mercadopago-sdk 3.0.1 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba9367571c6c8fd1ec045363ea57955ae114ad7ac54ec05970a0c216481713cb
-  data.tar.gz: 3a87bbabeda87b908c5567c10f721b8ce7c4a658d1a05c80fc266a7580473487
+  metadata.gz: a3f9c30f87f2a16606d96b4b955e9c84b2297608fa13ae849c7c1fa0c5e81e8e
+  data.tar.gz: a85e57aab4d0cb2a0916e272b3cba305d0c43bc8b71ac395c5f20436e19b5ba0
 SHA512:
-  metadata.gz: d6a7610a8ad7fcb1f52481d67f77f0b650e61f63114e8d4d55ef14d9647fdce1077e7988234b1bab507756f879655a0785ee4cc7533759c5258549775ab456a9
-  data.tar.gz: dbddfd7d001bb22c4073433cd3a11b09e7c85ec3626ed59fef3ebb5d47d58e9b366595771e8cb592ce2c2bde9ccb0f5a335e17362c8bf76f29d204f86297a9e6
+  metadata.gz: eb1e14c6daa97a705470095aad0577f4b16691b62e88afde38337a65cb459adc3875611c9c245bab111ed67dece2c52552bf28bddb2f3d190974b562e0197100
+  data.tar.gz: 63222ba960570cec0eeeae9a267d4d549ef5862bd9da27918c62acee2aa6689d93e21fb5f91c5ffe0be374d28fcad6bb429bafb34011376cfb18d85c53234731

data/.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,8 +1,8 @@
 name: 🐛 Bug Report
 description: Report a bug or unexpected behavior in the SDK
 title: "[BUG]: "
-labels: ["bug", "needs-triage"]
-assignees: ["danielalfarourrea","luismeli10","orojaspardo"]
+labels: ["bug"]
+assignees: ["luismeli10","orojaspardo","barajas-d"]
 
 body:
   - type: markdown

data/.github/ISSUE_TEMPLATE/feature_request.yml

@@ -1,8 +1,8 @@
 name: ✨ Feature Request
 description: Propose a new feature for the Mercado Pago SDK
 title: "[FEATURE]: "
-labels: ["enhancement", "needs-triage"]
-assignees: ["danielalfarourrea","luismeli10","orojaspardo"]
+labels: ["enhancement"]
+assignees: ["luismeli10","orojaspardo","barajas-d"]
 
 body:
   - type: markdown

data/.github/ISSUE_TEMPLATE/question.yml

@@ -1,8 +1,8 @@
 name: 💬 Question
 description: Ask a question about the Mercado Pago SDK
 title: "[QUESTION]: "
-labels: ["question", "needs-triage"]
-assignees: ["danielalfarourrea","luismeli10","orojaspardo"]
+labels: ["question"]
+assignees: ["luismeli10","orojaspardo","barajas-d"]
 
 body:
   - type: markdown

data/.github/dependabot.yml

@@ -0,0 +1,44 @@
+# Dependabot version updates — sdk-ruby
+# Ubicación obligatoria: .github/dependabot.yml
+# Ecosistemas: bundler (Ruby) + github-actions
+version: 2
+
+updates:
+  # ── Ruby / Bundler ───────────────────────────────────────────────────
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "America/Bogota"
+    open-pull-requests-limit: 5
+    assignees:
+      - "luismeli10"
+      - "orojaspardo"
+      - "barajas-d"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"
+    # bundler puede ejecutar código de gemspec durante el update — lo bloqueamos
+    insecure-external-code-execution: "deny"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+
+  # ── GitHub Actions (CI) ──────────────────────────────────────────────
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "America/Bogota"
+    open-pull-requests-limit: 1
+    labels:
+      - "dependencies"
+      - "ci"
+    commit-message:
+      prefix: "chore(ci)"

data/.github/workflows/ci.yml

@@ -1,10 +1,3 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
-# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
-
 name: Ruby
 
 on:
@@ -15,27 +8,36 @@ on:
 
 jobs:
   test:
-
     runs-on: ubuntu-latest
+    container: ruby:3.4
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v6
       with:
         ref: ${{ github.event.pull_request.head.ref }}
         repository: ${{ github.event.pull_request.head.repo.full_name }}
 
-    - name: Set up Ruby
-    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
-    # change this to (see https://github.com/ruby/setup-ruby#versioning):
-      uses: ruby/setup-ruby@v1
+    - name: Cache gems
+      uses: actions/cache@v4
       with:
-        ruby-version: 3.4
+        path: vendor/bundle
+        key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gems-
+
     - name: Install dependencies
-      run: bundle install
+      run: |
+        bundle config set --local path vendor/bundle
+        bundle install
+
     - name: Rubocop
-      run: rubocop lib
-    - name: Run tests
-      run: bundle exec rake
-      env:
-        ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN_V2 }}
+      run: bundle exec rubocop lib
+
+    # Integration tests disabled: they require a valid MercadoPago ACCESS_TOKEN
+    # that is not available in the CI environment. To run them locally:
+    #   ACCESS_TOKEN=<your_token> bundle exec rake
+    # - name: Run tests
+    #   run: bundle exec rake
+    #   env:
+    #     ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN_V2 }}

data/.github/workflows/release.yml

@@ -7,27 +7,22 @@ on:
 jobs:
   release:
     runs-on: ubuntu-latest
+    container: ruby:3.4
 
     permissions:
       contents: write
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          bundler-cache: true
+        uses: actions/checkout@v6
 
