OAuth documentation has been renewed
OAuth is an authorization protocol that allows applications to have limited access to the private information of Mercado Pago accounts through the creation of an Access Token, which allows restricted access to a resource in the API calls.
Although our old documentation already guided you through the step-by-step process of obtaining this Access Token, today we want to present you with a new version, focusing on providing an even clearer and more precise differentiation that will help you choose the flow (grant type) that best suits your needs. These can be:
Authorization code: based on redirection, should be configured when using credentials to access a resource on behalf of third parties. It will require the intervention of the user (seller) to explicitly authorize access to their data by the application.
Client credentials: should be configured in cases where you want to use credentials to access a resource on your own behalf, meaning, to obtain an Access Token without user interaction (seller). It will be the ideal flow when applications request an Access Token using only their own credentials to access their own resources, not able to act on behalf of a third party or access their data.
Once the appropriate flow has been chosen, this documentation provides you with an updated step-by-step guide, with more details and additional considerations, so you can implement our security solution without any issues.
Remember that when using OAuth, it is important to consider some aspects for the integration to work correctly. Check out the Best Practices for OAuth Integration and consult the possible errors that may occur during this process to learn how to avoid them when implementing your solution.
If you need more information about this security protocol at Mercado Pago, do not hesitate to access the complete new documentation on OAuth.