Developer

English

Portuguese

English

Portuguese

Appearance

Digital Certificate Guidelines

Currently, Mercado Eletrônico provides two integration models, each with its own certificate configuration:

  1. api.mercadoe.com (current model – recommended)
  2. api.me.com.br (legacy model – being phased out)

Integration: api.mercadoe.com

This is the most recent and recommended integration, using certificates issued by the Let’s Encrypt certificate authority, with support for a certificate chain.

How the certification works

Communication with the API is secured through a digital certificate chain composed of:

  1. Server certificate (e.g., api.mercadoe.com)
  2. Intermediate certificates (e.g., R12, R13 – Let’s Encrypt)
  3. Root certificate from the certificate authority

Relationship between certificates

  • The API certificate does not replace the intermediate or root certificates
  • TLS connection validation depends on the complete chain of trust
  • The client must trust the certificate authority that issued the server certificate

To ensure proper integration functionality, it is recommended to:

  1. Import the Let’s Encrypt root certificate:
    • ISRG Root X1
  2. Import the current intermediate certificates:
    • R12 and R13 (or their updated equivalents)
  3. It is not necessary to manually import the API certificate, as it is automatically presented during the TLS handshake

Benefits of this configuration

  • Ensures proper validation of the full chain of trust
  • Prevents outages caused by automatic server certificate renewals
  • Provides greater stability and security in communication

Official Certificate References

Root certificate (required):

Intermediate certificates (recommended):

Integration: api.me.com.br (Legacy)

This integration corresponds to the previous model, internally referred to as broker, and is currently being phased out.

Characteristics

  • Uses a wildcard certificate
  • Remains compatible with existing integrations, but is not recommended for new implementations
  • May be discontinued in the future

Certificate download

The certificate can be obtained at:

https://connect.mercadoeletronico.com/certs/

General Recommendation

It is strongly recommended to adopt the api.mercadoe.com integration, as it aligns with industry best practices, including:

  • Use of a standard certificate chain
  • Automatic certificate renewal
  • Greater resilience and compatibility with modern clients