       - name: Install dependencies
         run: bundle install
 
-      - name: Validate gemspec
-        run: gem build mercadopago.gemspec
+      - name: Configure git safe directory
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
 
       - name: Build gem
-        shell: bash
         run: gem build *.gemspec
 
       - name: Publish gem to rubygems.org
@@ -36,5 +31,4 @@ jobs:
         run: gem push *.gem
 
       - name: Wait for release to propagate
-        run: |
-          gem install rubygems-await
+        run: gem install rubygems-await

data/CHANGELOG.md

@@ -0,0 +1,38 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+This project follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [3.1.0] - 2026-05-27
+
+### Added
+
+- **OAuth**: authorization URL builder, token exchange, and token refresh
+  (`sdk.oauth.get_authorization_url`, `.create`, `.refresh`).
+  Enables marketplace and platform integrations to operate on behalf of
+  other sellers via the OAuth 2.0 authorization code flow.
+  Endpoints: `POST /oauth/token`.
+
+- **Point**: in-person payment intent management for MercadoPago Point
+  devices (`sdk.point.get_devices`, `.create`, `.get`, `.cancel`).
+  Enables card-present transactions through physical Point card readers.
+  Endpoints: `GET /point/integration-api/devices`,
+  `POST /point/integration-api/devices/{device_id}/payment-intents`,
+  `GET /point/integration-api/payment-intents/{id}`,
+  `DELETE /point/integration-api/devices/{device_id}/payment-intents/{id}`.
+  Note: `change_operating_mode` (PATCH) is not included; requires HttpClient
+  PATCH support.
+
+- **Invoice**: retrieval and search of subscription billing invoices
+  (`sdk.invoice.get`, `.search`). Enables monitoring of authorized
+  payments generated by PreApproval billing cycles.
+  Endpoints: `GET /authorized_payments/{id}`,
+  `GET /authorized_payments/search`.
+
+- **Chargeback**: retrieval and search of payment dispute records
+  (`sdk.chargeback.get`, `.search`). Enables monitoring and response to
+  cardholder disputes.
+  Endpoints: `GET /v1/chargebacks/{id}`,
+  `GET /v1/chargebacks/search`.

data/Gemfile

@@ -4,7 +4,7 @@ source 'https://rubygems.org'
 
 group :development, :test do
   gem 'rake'
-  gem 'minitest', '~> 5.0'
+  gem 'minitest', '~> 5.27'
   gem 'rubocop', '~> 1.70', require: false
 end
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    mercadopago-sdk (3.0.1)
+    mercadopago-sdk (3.1.0)
       faraday (~> 2.0)
       json (~> 2.5)
 
@@ -10,17 +10,17 @@ GEM
   specs:
     ast (2.4.2)
     coderay (1.1.3)
-    faraday (2.14.1)
+    faraday (2.14.2)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
-    faraday-net_http (3.4.2)
+    faraday-net_http (3.4.3)
       net-http (~> 0.5)
-    json (2.9.1)
+    json (2.19.5)
     language_server-protocol (3.17.0.3)
     logger (1.7.0)
     method_source (1.0.0)
-    minitest (5.25.5)
+    minitest (5.27.0)
     net-http (0.9.1)
       uri (>= 0.11.1)
     parallel (1.26.3)
@@ -32,7 +32,7 @@ GEM
       method_source (~> 1.0)
     racc (1.8.1)
     rainbow (3.1.1)
-    rake (13.0.3)
+    rake (13.4.2)
     regexp_parser (2.10.0)
     rubocop (1.70.0)
       json (~> 2.3)
@@ -55,12 +55,9 @@ GEM
 PLATFORMS
   ruby
 
-RUBY VERSION
-   ruby 3.4.3p0
-
 DEPENDENCIES
   mercadopago-sdk!
-  minitest (~> 5.0)
+  minitest (~> 5.27)
   pry (~> 0.14)
   rake
   rubocop (~> 1.70)

data/examples/chargeback/search_chargeback.rb

@@ -0,0 +1,14 @@
+require_relative '../../lib/mercadopago'
+
+sdk = Mercadopago::SDK.new('<YOUR_ACCESS_TOKEN>')
+
+# Search chargebacks by payment ID
+result = sdk.chargeback.search(filters: { payment_id: '<PAYMENT_ID>' })
+puts "Chargebacks: #{result[:response]}"
+
+# Get a specific chargeback by ID
+if result[:response]['results']&.any?
+  chargeback_id = result[:response]['results'].first['id']
+  chargeback = sdk.chargeback.get(chargeback_id)
+  puts "Chargeback details: #{chargeback[:response]}"
+end

