# MD for: https://www.mercadopago.com.mx/developers/es/docs/subscriptions/additional-content/security/oauth/best-practices.md

\# Best practices for OAuth integration When using OAuth, it is important to take certain aspects into account so that the integration works correctly. Below, you will find a guide to possible errors and good practices to keep in mind. ## Correct use of values in request headers Always use the \`accept\` and \`content-type\` headers in your POST request. Be careful not to add values to headers that are not part of the integration to avoid getting a response error. !\[oauth\_header\](https://www.mercadopago.com.mx/images/oauth/oauth\_header-v1.png) ## Correct use of 'params' values In your POST call, be careful to use only the requested \`params\` values. Do not add any other non-required values, otherwise you will receive an error code in response. !\[oauth\_params\](https://www.mercadopago.com.mx/images/oauth/oauth-1-v1.png) ## Correct use of Query Params Remember not to send any parameters inside Query Params. Send the parameters within the request body as indicated in \[API Reference\](https://www.mercadopago.com.mx/developers/en/reference/authentication/oauth/\_oauth\_token/post). !\[oauth\_queryparams\](https://www.mercadopago.com.mx/images/oauth/oauth\_queryparams\_v2.png) ## Correct use of the 'grant\_type' field Always use the \`grant\_type\` field in your requests with the \`authorization\_code\` or \`client\_credentials\` values. Remember that if you send another value, it is possible that you will receive an error in response. !\[oauth\_grant\_type\](https://www.mercadopago.com.mx/images/oauth/oauth\_granttype\_v2.png) ## Using the 'state' field in the 'authorization code' request To enhance integration security, we recommend including the \`state\` parameter in the \`authorization code\` request flow. This way, you can ensure that the response belongs to a request initiated by the same application. \*\*Make sure that the \`redirect\_uri\` is a static URL\*\*. If you want to send additional parameters in that URL, use the \`state\` parameter to include that information. Otherwise, the call will receive an error response if the \`redirect\_uri\` does not exactly match the application's configuration. !\[oauth\_state\](https://www.mercadopago.com.mx/images/oauth/oauth\_state\_v4-v1.png) To find more information about the request, its parameters, and the possible success and error responses you may receive, go to \[API Reference\](https://www.mercadopago.com.mx/developers/en/reference/authentication/oauth/\_oauth\_token/post) documentation.