• API Docs
  • Getting started
  • Register your application
Last update 10/11/2022

Register your application

To create an application, you must login, click My applications(Argentina, Brasil, Chile, México, Colombia, Uruguay) fill in some details about your application and after it, you’ll get a Client_Id and a Secret_Key that will be needed to authenticate with our API.

My applications

To access the applications, you must be logged in to the devcenter. If you have an integrated application, go to the "Edit" view and fill in the authentication verification code of your profile.



Application data

There are four groups of information in this form:

  • API settings
  • Basic information of the API
  • Authentication and Security
  • Notification settings

  • Edit

    Once the application has been created in Mercado Libre you can access the data uploaded in the form:


    API settings


    client_id: is the APP ID of the application that was created.

    client_secret: password of your Mercado Libre application. Do not share this with anyone.

    programar renovación: action to schedule the update of the Client secret.

    renovar ahora: action to update the client secret.



    Basic information of the API


    name: name of your application. It must be unique.

    short_name: name that Mercado Libre uses to generate the URL of your application.

    description: This description (up to 150 characters) will be displayed when the application requests an authorization.


    Editing the application

    Whenever you want to modify the Client secret you can do it manually by following these steps:

    1. Go to Application Settings.
    2. Change the mode to "Hide" or "Show" the Client secret.
    3. Click on the three dots and select one of the displayed actions to schedule the way to renew the Client secret: Renew Now or Schedule renewal.



    4. Update now

      This is the confirmation to update the Client secret. By selecting the option, a new one will be generated at the same time, the key will expire, and the update will be done. We recommend updating the new key in your developments as soon as possible, because in that period of time, the new users that want to give permission to the app will have an error.




      Program update

      This is the option we recommend to use, where you will have the possibility to prepare your development/test environment for the key change on the scheduled update date.
      To do this:

      1. Select the date you want the current key to expire, the selector will drop up to 7 days.
      2. You can also select the time, the selector will display options every 30 minutes.
      3. Finally, click on "Renew", to confirm the scheduled update of the Client secret at the date and time you specified.


      4. By setting the update, you will have 2 "current" Client secret and new Client secret before the end of the term.




        On the other hand, once the confirmation for the update is done, you will have available the options of "Cancel renewal" (action to cancel the update of the Client secret) or "Expire now" (action to renew the Client secret).




        Cancel the update

        Once the Client secret has been programmed for update, it is possible to cancel it. When the programmed update is cancelled, the Client secret will expire and the current Client secret will continue to be valid.





        Expire Now

        This action will allow you to bring forward the scheduled update, the new Client secret becomes effective and the current Client secret expires at the same time.




        Settings and permissions


        Callback URL: Redirect URI. URL to call users back to your application once they grant access.

        Use PKCE (Proof Key for Code Exchange): this determines if the application will have active PCKE validation for token generation. This will allow a second check to avoid authorization code injection attacks and CSRF (Cross-site Request Forgery).


        Scopes

        • Read: Allows the use of API GET HTTPS methods.
        • Offline Access: Allows a server side request and refresh token.
        • Write: Allows the use of PUT, POST and DELETE HTTPS API methods.
        Notes:
        - To create an application within the Application Manager it is a mandatory requirement to use the HTTPS protocol in its redirection URI as this ensures that the message is sent encrypted and only authorized persons can read it.
        - If you are still using HTTP and want to make changes you will have to configure the new URL with HTTPS.


        Scopes considerations

        There are several types of applications. However, we will divide them into three groups to explain the required scopes.


        Read-only applications

        An application that allows an anonymous or authenticated user to access customized MELI information. In this case, an anonymous user could search for items, read descriptions, etc. and an authenticated user can view personal information. If you do not make any modifications to MELI data (no updates to user information, no posting of items, no purchase of items), all you need is a read scope. Remember that any attempt to modify data through the Meli APIs will fail.


        Online read/write applications

        This type of application allows an anonymous user to perform certain read-only operations in MELI, as well as allowing an authenticated user to modify data, post new items (sell), post orders (buy), etc. In this case, the application requires a write scope so that the user can grant write permissions and the application acts on his behalf. The application will be able to modify data on behalf of the user as long as the access token is valid. Once expired, the user must renew the token to regain access.


        Offline read/write applications

        If your application must act on behalf of the user even when the user is offline, it will require offline access permission from the user. By requesting this scope, once accepted by the user, the application will have both the access token to act on behalf of the user and a refresh token to obtain a new valid access token when the old one expires.


        Notification settings


        Topics: list of topics you wish to subscribe to. There are six possible topics: orders, items, questions, payments, created_orders and pictures.

        Notifications Callback : configure the public URL of the domain where you wish to receive notifications for the different topics.

        Learn more about how to subscribe to notifications.


        Manage permissions

        You will be able to access the list of users who have given permissions to your app.


        - New = Authorization created in the last 24 hours


        - Inactive (bullet gray) = Authorization unused for more than 3 months


        - Inactive (bullet blue) = Authorization unused for less than 3 months


        - Active = Authorization with constant use


        Delete

        Entering My applications you have the option to "Delete", this action allows you to delete the application.




        Know more about our Developer Partner Program.


        Next: Authentication and Authorization.