Creating your own hotspot with traffic monetization is a proven business model that remains relevant in cafes, hotels, coworking spaces, and residential complexes. Business owners often underestimate the potential of a simple internet connection, turning it into an additional source of income or a way to attract a loyal clientele. However, to ensure the system operates reliably and funds are deposited into an account, simply installing a router and enabling the "guest network" feature is not enough.
You will need specialized user authorization software known as HotSpot, and a clear understanding of the network architecture. The process includes not only the technical setup of the equipment but also the selection of the payment gateway that will accept payments from customers. It's important to determine the scale of the project from the outset: will it be a single point in a coffee shop or a distributed network of dozens of routers in an apartment building.
In this article, we'll cover all the stages of launching a service in detail, from hardware selection to legal details. You'll learn what authorization protocols better to use and how to protect the network from illegal use. The key to a successful launch is not internet speed, but the stability of the authorization system and ease of payment for the end user.
Selecting equipment for hot spots
The foundation of any network is hardware. Regular home routers are poorly suited for paid access, as they cannot redirect unauthorized users to a payment page. You will need business-class devices or specialized gateways. Hardware is traditionally considered the leader in this segment. MikroTik, which has a flexible RouterOS operating system.
Additionally, it's important to consider channel bandwidth and the number of simultaneous connections. If you plan to serve a busy shopping center, a budget model may not be able to handle the load and crash at the most inopportune moment. For larger venues, a combination of a powerful router controller and multiple access points is often used. Ubiquiti or TP-Link Omada.
It's also important to provide backup power. A short-term power outage shouldn't result in the loss of user session data or resetting billing settings. Using uninterruptible power supplies (UPS) for network equipment is an industry standard.
- 🔹 MikroTik hAP ac2 — an excellent choice for small cafes or hostels.
- 🔹 Ubiquiti UniFi Dream Machine — a powerful solution for medium and large facilities with multiple clients.
- 🔹 Keenetic Giga — modern models support HotSpot, but require careful configuration.
- 🔹 Server solutions — to scale the network to an entire district or city.
⚠️ Attention: Don't try to implement paid access on cheap entry-level routers with limited memory. When attempting to open the login portal, the user's device may freeze, leading to negative reviews and loss of customers.
How the authorization system works
Technically, the process of providing paid access is based on intercepting user requests. When a client connects to Wi-Fi, their traffic is blocked until successful identification. This is accomplished through a mechanism Captive Portal, which redirects any HTTP request to a dedicated page. This is where the user sees pricing information and the payment form.
There are several authentication methods, and the choice depends on your security and convenience needs. The simplest is a voucher system, where the administrator issues a login and password. A more modern and convenient method is authentication via SMS or social media. This requires integrating the router with an external server or cloud service.
After successful payment or code entry, a rule is created on the network equipment allowing traffic from the client's device's MAC address. It's important to understand the difference between temporary sessions and device binding. For public spaces, it's best to use session timeouts to free up network resources.
- 📶 Voucher (Vouchers) — generation of one-time codes, ideal for hotels and conferences.
- 💳 Payment gateway — direct card payment on the portal, funds are credited automatically.
- 📱 SMS authorization — login via code from SMS, convenient for collecting a phone number database, but a fee for the point owner.
- 🔑 MAC authorization — whitelist access, suitable for private clubs or offices.
MikroTik HotSpot Setup: Step-by-Step Instructions
Setting up paid access on equipment MikroTik is the gold standard thanks to its built-in HotSpot server. The process begins with creating an address pool for clients and configuring DNS. You should allocate a separate subnet or VLAN for guest access to isolate clients from your internal network.
Next, you need to configure the HotSpot profile itself. In the menu IP → HotSpot A setup wizard will launch, automatically creating the necessary firewall and NAT rules. It's critical to correctly specify the server address and port, as well as upload the authorization page template files.
To handle payments, you'll need a script that queries the paid session database. External billing systems, such as WispBill, UniFi Controller or self-written solutions based on PHP/MySQL, which communicate with the router via API.
⚠️ Attention: When setting up firewall rules, ensure that ports for payment systems (usually 443 and 80 for gateway domains) are open in the "Walled Garden" profile. Otherwise, the user will be unable to pay for access, as their requests will be blocked until authorization.
After applying the settings, test the connection scenario from a regular smartphone. Make sure the page pops up automatically. If it doesn't, check whether your browser is blocking pop-ups or whether the initial request uses HTTPS, which the router can't intercept without a redirect.
