Home
Documentation
Resources
Certifications
Community
Manage Access Token - OAuth - Mercado Pago Developers

Intelligent search powered by OpenAI 

Manage Access Token

Currently there are different ways in which the Access tokens and yours temporary grants created can be disabled and invalidated to authorize requests for protected resources or to exchange them for new tokens.

  • Expiration: after the time set at the time of creation, the token automatically expires and cannot be obtained.
  • User password change: there are password change flows where the seller can revoke all your credentials, including associated tokens and temporary grants.
  • Authorization revocation: revoking an authorization between the seller and the application triggers the deletion of all tokens and temporary grants associated with them.
  • Laundering of credentials for fraud: it is possible that the Information Security and Fraud Prevention department performs a complete update of a user's credentials. This triggers the deletion of all tokens and temporary grants associated with the seller in question.
  • User session cleanup: enables refresh of all vendor tokens and temporary grants.
  • Application elimination: when an application is eliminated, all tokens and temporary grants belonging to it are deleted.

You can receive webhook notifications every time a seller authorizes or deauthorizes your application. To configure them, read Dashboard.

To configure them, see more information on Webhooks documentation.