data/examples/invoice/get_invoice.rb

@@ -0,0 +1,14 @@
+require_relative '../../lib/mercadopago'
+
+sdk = Mercadopago::SDK.new('<YOUR_ACCESS_TOKEN>')
+
+# Search invoices for a subscription
+result = sdk.invoice.search(filters: { preapproval_id: '<YOUR_PREAPPROVAL_ID>', limit: 10 })
+puts "Invoices: #{result[:response]}"
+
+# Get a specific invoice by ID
+if result[:response]['results']&.any?
+  invoice_id = result[:response]['results'].first['id']
+  invoice = sdk.invoice.get(invoice_id)
+  puts "Invoice details: #{invoice[:response]}"
+end

data/examples/oauth/create_token.rb

@@ -0,0 +1,22 @@
+require_relative '../../lib/mercadopago'
+
+sdk = Mercadopago::SDK.new('<YOUR_ACCESS_TOKEN>')
+
+# Step 1: Build the authorization URL and redirect the seller to it
+auth_url = sdk.oauth.get_authorization_url(
+  '<YOUR_APP_ID>',
+  'https://yourapp.com/callback',
+  '<UNIQUE_CSRF_STATE>'
+)
+puts "Redirect seller to: #{auth_url}"
+
+# Step 2: After the seller authorizes, exchange the code for tokens
+oauth_data = {
+  client_secret: '<YOUR_ACCESS_TOKEN>',
+  code: '<AUTHORIZATION_CODE_FROM_CALLBACK>',
+  redirect_uri: 'https://yourapp.com/callback',
+  grant_type: 'authorization_code'
+}
+
+result = sdk.oauth.create(oauth_data)
+puts "Token created: #{result[:response]}"

data/examples/point/create_payment_intent.rb

@@ -0,0 +1,26 @@
+require_relative '../../lib/mercadopago'
+
+sdk = Mercadopago::SDK.new('<YOUR_ACCESS_TOKEN>')
+
+# List available Point devices
+devices = sdk.point.get_devices
+puts "Devices: #{devices[:response]}"
+
+# Create a payment intent on a specific device
+device_id = '<YOUR_DEVICE_ID>'
+payment_intent_data = {
+  amount: 1500,
+  description: 'Product purchase',
+  payment: {
+    installments: 1,
+    type: 'credit_card'
+  }
+}
+
+result = sdk.point.create(device_id, payment_intent_data)
+puts "Payment intent created: #{result[:response]}"
+
+# Retrieve the payment intent status
+payment_intent_id = result[:response]['id']
+status = sdk.point.get(payment_intent_id)
+puts "Payment intent status: #{status[:response]}"

data/lib/mercadopago/config/config.rb

@@ -9,7 +9,7 @@ module Mercadopago
   # there is no need to instantiate this class directly.
   class Config
     # Current SDK version following SemVer.
-    @@VERSION = '3.0.1'
+    @@VERSION = '3.1.0'
 
     # User-Agent string sent with every HTTP request for server-side tracking.
     @@USER_AGENT = "MercadoPago Ruby SDK v#{@@VERSION}"

data/lib/mercadopago/http/http_client.rb

@@ -16,7 +16,6 @@ module Mercadopago
   # replace it via +SDK.new(token, http_client: MyClient.new)+ to
   # inject a custom transport (e.g. for testing or logging).
   class HttpClient
-    
     RETRYABLE_STATUSES = [429, 500, 502, 503, 504].freeze
 
     # Performs an HTTP GET request with automatic retry on transient errors.

data/lib/mercadopago/resources/chargeback.rb

@@ -0,0 +1,36 @@
+# typed: true
+# frozen_string_literal: true
+
+module Mercadopago
+  # Provides read access to chargeback disputes.
+  #
+  # Chargebacks are initiated by cardholders through their issuing bank
+  # when they dispute a payment. Use {#get} and {#search} to monitor and
+  # respond to disputes.
+  #
+  # @see https://www.mercadopago.com.br/developers/en/reference/chargebacks/
+  class Chargeback < MPBase
+    # Retrieves a chargeback by its ID.
+    #
+    # @param chargeback_id [Integer, String] unique chargeback identifier
+    # @param request_options [RequestOptions, nil] per-call configuration override
+    # @return [Hash{Symbol => Object}] +:status+ and +:response+ with the full chargeback object
+    # @see https://www.mercadopago.com.br/developers/en/reference/chargebacks/
+    def get(chargeback_id, request_options: nil)
+      _get(uri: "/v1/chargebacks/#{chargeback_id}", request_options: request_options)
+    end
+
+    # Searches chargebacks matching the given filters.
+    #
+    # @param filters [Hash, nil] query parameters (e.g. +:payment_id+, +:status+)
+    # @param request_options [RequestOptions, nil] per-call configuration override
+    # @return [Hash{Symbol => Object}] +:status+ and +:response+ with a paginated list of chargebacks
+    # @raise [TypeError] if +filters+ is not a Hash
+    # @see https://www.mercadopago.com.br/developers/en/reference/chargebacks/
+    def search(filters: nil, request_options: nil)
+      raise TypeError, 'Param filters must be a Hash' unless filters.nil? || filters.is_a?(Hash)
+
+      _get(uri: '/v1/chargebacks/search', filters: filters, request_options: request_options)
+    end
+  end
+end

