Home
Documentation
Resources
Partners
Community

Resources

Check for updates on our solutions and system performance, or request technical support.

Partners

Discover our program for agencies or developers that offer integration services and sellers who want to hire them.

Community

Get the latest news, ask others for help and share your knowledge.

Best practices - OAuth - Mercado Pago Developers

Intelligent search powered by OpenAI 

Best practices for OAuth integration

When using OAuth, it is important to take certain aspects into account so that the integration works correctly.

Below, you will find a guide to possible errors and good practices to keep in mind.

Correct use of values in request headers

Always use the accept and content-type headers in your POST request. Be careful not to add values to headers that are not part of the integration to avoid getting a response error.

oauth_header

Correct use of 'params' values

In your POST call, be careful to use only the requested params values. Do not add any other non-required values, otherwise you will receive an error code in response.

oauth_params

Correct use of Query Params

Remember not to send any parameters inside Query Params. Send the parameters within the request body as indicated in API Reference.

oauth_queryparams

Correct use of the 'grant_type' field

Always use the grant_type field in your requests with the authorization_code or client_credentials values. Remember that if you send another value, it is possible that you will receive an error in response.

oauth_grant_type

Using the 'state' field in the 'authorization code' request

To enhance integration security, we recommend including the state parameter in the authorization code request flow. This way, you can ensure that the response belongs to a request initiated by the same application.

Make sure that the redirect_uri is a static URL. If you want to send additional parameters in that URL, use the state parameter to include that information. Otherwise, the call will receive an error response if the redirect_uri does not exactly match the application's configuration.

oauth_state

To find more information about the request, its parameters, and the possible success and error responses you may receive, go to API Reference documentation.