Gateway Credential Validation
When a tenant saves payment settings in the control panel, the platform makes a live API call to the gateway to verify the credentials work. This is not format validation; it is a real request to the gateway using the credentials the tenant just entered. If the call fails, the save is rejected.
Storing invalid credentials creates a silent failure: everything looks configured, but the first real purchase fails. The live call at save time surfaces the problem immediately, before any user attempts a payment.
What each gateway validates
MercadoPago: requests an access token using the provided client credentials. The credentials are invalid if the token is empty or the request fails.
Stripe: two checks run in sequence. The gateway settings store the publishable key in the client_id field and the secret key in client_secret.
- Key format validation:
client_id(publishable key) must start withpk_live_(live) orpk_test_(sandbox).client_secret(secret key) must start withsk_live_(live) orsk_test_(sandbox).- Mixing live and sandbox prefixes is rejected.
- A real API call to retrieve the Stripe account balance confirms the secret key is active. The publishable key is only format-checked. A configuration with a valid secret and a malformed-but-not-checked publishable key can pass validation here and fail later when the frontend SDK uses the publishable key.
The environment check exists because a tenant once configured live Stripe keys in a sandbox environment (and vice versa), causing payments to fail silently in production. The format check prevents that class of mistake.
PayU: calls the PayU PING endpoint with the provided merchant credentials and expects a success response.
Yuno: no validation at save time. The credential validator has explicit branches for MercadoPago, Stripe, and PayU. Any other gateway falls through to an accept-by-default path, so Yuno settings are accepted without a live API check. Misconfigured Yuno credentials only fail at purchase time, when the SDK or the API call rejects them. If a tenant reports "Yuno checkout fails for everyone", treat the saved settings as suspect even though they passed the save check.
Buyer identity validation
This section concerns a separate validation that runs at checkout (not at gateway settings save). It is included here for orientation only; gateway credentials and buyer identity are unrelated subjects and live in different parts of the codebase.
When a buyer enters a national identity number (such as a CPF or DNI), the platform validates the format for the buyer's country.
Two behaviors to know:
- If the field is left empty, validation passes. The field is not always required.
- If the buyer's country does not have a supported validator, validation passes regardless of what was entered.
Only countries with explicitly supported document formats have enforced validation.