data/lib/mercadopago/resources/invoice.rb

@@ -0,0 +1,40 @@
+# typed: true
+# frozen_string_literal: true
+
+module Mercadopago
+  # Provides read access to subscription invoices (authorized payments).
+  #
+  # Each invoice corresponds to a billing cycle of a {Preapproval} and
+  # tracks the charge amount, status, retry attempts, and the resulting
+  # payment. Use {#get} and {#search} to monitor billing cycles and their
+  # outcomes.
+  #
+  # @see https://www.mercadopago.com/developers/en/reference/online-payments/subscriptions/get-authorized-payment/get
+  class Invoice < MPBase
+    # Retrieves a single invoice (authorized payment) by its ID.
+    #
+    # @param invoice_id [Integer, String] unique invoice identifier
+    # @param request_options [RequestOptions, nil] per-call configuration override
+    # @return [Hash{Symbol => Object}] +:status+ and +:response+ with the full invoice object
+    #   including +:status+, +:transaction_amount+, +:preapproval_id+, and +:payment+ details
+    # @see https://www.mercadopago.com/developers/en/reference/online-payments/subscriptions/get-authorized-payment/get
+    def get(invoice_id, request_options: nil)
+      _get(uri: "/authorized_payments/#{invoice_id}", request_options: request_options)
+    end
+
+    # Searches invoices matching the given filters.
+    #
+    # @param filters [Hash, nil] query parameters such as +:preapproval_id+,
+    #   +:status+, +:payer_id+, +:offset+, and +:limit+
+    # @param request_options [RequestOptions, nil] per-call configuration override
+    # @return [Hash{Symbol => Object}] +:status+ and +:response+ with +:paging+ metadata
+    #   and a +:results+ list of matching invoices
+    # @raise [TypeError] if +filters+ is not a Hash
+    # @see https://www.mercadopago.com/developers/en/reference/online-payments/subscriptions/authorized-payment-search/get
+    def search(filters: nil, request_options: nil)
+      raise TypeError, 'Param filters must be a Hash' unless filters.nil? || filters.is_a?(Hash)
+
+      _get(uri: '/authorized_payments/search', filters: filters, request_options: request_options)
+    end
+  end
+end

data/lib/mercadopago/resources/oauth.rb

@@ -0,0 +1,83 @@
+# typed: true
+# frozen_string_literal: true
+
+require 'uri'
+
+module Mercadopago
+  # Manages the OAuth 2.0 authorization code flow.
+  #
+  # Use this resource when your application needs to operate on behalf
+  # of other MercadoPago sellers (marketplace or platform scenarios).
+  # The flow involves redirecting the seller to the authorization URL,
+  # receiving an authorization code, and exchanging it for access and
+  # refresh tokens.
+  #
+  # @see https://www.mercadopago.com/developers/en/docs/security/oauth/creation
+  class OAuth < MPBase
+    AUTH_URL = 'https://auth.mercadopago.com/authorization'
+    private_constant :AUTH_URL
+
+    # Builds the MercadoPago authorization URL for the OAuth flow.
+    #
+    # Redirect the seller to this URL to start the authorization process.
+    # After granting permission, MercadoPago redirects back to +redirect_uri+
+    # with a +code+ query parameter.
+    #
+    # @param app_id [String] your MercadoPago application's client ID
+    # @param redirect_uri [String] URI where MercadoPago sends the seller after authorization
+    # @param random_id [String] CSRF-protection state parameter; must be unique per request
+    # @return [String] full authorization URL with query parameters
+    # @see https://www.mercadopago.com/developers/en/docs/security/oauth/creation
+    def get_authorization_url(app_id, redirect_uri, random_id)
+      params = URI.encode_www_form(
+        client_id: app_id,
+        response_type: 'code',
+        platform_id: 'mp',
+        state: random_id,
+        redirect_uri: redirect_uri
+      )
+      "#{AUTH_URL}?#{params}"
+    end
+
+    # Exchanges an authorization code for an access token.
+    #
+    # Call this after receiving the +code+ parameter in your +redirect_uri+
+    # callback. The returned access token can be used to make API requests
+    # on behalf of the authorizing seller.
+    #
+    # @param oauth_data [Hash] authorization request fields:
+    #   +:client_secret+ (your access token), +:code+ (authorization code),
+    #   +:redirect_uri+ (must match the one used in {#get_authorization_url}),
+    #   and +:grant_type+ (++"authorization_code"++).
+    # @param request_options [RequestOptions, nil] per-call configuration override
+    # @return [Hash{Symbol => Object}] +:status+ and +:response+ with +access_token+,
+    #   +refresh_token+, and +expires_in+
+    # @raise [TypeError] if +oauth_data+ is not a Hash
+    # @see https://www.mercadopago.com/developers/en/reference/authentication/oauth/_oauth_token/post
+    def create(oauth_data, request_options: nil)
+      raise TypeError, 'Param oauth_data must be a Hash' unless oauth_data.is_a?(Hash)
+
+      _post(uri: '/oauth/token', data: oauth_data, request_options: request_options)
+    end
+
+    # Refreshes an expired access token.
+    #
+    # Use this to extend the seller's session without requiring them to
+    # re-authorize. The +refresh_token+ is obtained from the initial
+    # {#create} response.
+    #
+    # @param oauth_data [Hash] refresh request fields:
+    #   +:client_secret+ (your access token), +:refresh_token+ (token to refresh),
+    #   and +:grant_type+ (++"refresh_token"++).
+    # @param request_options [RequestOptions, nil] per-call configuration override
+    # @return [Hash{Symbol => Object}] +:status+ and +:response+ with a fresh
+    #   +access_token+ and +refresh_token+
+    # @raise [TypeError] if +oauth_data+ is not a Hash
+    # @see https://www.mercadopago.com/developers/en/reference/authentication/oauth/_oauth_token/post
+    def refresh(oauth_data, request_options: nil)
+      raise TypeError, 'Param oauth_data must be a Hash' unless oauth_data.is_a?(Hash)
+
+      _post(uri: '/oauth/token', data: oauth_data, request_options: request_options)
+    end
+  end
+end

