Home
Documentation
Resources
Partners
Community

Partners

Discover our program for agencies or developers that offer integration services and sellers who want to hire them.

Community

Get the latest news, ask others for help and share your knowledge.

Manage Access Token - OAuth - Mercado Pago Developers
Which documentation are you looking for?

Do not know how to start integrating? 

Check the first steps

Manage Access Token

Currently there are different ways in which the Access tokens and yours temporary grants created can be disabled and invalidated to authorize requests for protected resources or to exchange them for new tokens.

  • Expiration: after the time set at the time of creation, the token automatically expires and cannot be obtained.
  • User password change: there are password change flows where the seller can revoke all your credentials, including associated tokens and temporary grants.
  • Authorization revocation: revoking an authorization between the seller and the application triggers the deletion of all tokens and temporary grants associated with them.
  • Laundering of credentials for fraud: it is possible that the Information Security and Fraud Prevention department performs a complete update of a user's credentials. This triggers the deletion of all tokens and temporary grants associated with the seller in question.
  • User session cleanup: enables refresh of all vendor tokens and temporary grants.
  • Application elimination: when an application is eliminated, all tokens and temporary grants belonging to it are deleted.

You can receive webhook notifications every time a seller authorizes or deauthorizes your application. To configure them, read Dashboard.

To configure them, see more information on Webhooks documentation.