quickstart

Access to our APIs is managed through the Customer Portal.

1. Access & Credentials

Access: Log in to the portal and navigate to the Integrations section.
Generation: Click "New Credentials" to get your client_id and client_secret.
Security: Important! Store your client_secret in a secure location. It will be partially hidden after you close the generation modal.

2. Authentication (OAuth 2.0)

curl --request POST \
  --url 'https://api.sdb.lbpay.com.br/v1/oauth2/token' \
  --header 'accept: application/json' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --form client_id=YOUR_CLIENT_ID \
  --form grant_type=client_credentials \
  --form client_secret=YOUR_CLIENT_SECRET

3. Webhook Configuration

To receive notifications (e.g., PIX received or boleto paid), you must register a webhook URL:

Call the endpoint PUT /v1/webhook/{pixKey}
Provide the URL of your server that will receive POST notifications
Once registered, events will be sent automatically to your environment

4. Sandbox Environment

Before going to production, use our Sandbox environment. It simulates real API behavior with fictitious data.

Sandbox Endpoint: https://api.sdb.lbpay.com.br
HTTPS Required: All requests must use TLS encryption

5. Best Practices

Never expose your client_secret in frontend code
Rotate credentials periodically
Use environment variables to store sensitive data
Validate webhook signatures (if applicable)
Implement retry logic for webhook processing

1. Access & Credentials​

2. Authentication (OAuth 2.0)​

3. Webhook Configuration​

4. Sandbox Environment​

5. Best Practices​

1. Access & Credentials

2. Authentication (OAuth 2.0)

3. Webhook Configuration

4. Sandbox Environment

5. Best Practices