data/lib/mercadopago/resources/order.rb

@@ -9,6 +9,52 @@ module Mercadopago
   # Use {OrderTransaction} to manage individual transactions within
   # an order.
   #
+  # == Automatic Payments (AP) — supported Hash keys for +stored_credential+
+  #
+  #   {
+  #     payment_initiator:    String,   # "cardholder" | "merchant"
+  #     reason:               String,   # "recurring" | "installment" | "unscheduled"
+  #     store_payment_method: Boolean,
+  #     first_payment:        Boolean,
+  #     prev_transaction_ref: String    # ID of the previous transaction in the series.
+  #                                     # Required from the second charge onwards.
+  #   }
+  #
+  # == Supported Hash keys for +automatic_payments+
+  #
+  #   {
+  #     payment_profile_id: String,   # Stored payment profile ID.
+  #     retries:            Integer,  # Max retry attempts on failure.
+  #     schedule_date:      String,   # ISO 8601 scheduled charge date.
+  #     due_date:           String    # ISO 8601 payment due date.
+  #   }
+  #
+  # == Supported Hash keys for +subscription_data+
+  #
+  #   {
+  #     invoice_id:   String,  # ID of the invoice being paid.
+  #     billing_date: String,  # ISO 8601 billing date.
+  #     subscription_sequence: {
+  #       number: Integer,     # Current payment number (1-based).
+  #       total:  Integer      # Total payments in the plan.
+  #     },
+  #     invoice_period: {
+  #       type:   String,      # "monthly" | "daily" | "yearly".
+  #       period: Integer      # Number of period units.
+  #     }
+  #   }
+  #
+  # == Supported Hash keys for +integration_data+ (root of order request)
+  #
+  #   {
+  #     integrator_id:  String,  # Certified integrator ID.
+  #     platform_id:    String,  # Platform ID assigned by MercadoPago.
+  #     corporation_id: String,  # Corporation ID for multi-account setups.
+  #     sponsor: {
+  #       id: String             # MercadoPago user ID of the sponsor.
+  #     }
+  #   }
+  #
   # @see https://www.mercadopago.com/developers/en/docs/checkout-api/landing
   class Order < MPBase
     # Creates a new order.
@@ -38,7 +84,7 @@ module Mercadopago
     # @param request_options [RequestOptions, nil] per-call configuration override
     # @return [Hash{Symbol => Object}] +:status+ and +:response+ with the processed order
     def process(order_id, request_options: nil)
-      _post(uri: "/v1/orders/#{order_id}/process", data: nil,request_options: request_options)
+      _post(uri: "/v1/orders/#{order_id}/process", data: nil, request_options: request_options)
     end
 
     # Refunds an order (full or partial).
@@ -52,9 +98,7 @@ module Mercadopago
     # @return [Hash{Symbol => Object}] +:status+ and +:response+ with the refund result
     # @raise [TypeError] if +refund_data+ is provided but is not a Hash
     def refund(order_id, refund_data: nil, request_options: nil)
-      unless refund_data.nil?
-        raise TypeError, 'Param refund_data must be a Hash' unless refund_data.is_a?(Hash)
-      end
+      raise TypeError, 'Param refund_data must be a Hash' unless refund_data.nil? || refund_data.is_a?(Hash)
 
       _post(uri: "/v1/orders/#{order_id}/refund", data: refund_data, request_options: request_options)
     end
@@ -85,6 +129,5 @@ module Mercadopago
     def search(filters: nil, request_options: nil)
       _get(uri: '/v1/orders', params: filters, request_options: request_options)
     end
-
   end
 end

data/lib/mercadopago/resources/order_transaction.rb

@@ -1,4 +1,3 @@
-
 # typed: true
 # frozen_string_literal: true
 
@@ -47,6 +46,5 @@ module Mercadopago
     def delete(order_id, transaction_id, request_options: nil)
       _delete(uri: "/v1/orders/#{order_id}/transactions/#{transaction_id}", request_options: request_options)
     end
-
   end
 end

