GET /gettoken¶
Merchants can redirect or link their users to this endpoint in order to obtain lptoken for a user.
Important
It is important that users actually visit this endpoint themselves via their browser for our anonymous purchasing system to identify them.
We do not offer an officially supported solution to access the gettoken endpoint asynchronously (via XHR or similar).
After a user visits the /gettoken endpoint they are redirected to the URL
specified by merchant (redir parameter to gettoken) with the
lptoken passed in as a query parameter.
Additionally, the URL the user is redirected to contains:
- tsquery param - Unix timestamp of when the redirect took place
- hmacsignature for the URL created by LaterPay using merchant’s secret key
Note
It is recommended to verify the signature of
incoming requests containing the lptoken.
Location¶
- https://api.laterpay.net/gettoken (EU Production) 
- https://api.uselaterpay.com/gettoken (US Production) 
- https://api.sandbox.uselaterpaytest.com/gettoken (US Sandbox) 
Parameters¶
- redir(required)
- The full URL on the service consumer’s website to redirect to (may contain query parameters and url fragments) 
 
- cp, hmac, ts(required)
 
Example¶
- Merchant redirects the user to 
https://api.laterpay.net/gettoken?cp=ExampleID&redir=http%3A%2F%2Fexample.net%2Farticle-123&ts=1458656197&hmac=044ab1be47cb8ccf084ebce6d8d41b4a956fb2ed89a6354bd974a4ca
- LaterPay redirects the user to 
http://example.net/article-123?lptoken=t%7CcvJ1JIH7CjfRPZaxDgEV1RGBnPQPJZ5C5Ih8NggvZsgKR4Wn%2FP%2BPoyPjfuAsfN1oHMLjyXQgvaENpwcWt7zAew%3D%3D%7C1458651931%7C0a448117d0f00b0dc6675396477ab0fb0d2474f7fd7985e2a4752e52&ts=1458651931&hmac=fa8021ab49abd5c394718598c4bc1411640f9b473dd7f6d30da3d2e7
(The example above uses fake signatures and a fake merchant ID ExampleID)