Integration of payment systems and billing
The most challenging part of setting up paid Wi-Fi is establishing a connection between the router and the payment gateway. You need to ensure that upon a successful transaction from the bank or aggregator (e.g., YuKassa, CloudPayments, Robokassa), the router receives a command to open access. This is accomplished using webhooks or API requests.
There are ready-made cloud platforms that take care of this complexity. You register with the service, link your account, and the system automatically generates payment links. The client pays, and the service sends a command to your router. This eliminates the need to write custom code and maintain server infrastructure.
If you decide to implement the integration yourself, you'll need a server with a web server (Nginx/Apache) and a proxy script installed. This script will receive notifications from the payment system and via the protocol. REST API or MikroTik API add a user to the active HotSpot database.
| Parameter | Cloud billing | Own server | Voucher system |
|---|---|---|---|
| Launch cost | Low | High (programmer needed) | Minimum |
| Service commission | Yes (from 5% to 15%) | No (only acquiring commission) | No |
| Difficulty of setup | Low | High | Average |
| Flexibility | Limited by tariff | Full | Basic |
What is a Walled Garden?
A Walled Garden is a list of domains and IP addresses that the user is allowed to access BEFORE paying for the internet. This list should include domains for payment systems, login pages, and possibly messaging apps so the customer can contact support.
Legal aspects and security
Providing public internet access places significant responsibility on the network owner. According to the laws of many countries, including Russia (the Yarovaya Law and related regulations), telecommunications providers are required to store user traffic and metadata. Even if you simply provide Wi-Fi in a cafe, you formally become an organizer of information dissemination.
You will need to sign a contract with the telecom operator providing the channel and possibly register as a telecom operator or work through a partner who will handle traffic storage (CORM/SORM). Failure to comply with these requirements may result in significant fines.
From a cybersecurity perspective, isolating the guest network is essential. Users shouldn't have access to point-of-sale terminals, CCTV cameras, or router admin panels. Use VLANs to segregate traffic. It's also recommended to limit the speed per client to prevent a single user from hogging the entire network downloading torrents.
- 🛡️ Isolation of clients — prohibit packet exchange between devices within the guest network.
- 📝 Public offer — Place network usage rules on the login page.
- 🔒 Encryption - use WPA2/WPA3 to protect the radio channel from eavesdropping.
- 📜 Licensing — check the need to obtain a license for telematic communication services.
⚠️ Attention: Legal requirements for traffic storage and user identification are constantly changing. Be sure to consult with a lawyer or your internet service provider regarding current regulations before launching a commercial project.
Marketing and traffic monetization
Paid Wi-Fi isn't just a way to make money by selling megabytes, it's also a powerful marketing tool. The login page is guaranteed to capture a customer's attention for 10-30 seconds. It's the perfect platform for promoting your core services, promotions, or partners.
Monetization models vary. Coffee shops often use the "Free Wi-Fi with a coffee" scheme, where access is granted automatically after payment (via POS system integration or manual receipt entry). Hotels also have a popular "Premium Wi-Fi" model, where the basic speed is free, but higher speeds or access to streaming services require a fee.
Build a contact database. Offer free 15-minute access in exchange for a social media subscription or email address. This data can then be used for retargeting and attracting new customers. LTV (customer lifetime value) in this case is significantly higher than a one-time fee for the Internet.
What internet speed should be allocated per user?
The optimal speed depends on the type of establishment. For cafes where people simply use instant messaging apps, 2-4 Mbps per device is sufficient. For coworking spaces or hotels where video and file processing is common, plan for at least 10-15 Mbps. Always leave some bandwidth (about 30%) for peak loads.
Is it possible to share paid Wi-Fi via a smartphone?
Technically, it's possible to create a hotspot on a smartphone, but setting up a full-fledged billing system and authorization portal for third-party users is practically impossible using standard tools. This isn't suitable for businesses due to low stability, limited connection capacity, and a lack of management tools.
What should I do if the user has paid, but the internet still isn't available?
First, check your router and billing system logs. DNS caching or antivirus blocking are common causes. Also, make sure your router's time is synchronized (NTP), as time desynchronization can cause certificate and session verification errors.
Do I need a separate permit to sell Wi-Fi?
In most cases, selling internet access is considered telematics services. In Russia, this requires a license from Roskomnadzor or a contract with a telecom operator that holds such a license and provides the equipment/software (reselling model). Operating illegally carries the risk of fines.