data/lib/mercadopago/resources/point.rb

@@ -0,0 +1,86 @@
+# typed: true
+# frozen_string_literal: true
+
+module Mercadopago
+  # Manages payment intents on MercadoPago Point (POS) devices.
+  #
+  # Enables in-person payment processing by creating payment intents
+  # that are sent to a physical Point device for the buyer to complete
+  # the transaction by inserting or tapping their card.
+  #
+  # Note: The +change_operating_mode+ operation (PATCH
+  # +/point/integration-api/devices/{device_id}+) is not included because
+  # the Ruby SDK HTTP client does not currently expose a PATCH method.
+  #
+  # @see https://www.mercadopago.com/developers/en/reference/in-person-payments/point/orders/create-order/post
+  class Point < MPBase
+    # Lists Point devices linked to the authenticated account.
+    #
+    # @param filters [Hash, nil] optional query parameters (e.g. +store_id+, +pos_id+)
+    # @param request_options [RequestOptions, nil] per-call configuration override
+    # @return [Hash{Symbol => Object}] +:status+ and +:response+ with a list of devices
+    # @raise [TypeError] if +filters+ is not a Hash
+    # @see https://www.mercadopago.com/developers/en/reference/in-person-payments/point/devices/list-devices/get
+    def get_devices(filters: nil, request_options: nil)
+      raise TypeError, 'Param filters must be a Hash' unless filters.nil? || filters.is_a?(Hash)
+
+      _get(uri: '/point/integration-api/devices', filters: filters, request_options: request_options)
+    end
+
+    # Creates a payment intent on a specific Point device.
+    #
+    # The payment intent is sent to the physical device, where the buyer
+    # completes the transaction.
+    #
+    # @param device_id [String] unique identifier of the target Point device
+    # @param payment_intent_data [Hash] payment intent attributes (+amount+,
+    #   +description+, +payment+ method details, etc.)
+    # @param request_options [RequestOptions, nil] per-call configuration override
+    # @return [Hash{Symbol => Object}] +:status+ and +:response+ with the created intent
+    # @raise [TypeError] if +payment_intent_data+ is not a Hash
+    # @see https://www.mercadopago.com/developers/en/reference/in-person-payments/point/orders/create-order/post
+    def create(device_id, payment_intent_data, request_options: nil)
+      raise TypeError, 'Param payment_intent_data must be a Hash' unless payment_intent_data.is_a?(Hash)
+
+      _post(
+        uri: "/point/integration-api/devices/#{device_id}/payment-intents",
+        data: payment_intent_data,
+        request_options: request_options
+      )
+    end
+
+    # Retrieves the current state of a payment intent by its ID.
+    #
+    # Use this to check whether the buyer has completed, cancelled, or is
+    # still processing the payment on the device.
+    #
+    # @param payment_intent_id [String] unique identifier of the payment intent
+    # @param request_options [RequestOptions, nil] per-call configuration override
+    # @return [Hash{Symbol => Object}] +:status+ and +:response+ with intent details
+    #   including +:state+ and, when completed, +:payment_id+
+    # @see https://www.mercadopago.com/developers/en/reference/in-person-payments/point/orders/get-order/get
+    def get(payment_intent_id, request_options: nil)
+      _get(
+        uri: "/point/integration-api/payment-intents/#{payment_intent_id}",
+        request_options: request_options
+      )
+    end
+
+    # Cancels a pending payment intent on a specific device.
+    #
+    # Use this to abort a transaction before the buyer completes the
+    # payment on the device.
+    #
+    # @param device_id [String] unique identifier of the Point device holding the intent
+    # @param payment_intent_id [String] unique identifier of the payment intent to cancel
+    # @param request_options [RequestOptions, nil] per-call configuration override
+    # @return [Hash{Symbol => Object}] +:status+ and +:response+ with cancellation confirmation
+    # @see https://www.mercadopago.com/developers/en/reference/in-person-payments/point/orders/cancel-order/post
+    def cancel(device_id, payment_intent_id, request_options: nil)
+      _delete(
+        uri: "/point/integration-api/devices/#{device_id}/payment-intents/#{payment_intent_id}",
+        request_options: request_options
+      )
+    end
+  end
+end

data/lib/mercadopago/sdk.rb

@@ -38,6 +38,11 @@ module Mercadopago
       self.request_options = request_options.nil? ? RequestOptions.new(access_token: access_token) : request_options
     end
 
+    # @return [Chargeback] resource for retrieving and searching payment disputes
+    def chargeback
+      Chargeback.new(request_options, http_client)
+    end
+
     # @return [AdvancedPayment] resource for split-payment operations (marketplace)
     def advanced_payment
       AdvancedPayment.new(request_options, http_client)
@@ -113,11 +118,26 @@ module Mercadopago
       Order.new(request_options, http_client)
     end
 
+    # @return [Invoice] resource for retrieving subscription billing invoices
+    def invoice
+      Invoice.new(request_options, http_client)
+    end
+
+    # @return [OAuth] resource for the OAuth 2.0 authorization code flow
+    def oauth
+      OAuth.new(request_options, http_client)
+    end
+
     # @return [OrderTransaction] resource for managing transactions within an order
     def order_transaction
       OrderTransaction.new(request_options, http_client)
     end
 
