Client Side

This guide explains how to perform authentication/authorization flow on the Client Side, which is better suited for applications executing client side codes, such as, applications developed in javascript/ajax, Angular, mobile applications, among others.
MELI developers recommend using our SDKs since their functionality will streamline the authorization flow using the OAuth protocol.

Contenidos

Step by Step

These are the steps for the oAuth Client Side:

  • To begin, you need the app_id obtained when you created your application. If you have not done it yet, this guide provides the necessary steps.

  • When starting the authorization flow, your application should redirect users to Mercado Libre so that they can authenticate and subsequently grant permission to your application. You just need to redirect users to URL:

https://auth.mercadolibre.com.ar/authorization?response_type=token&client_id=App_id

Note: In this example we use the URL for Argentina (MLA), if you are working with other countries, remember to change the .com.ar for the relevant country’s domain.
To see the countries where Mercado Libre operates, enter the next URL http://www.mercadolibre.com/.

Parameters

response_type: token – It indicates that the intended operation is to obtain a token that will enable your application to interact with Mercado Libre.
client_id: It is the App ID assigned to your application when created. No need to worry about authentication of users in Mercado Libre, our platform will take care of that!

  • Once the user logs in, he/she will be redirected to your application authorization page. The user will be presented with every requested permit there.

  • When permissions are granted, the user will be redirected to the Redirect URI (configured for your Mercado Libre application) with the relevant access_token attached to the URL, as follows:
http://YOUR_URL#access_token=APP_USR-6092-3246532-cb45c82853f6e620bb0deda096b128d3-8035443&expires_in=10800&user_id=USER_ID&domains=APP_DOMAINS

Parameters

access_token: Access key to private resources.
Expires_in: Access token service life in seconds.
Domains: Redirect URI domain.

  • Done! You can now use the access_token to call our API and thus gain access to the user’s private data.
    For example, to access the user’s private information:
$ curl https://api.mercadolibre.com/users/me?access_token=$ACCESS_TOKEN

Response:

http://developers.mercadolibre.com/usuarios-y-aplicaciones/#modal2

Notes:

  • Remember that if the access_token expires you will have to go over the previous steps to obtain a new one.
  • When using this flow, you cannot get a refresh token. Once the token expires, you will need to redirect the user once again to the authorization URL to obtain the new access token.

Client-Side Flow

In short, this is the process you will be performing:
flujo_clientside_eng
References:
1) Redirect users to Mercado Libre.
2) No need to worry about authentication of users in Mercado Libre, our platform will take care of that!.
3) Authorization page.
4) You can now use the access_token to call our API and thus gain access to the user’s private data.

a-

POST 
https://auth.mercadolibre.com.ar/authorization?response_type=token&client_id=App_id

Remember to change the .com.ar for the relevant country’s domain.

b-

GET
http://YOUR_URL#access_token=APP_USR-6092-3246532-cb45c82853f6e620bb0deda096b128d3-8035443&expires_in=10800&user_id=USER_ID&domains=APP_DOMAINS

FAQs

Interact with community developers and share your doubts and experiences.

Please rate this