Integrate for mobile applications - Card - Mercado Pago Developers
Integration for mobile applications
The integration via the Native SDK Core Methods from Mercado Pago offers full control over the capture and processing of payment information, allowing you to create and customize forms according to your needs.
To integrate the Mercado Pago Native SDK using Core Methods, refer to the instructions specific to each technology:
Requirements
Before you start the integration, make sure your project meets the following requirements:
Requirement
Description
SDK
Version 23 or higher
Jetpack Compose BoM
Version 2024.12.01 or higher
Kotlin
Version 2.0 or higher
Public Key
The Public KeyPublic key used in the frontend to access information and encrypt data. You can access it through Your integrations > Application details > Production > Production credentials. is directly linked to the applicationEntity registered in Mercado Pago that acts as an identifier to manage your integrations. For more information, see the link below.Application details you created, so each one is unique for every integration.
Configure secure fields
Secure fields are components developed to ensure the privacy and protection of sensitive data typed by the buyer. Fully PCI-compliantSet of security rules designed to protect payment card data against fraud and data breaches., these fields ensure that the application never has direct access to the entered information, which is securely transmitted only for the creation of tokens and transactions.
All interactions with these fields occur through callbacks, allowing the capture of relevant events without exposing user data. The methods described below use instances of these secure fields, so it is essential that they are properly configured in the checkout interface before using them.
Each component notifies the integrating application when there is a value change, without exposing the entered data, and also informs the result of the field validation according to PCI and card rules.
The data typed in the secure fields is never available to the integrating application. They are securely sent only for the creation of tokens and transactions.
In the table below, you will find the details of the available components. For more information about configuration, refer to the corresponding documentation for each component on GitHub.
Core Methods are essential for building a checkout flow integrated with Mercado Pago. They use information captured by the secure fields and enable the execution of the main payment operations.
Each method should be used according to the needs of your payment flow. To use them, start by creating an instance of Core Methods in your class with the following Kotlin code: val coreMethods = MercadoPagoSDK.getInstance().coreMethods.
This way, you will be able to use any of the methods listed below:
The Get payment methods method returns the list of available payment methods based on the informed card BIN, considering the rules and valid financial institutions for the configured country. This step is essential to identify the card brand, correctly set the next steps of the checkout, and validate the card acceptance.
kotlin
val coreMethods = MercadoPagoSDK.getInstance().coreMethods
coroutineScope {
// You should use the bin returned from CardNumberTextFieldEvent.OnBinChanged
val result = coreMethods.getPaymentMethods(bin = bin)
when (result) {
is Result.Success -> {
// Request succeeded
print("Request success: ${result.data}")
}
is Result.Error -> {
when (result.error) {
is ResultError.Request -> {
// Request-type error
print("Request error: ${result.error}")
}
is ResultError.Validation -> {
// Validation-type error
print("Validation error: ${result.error}")
}
}
}
}
}
The parameters are listed in the table below.
Parameter
Type
Description
Required
bin
String
The first 8 digits of the credit card, obtained by the onBinChange callback of CardNumberTextFieldEvent.
The Get installment options method searches for all available installment options for a given card and transaction amount. It considers the issuer’s rules, the payment method, and the purchase amount, returning all valid installment options, including number of installments, interest, value of each installment, total value, and more.
The call to the getInstallments method must be made for all card types (debit and credit) to verify if the payment can be completed using that method.
kotlin
val coreMethods = MercadoPagoSDK.getInstance().coreMethods
coroutineScope {
// You should use the bin returned from CardNumberTextFieldEvent.OnBinChanged
val result = coreMethods.getInstallments(
bin = bin,
amount = BigDecimal("100.00")
)
when (result) {
is Result.Success -> {
// Request succeeded
print("Request success: ${result.data}")
}
is Result.Error -> {
when (result.error) {
is ResultError.Request -> {
// Request-type error
print("Request error: ${result.error}")
}
is ResultError.Validation -> {
// Validation-type error
print("Validation error: ${result.error}")
}
}
}
}
}
Use the information from the Installment to show the buyer all details of the purchase value and installment plan before completing the payment.
The parameters are listed in the table below.
Parameter
Type
Description
Required
bin
String
The first 8 digits of the credit card, obtained by the onBinChange callback of CardNumberTextFieldEvent.
For certain payment methods and brands, Mercado Pago requires the identification of the card issuer (issuer). This method returns the list of available issuers for the informed BIN, allowing the user to select the correct issuer when necessary.
kotlin
val coreMethods = MercadoPagoSDK.getInstance().coreMethods
coroutineScope {
// You should use the bin returned from CardNumberTextFieldEvent.OnBinChanged
// You should use the paymentMethodId returned from the PaymentMethods request
val result = coreMethods.getCardIssuers(
bin = bin,
paymentMethodId = paymentMethodId,
)
when (result) {
is Result.Success -> {
// Request succeeded
print("Request success: ${result.data}")
}
is Result.Error -> {
when (result.error) {
is ResultError.Request -> {
// Request-type error
print("Request error: ${result.error}")
}
is ResultError.Validation -> {
// Validation-type error
print("Validation error: ${result.error}")
}
}
}
}
}
The parameters are listed in the table below.