+    # @return [Point] resource for in-person payments via Point devices
+    def point
+      Point.new(request_options, http_client)
+    end
+
     # @param value [String] OAuth access token
     # @raise [TypeError] if value is not a String
     def access_token=(value)

data/lib/mercadopago/webhook/validator.rb

@@ -104,78 +104,12 @@ module Mercadopago
         x_signature = normalize(x_signature)
         x_request_id = normalize(x_request_id)
         data_id = normalize(data_id)
-        versions = supported_versions && !supported_versions.empty? ? supported_versions : DEFAULT_SUPPORTED_VERSIONS
+        versions = resolve_versions(supported_versions)
         now_proc = now || -> { (Time.now.to_f * 1000).to_i }
 
-        if x_signature.nil?
-          raise InvalidWebhookSignatureError.new(
-            SignatureFailureReason::MISSING_SIGNATURE_HEADER,
-            request_id: x_request_id
-          )
-        end
-
-        ts, hashes = parse_signature_header(x_signature)
-
-        if ts.nil? && hashes.empty?
-          raise InvalidWebhookSignatureError.new(
-            SignatureFailureReason::MALFORMED_SIGNATURE_HEADER,
-            request_id: x_request_id
-          )
-        end
-
-        if ts.nil?
-          raise InvalidWebhookSignatureError.new(
-            SignatureFailureReason::MISSING_TIMESTAMP,
-            request_id: x_request_id
-          )
-        end
-
-        unless ts.match?(/\A\d+\z/)
-          raise InvalidWebhookSignatureError.new(
-            SignatureFailureReason::MALFORMED_SIGNATURE_HEADER,
-            request_id: x_request_id,
-            timestamp: ts
-          )
-        end
-
-        received_hash = nil
-        versions.each do |v|
-          if hashes.key?(v)
-            received_hash = hashes[v]
-            break
-          end
-        end
-
-        if received_hash.nil?
-          raise InvalidWebhookSignatureError.new(
-            SignatureFailureReason::MISSING_HASH,
-            request_id: x_request_id,
-            timestamp: ts
-          )
-        end
-
-        manifest = build_manifest(data_id, x_request_id, ts)
-        computed = OpenSSL::HMAC.hexdigest('SHA256', secret, manifest)
-
-        unless constant_time_equal(computed, received_hash)
-          raise InvalidWebhookSignatureError.new(
-            SignatureFailureReason::SIGNATURE_MISMATCH,
-            request_id: x_request_id,
-            timestamp: ts
-          )
-        end
-
-        unless tolerance_seconds.nil?
-          drift_ms = (now_proc.call - ts.to_i).abs
-          if drift_ms > tolerance_seconds * 1000
-            raise InvalidWebhookSignatureError.new(
-              SignatureFailureReason::TIMESTAMP_OUT_OF_TOLERANCE,
-              request_id: x_request_id,
-              timestamp: ts
-            )
-          end
-        end
-
+        ts, received_hash = parse_and_validate_header(x_signature, x_request_id, versions)
+        verify_signature!(data_id, x_request_id, ts, secret, received_hash)
+        check_tolerance!(ts, x_request_id, tolerance_seconds, now_proc)
         nil
       end
 
@@ -193,13 +127,10 @@ module Mercadopago
         hashes = {}
         ts = nil
         header.split(',').each do |part|
-          key, value = part.split('=', 2)
-          next if key.nil? || value.nil?
-
-          key = key.strip.downcase
-          value = value.strip
-          next if key.empty? || value.empty?
+          key, value = part.split('=', 2).map(&:strip)
+          next if key.to_s.empty? || value.to_s.empty?
 
+          key = key.downcase
           if key == 'ts'
             ts = value
           elsif key.match?(VERSION_KEY_REGEX)
@@ -224,14 +155,67 @@ module Mercadopago
       private_class_method :constant_time_equal
 
