Documentation Index
Fetch the complete documentation index at: https://mintlify.com/mercadopago/sdk-java/llms.txt
Use this file to discover all available pages before exploring further.
OauthClient implements Mercado Pago’s OAuth 2.0 authorization code flow, which is the standard mechanism for marketplace and platform integrations to act on behalf of a seller. In this flow, the marketplace generates an authorization URL that the seller visits to grant permission. After authorization, Mercado Pago redirects the seller back with a one-time authorization_code that the marketplace exchanges for an access_token and refresh_token. The access_token is subsequently passed via MPRequestOptions to all API calls that must run with the seller’s identity (e.g., creating a split payment on their behalf). The refresh_token must be exchanged for a new access_token before the current one expires.
OauthClient
Package:com.mercadopago.client.oauth
Constructors
Methods
getAuthorizationURL
Builds the OAuth authorization URL that the seller must visit to grant your marketplace access to their account. Internally calls UserClient.get() to determine the authenticated user’s country and constructs the correct country-specific authorization host.
Your application ID (client_id) registered in the Mercado Pago developer panel.
The URL to which Mercado Pago will redirect the seller after they grant (or deny) access. Must match the redirect URI configured in your application settings.
Optional per-request overrides for access token, headers, or timeouts. Pass
null to use defaults.String — the full country-specific authorization URL. Returns null if the authenticated user’s country cannot be determined.
createCredential
Exchanges an authorization code for OAuth credentials (access token, refresh token, and expiration). Call this after the seller is redirected back to your redirectUri with the code query parameter.
The one-time authorization code received as the
code query parameter on your redirect URI after the seller grants access.The same redirect URI used when generating the authorization URL. Must match exactly.
Optional per-request overrides. The
clientSecret used internally is taken from requestOptions.getAccessToken() if provided, or from MercadoPagoConfig.getAccessToken() otherwise.CreateOauthCredential — contains the seller’s access_token, refresh_token, token_type, expires_in, and scope.
refreshCredential
Refreshes an expired OAuth access token using the seller’s refresh_token. Access tokens expire after a fixed period — call this proactively before the token expires to maintain uninterrupted API access on behalf of the seller.
The refresh token returned during the initial
createCredential call.Optional per-request overrides.
RefreshOauthCredential — contains a new access_token, refresh_token, and expiration details.
CreateOauthCredentialRequest fields
This request DTO is built internally bycreateCredential. Its fields are:
Fixed value:
"authorization_code". Set automatically by the SDK.Your marketplace’s access token, used as the
client_secret. Set automatically from MercadoPagoConfig or requestOptions.Your application ID (client_id).
The authorization code received from the redirect.
The redirect URI used during authorization.
RefreshOauthCredentialRequest fields
This request DTO is built internally byrefreshCredential. Its fields are:
Fixed value:
"refresh_token". Set automatically by the SDK.Your marketplace’s access token. Set automatically from
MercadoPagoConfig or requestOptions.Your application ID (client_id).
The refresh token to exchange for a new access token.
Using seller access tokens for subsequent API calls
Once you have the seller’saccess_token, pass it to any client method via MPRequestOptions to execute that request in the context of the seller’s account: