Register your application
To access the applications, you must be logged in to the devcenter. If you have an integrated application, go to the "Edit" view and fill in the authentication verification code of your profile.
There are four groups of information in this form:
- API settings
- Basic information of the API
- Authentication and Security
- Notification settings
Once the application has been created in Mercado Libre you can access the data uploaded in the form:
client_id: is the APP ID of the application that was created.
client_secret: password of your Mercado Libre application. Do not share this with anyone.
programar renovación: action to schedule the update of the Client secret.
renovar ahora: action to update the client secret.
Basic information of the API
name: name of your application. It must be unique.
short_name: name that Mercado Libre uses to generate the URL of your application.
description: This description (up to 150 characters) will be displayed when the application requests an authorization.
Editing the application
Whenever you want to modify the Client secret you can do it manually by following these steps:
- Go to Application Settings.
- Change the mode to "Hide" or "Show" the Client secret.
- Click on the three dots and select one of the displayed actions to schedule the way to renew the Client secret: Renew Now or Schedule renewal.
- Select the date you want the current key to expire, the selector will drop up to 7 days.
- You can also select the time, the selector will display options every 30 minutes.
- Finally, click on "Renew", to confirm the scheduled update of the Client secret at the date and time you specified.
This is the confirmation to update the Client secret. By selecting the option, a new one will be generated at the same time, the key will expire, and the update will be done. We recommend updating the new key in your developments as soon as possible, because in that period of time, the new users that want to give permission to the app will have an error.
This is the option we recommend to use, where you will have the possibility to prepare your development/test environment for the key change on the scheduled update date.
To do this:
By setting the update, you will have 2 "current" Client secret and new Client secret before the end of the term.
On the other hand, once the confirmation for the update is done, you will have available the options of "Cancel renewal" (action to cancel the update of the Client secret) or "Expire now" (action to renew the Client secret).
Cancel the update
Once the Client secret has been programmed for update, it is possible to cancel it. When the programmed update is cancelled, the Client secret will expire and the current Client secret will continue to be valid.
This action will allow you to bring forward the scheduled update, the new Client secret becomes effective and the current Client secret expires at the same time.
Settings and permissions
Callback URL: Redirect URI. URL to call users back to your application once they grant access.
Use PKCE (Proof Key for Code Exchange): this determines if the application will have active PCKE validation for token generation. This will allow a second check to avoid authorization code injection attacks and CSRF (Cross-site Request Forgery).
- Read: Allows the use of API GET HTTPS methods.
- Offline Access: Allows a server side request and refresh token.
- Write: Allows the use of PUT, POST and DELETE HTTPS API methods.
There are several types of applications. However, we will divide them into three groups to explain the required scopes.
An application that allows an anonymous or authenticated user to access customized MELI information. In this case, an anonymous user could search for items, read descriptions, etc. and an authenticated user can view personal information. If you do not make any modifications to MELI data (no updates to user information, no posting of items, no purchase of items), all you need is a read scope. Remember that any attempt to modify data through the Meli APIs will fail.
Online read/write applications
This type of application allows an anonymous user to perform certain read-only operations in MELI, as well as allowing an authenticated user to modify data, post new items (sell), post orders (buy), etc. In this case, the application requires a write scope so that the user can grant write permissions and the application acts on his behalf. The application will be able to modify data on behalf of the user as long as the access token is valid. Once expired, the user must renew the token to regain access.
Offline read/write applications
If your application must act on behalf of the user even when the user is offline, it will require offline access permission from the user. By requesting this scope, once accepted by the user, the application will have both the access token to act on behalf of the user and a refresh token to obtain a new valid access token when the old one expires.
Topics: list of topics you wish to subscribe to. There are six possible topics: orders, items, questions, payments, created_orders and pictures.
Notifications Callback : configure the public URL of the domain where you wish to receive notifications for the different topics.
Learn more about how to subscribe to notifications.
You will be able to access the list of users who have given permissions to your app.
- New = Authorization created in the last 24 hours
- Inactive (bullet gray) = Authorization unused for more than 3 months
- Inactive (bullet blue) = Authorization unused for less than 3 months
- Active = Authorization with constant use
Entering My applications you have the option to "Delete", this action allows you to delete the application.
Know more about our Developer Partner Program.