Overview
The Integrations section is the central hub for your technical setup. It provides all the tools necessary for developers to manage authentication, secure communication through IP allowlisting, and configure real-time notifications for every stage of the payment lifecycle.
Note: Legacy Version: A link is provided at the top right for merchants who need to access older settings or configurations.
Managing Environments
To ensure a smooth integration, the platform separates testing from production. These environments are completely independent; settings, credentials, and webhooks configured in one will not affect the other.
Sandbox: A safe environment to test API calls and integration flows without moving real funds.
Live: Your production environment. Configurations here affect real transactions and live customers.
API Credentials
This subsection handles the core configuration for Payins, Payouts v2, and Smartfields. It is designed with several security-first features:
Handling Credentials
Payins/Payouts v2: Access the X-Login and X-Trans-Key required for standard integrations. For your protection, sensitive credentials (such as your Trans-Key) are hidden. You must complete a Two-Factor Authentication (2FA) process via Email to reveal them.
Smartfield Keys: Obtain the public keys needed to integrate dLocal Smartfields for secure card data collection.
Key Rotation: If this feature is enabled for your account by the Support team, you can rotate your keys directly in this section to maintain security compliance.
IP Allowlisting
To prevent unauthorized API access, you can define a list of static IP addresses for your servers. Our system will block any requests originating from IPs not included in this "allowlist."
Payouts v3 Credentials (OAuth 2.0)
The Payouts v3 engine utilizes modern OAuth 2.0 standards for improved security and granular control.
Full Lifecycle Management: Merchants can create, view, and revoke Client IDs and Client Secrets on demand.
Scope Configuration: Assign specific permissions at the credential level to ensure that each integration has only the access it requires.
Dedicated IP Allowlist: Manage a separate list of authorized IPs specifically for your Payouts v3 traffic.
Endpoints & Webhooks
Webhooks allow your system to stay in sync with dLocal in real-time. You can configure one unique URL for each of the following notification topics:
Topic | Description |
Callback URL | The destination where users are redirected after a bank flow or ticket payment. (Note: No status updates are sent here). |
Payins Notification | Real-time POST requests for payment status updates (e.g., Pending to Paid). |
Payouts Notification | Real-time updates regarding the status of your disbursements. |
Chargebacks URL | Instant alerts if a customer disputes a transaction with their issuer. |
Refunds URL | Notifications confirming the successful processing of a refund. |
Key Benefits
Security: Multi-layered protection with OTP-protected keys and server-side IP allowlisting.
Autonomy: Complete control over the OAuth credential lifecycle without needing manual intervention.
Reliability: Granular webhooks ensure your backend is always updated with the latest transaction statuses.
Risk Mitigation: Independent Sandbox and Live environments allow for thorough testing before moving to production.
For further technical details, please visit the dLocal Developer Portal or contact your Account Manager.