MELI developers recommend using our SDKs since their functionality will streamline the authorization flow using the OAuth protocol.
Step by Step
These are the steps for the oAuth Client Side:
- To begin, you need the app_id obtained when you created your application. If you have not done it yet, this guide provides the necessary steps.
- When starting the authorization flow, your application should redirect users to Mercado Libre so that they can authenticate and subsequently grant permission to your application. You just need to redirect users to URL:
Note: In this example we use the URL for Argentina (MLA), if you are working with other countries, remember to change the .com.ar for the relevant country’s domain.
To see the countries where Mercado Libre operates, enter the next URL http://www.mercadolibre.com/.
response_type: token – It indicates that the intended operation is to obtain a token that will enable your application to interact with Mercado Libre.
client_id: It is the App ID assigned to your application when created. No need to worry about authentication of users in Mercado Libre, our platform will take care of that!
- Once the user logs in, he/she will be redirected to your application authorization page. The user will be presented with every requested permit there.
- When permissions are granted, the user will be redirected to the Redirect URI (configured for your Mercado Libre application) with the relevant access_token attached to the URL, as follows:
access_token: Access key to private resources.
Expires_in: Access token service life in seconds.
Domains: Redirect URI domain.
- Done! You can now use the access_token to call our API and thus gain access to the user’s private data.
For example, to access the user’s private information:
$ curl https://api.mercadolibre.com/users/me?access_token=$ACCESS_TOKEN
- Remember that if the access_token expires you will have to go over the previous steps to obtain a new one.
- When using this flow, you cannot get a refresh token. Once the token expires, you will need to redirect the user once again to the authorization URL to obtain the new access token.
In short, this is the process you will be performing:
1) Redirect users to Mercado Libre.
2) No need to worry about authentication of users in Mercado Libre, our platform will take care of that!.
3) Authorization page.
4) You can now use the access_token to call our API and thus gain access to the user’s private data.
Remember to change the .com.ar for the relevant country’s domain.
Interact with community developers and share your doubts and experiences.