Parameter
Type
Description
Required
bin
String
The first 8 digits of the credit card, obtained by the onBinChange callback of CardNumberTextFieldEvent.
Required
paymentMethodId
String
Payment method ID, usually obtained from the result of the PaymentMethods method.
In some countries, Mercado Pago requires the validation of an identification document of the cardholder. This method returns all accepted document types, such as CPF, RG, DNI, for the country configured in the integration.
kotlin
val coreMethods = MercadoPagoSDK.getInstance().coreMethods
coroutineScope {
val result = coreMethods.getIdentificationTypes()
when (result) {
is Result.Success -> {
// Request succeeded
print("Request success: ${result.data}")
}
is Result.Error -> {
when (result.error) {
is ResultError.Request -> {
// Request-type error
print("Request error: ${result.error}")
}
is ResultError.Validation -> {
// Validation-type error
print("Validation error: ${result.error}")
}
}
}
}
}
This method is responsible for generating a temporary token from the informed card data. The generated token is required for the payment transaction via the Mercado Pago API, as it replaces the card’s sensitive data, ensuring greater security in the process.
The call to this method uses an instance of the secure fields previously configured in the checkout interface. Therefore, make sure the secure fields are properly implemented and configured before using the generateCardToken method.
Create a token for a new card
To securely generate a token for a new card, use the class that protects the entered data and pass it to the generateCardToken method. Before executing the method, check if all required fields are correctly filled.
kotlin
val coreMethods = MercadoPagoSDK.getInstance().coreMethods
coroutineScope {
val result = coreMethods.generateCardToken(
cardNumberState = cardNumberPCIFieldState,
expirationDateState = expirationDatePCIFieldState,
securityCodeState = securityCodePCIFieldState,
buyerIdentification = BuyerIdentification(
name = "APRO",
number = "12345678909",
type = "CPF"
)
)
when (result) {
is Result.Success -> {
// Request succeeded
print("Request success: ${result.data}")
}
is Result.Error -> {
when (result.error) {
is ResultError.Request -> {
// Request-type error
print("Request error: ${result.error}")
}
is ResultError.Validation -> {
// Validation-type error
print("Validation error: ${result.error}")
}
}
}
}
}
In the Mercado Pago flow, card data previously registered by the buyer is securely stored and not accessible to your backend. Only the card ID is available to the application. To process payments with saved cards, use this ID to generate a temporary token. This process ensures the protection of sensitive information, as only the card ID is handled by the application, while the card number, CVV, and expiration date are never exposed. Make sure the secure fields are properly configured and filled in.
kotlin
val coreMethods = MercadoPagoSDK.getInstance().coreMethods
coroutineScope {
val result = coreMethods.generateCardToken(
cardId = cardId,
expirationDateState = expirationDatePCIFieldState,
securityCodeState = securityCodePCIFieldState,
buyerIdentification = BuyerIdentification(
name = "APRO",
number = "12345678909",
type = "CPF"
)
)
when (result) {
is Result.Success -> {
// Request succeeded
print("Request success: ${result.data}")
}
is Result.Error -> {
when (result.error) {
is ResultError.Request -> {
// Request-type error
print("Request error: ${result.error}")
}
is ResultError.Validation -> {
// Validation-type error
print("Validation error: ${result.error}")
}
}
}
}
}
The request must be made by creating a payment that contains the associated transaction.
To do this, send a POST with your Production Access TokenPrivate key of the application created in Mercado Pago, used in the backend in development environments and for receiving real payments. You can access it via Your integrations > Application details > Production > Production credentials. and the required parameters listed below to the endpoint /v1/paymentsAPI and execute the request.
See the table below for the descriptions of parameters that have important particularities to highlight:
Attribute
Type
Description
Requirement
Authorization
Header
Refers to your private key, the Access Token.
Required
X-Idempotency-Key
Header
Idempotency key. This key ensures each request is processed only once, preventing duplicates. Use a unique value in the request header, such as a UUID V4 or a random string.
Required
token
Body.String
Card token identifier. The token is generated from the card data itself, providing greater security in the payment process. After being used in a purchase, the token is discarded, requiring the creation of a new token for each transaction.
Required
transaction_amount
Body.String
Product cost. For Chile, it must be an integer.
Required
installments
Body.String
Number of selected installments.
Required
payment_method_id
Body.String
Indicates the identifier of the payment method selected to make the payment. Retrieve all available payment methods by sending a GET to the /v1/payment_methods endpoint.
Required
payer.email
Body.String
Email associated with the payer.
Required
For detailed information on all parameters sent in this request, check the API Reference.
Examples and references
To deepen your understanding of the implementation and use of the SDK, check the GitHub repository.
The repository includes a complete sample module, demonstrating the integration of secure fields and Core Methods, as well as an integrated and secure checkout flow.