWt7zAew%3D%3D%7C1458651931%7C0a448117d0f00b0dc6675396477ab0fb0d2474f7fd7985e2a4752e52&ts=1458651931&hmac=fa8021ab49abd5c394718598c4bc1411640f9b473dd7f6d30da3d2e7

(The example above uses fake signatures and a fake merchant ID ExampleID)