       # Builds the HMAC manifest, omitting empty pairs per the documented rule.
-      def self.build_manifest(data_id, request_id, ts)
+      def self.build_manifest(data_id, request_id, timestamp)
         parts = []
         parts << "id:#{data_id.downcase}" unless data_id.nil?
         parts << "request-id:#{request_id}" unless request_id.nil?
-        parts << "ts:#{ts}"
+        parts << "ts:#{timestamp}"
         "#{parts.join(';')};"
       end
       private_class_method :build_manifest
+
+      def self.resolve_versions(supported_versions)
+        return DEFAULT_SUPPORTED_VERSIONS if supported_versions.nil? || supported_versions.empty?
+
+        supported_versions
+      end
+      private_class_method :resolve_versions
+
+      def self.parse_and_validate_header(x_signature, x_request_id, versions)
+        raise_error!(SignatureFailureReason::MISSING_SIGNATURE_HEADER, x_request_id) if x_signature.nil?
+
+        ts, hashes = parse_signature_header(x_signature)
+        validate_ts_and_hashes!(ts, hashes, x_request_id)
+
+        received_hash = hashes[versions.find { |v| hashes.key?(v) }]
+        raise_error!(SignatureFailureReason::MISSING_HASH, x_request_id, timestamp: ts) if received_hash.nil?
+
+        [ts, received_hash]
+      end
+      private_class_method :parse_and_validate_header
+
+      def self.validate_ts_and_hashes!(timestamp, hashes, x_request_id)
+        raise_error!(SignatureFailureReason::MALFORMED_SIGNATURE_HEADER, x_request_id) if timestamp.nil? && hashes.empty?
+        raise_error!(SignatureFailureReason::MISSING_TIMESTAMP, x_request_id) if timestamp.nil?
+        return if timestamp.match?(/\A\d+\z/)
+
+        raise_error!(SignatureFailureReason::MALFORMED_SIGNATURE_HEADER, x_request_id, timestamp: timestamp)
+      end
+      private_class_method :validate_ts_and_hashes!
+
+      def self.verify_signature!(data_id, x_request_id, timestamp, secret, received_hash)
+        manifest = build_manifest(data_id, x_request_id, timestamp)
+        computed = OpenSSL::HMAC.hexdigest('SHA256', secret, manifest)
+        return if constant_time_equal(computed, received_hash)
+
+        raise_error!(SignatureFailureReason::SIGNATURE_MISMATCH, x_request_id, timestamp: timestamp)
+      end
+      private_class_method :verify_signature!
+
+      def self.check_tolerance!(timestamp, x_request_id, tolerance_seconds, now_proc)
+        return if tolerance_seconds.nil?
+
+        drift_ms = (now_proc.call - timestamp.to_i).abs
+        return unless drift_ms > tolerance_seconds * 1000
+
+        raise_error!(SignatureFailureReason::TIMESTAMP_OUT_OF_TOLERANCE, x_request_id, timestamp: timestamp)
+      end
+      private_class_method :check_tolerance!
+
+      def self.raise_error!(reason, request_id, timestamp: nil)
+        raise InvalidWebhookSignatureError.new(reason, request_id: request_id, timestamp: timestamp)
+      end
+      private_class_method :raise_error!
     end
   end
 end

data/lib/mercadopago.rb

@@ -28,6 +28,7 @@ require_relative './mercadopago/config/config'
 require_relative './mercadopago/config/request_options'
 
 # --- API Resources ---
+require_relative './mercadopago/resources/chargeback'
 require_relative './mercadopago/resources/customer'
 require_relative './mercadopago/resources/card'
 require_relative './mercadopago/resources/user'
@@ -42,8 +43,11 @@ require_relative './mercadopago/resources/advanced_payment'
 require_relative './mercadopago/resources/disbursement_refund'
 require_relative './mercadopago/resources/preapproval'
 require_relative './mercadopago/resources/preapproval_plan'
+require_relative './mercadopago/resources/invoice'
+require_relative './mercadopago/resources/oauth'
 require_relative './mercadopago/resources/order'
 require_relative './mercadopago/resources/order_transaction'
+require_relative './mercadopago/resources/point'
 
 # --- Entry point ---
 require_relative './mercadopago/sdk'

data/mercadopago.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |gem|
   gem.name                  = 'mercadopago-sdk'
-  gem.version               = '3.0.1'
+  gem.version               = '3.1.0'
   gem.required_ruby_version = '>= 3.3.0'
   gem.author                = 'Mercado Pago'
   gem.description           = 'Mercado Pago Ruby SDK'

data/tests/test_chargeback.rb

@@ -0,0 +1,19 @@
+# typed: true
+# frozen_string_literal: true
+
+require_relative '../lib/mercadopago'
+
+require 'minitest/autorun'
+
+class TestChargeback < Minitest::Test
+  def test_search_returns_valid_status
+    sdk = Mercadopago::SDK.new(ENV['ACCESS_TOKEN'])
+    result = sdk.chargeback.search(filters: { limit: 5 })
+    assert_includes [200, 400, 401, 404], result[:status]
+  end
+
+  def test_search_raises_on_non_hash_filters
+    sdk = Mercadopago::SDK.new('TEST_TOKEN')
+    assert_raises(TypeError) { sdk.chargeback.search(filters: 'not_a_hash') }
+  end
+end

data/tests/test_invoice.rb

@@ -0,0 +1,19 @@
+# typed: true
+# frozen_string_literal: true
+
+require_relative '../lib/mercadopago'
+
+require 'minitest/autorun'
+
+class TestInvoice < Minitest::Test
+  def test_search_returns_valid_status
+    sdk = Mercadopago::SDK.new(ENV['ACCESS_TOKEN'])
+    result = sdk.invoice.search(filters: { limit: 5 })
+    assert_includes [200, 400, 401, 404], result[:status]
+  end
+
+  def test_search_raises_on_non_hash_filters
+    sdk = Mercadopago::SDK.new('TEST_TOKEN')
+    assert_raises(TypeError) { sdk.invoice.search(filters: 'not_a_hash') }
+  end
+end

data/tests/test_oauth.rb

@@ -0,0 +1,30 @@
+# typed: true
+# frozen_string_literal: true
+
+require_relative '../lib/mercadopago'
+
+require 'minitest/autorun'
+
+class TestOAuth < Minitest::Test
+  def test_get_authorization_url_builds_correct_url
+    sdk = Mercadopago::SDK.new('TEST_TOKEN')
+    url = sdk.oauth.get_authorization_url('MY_APP_ID', 'https://example.com/callback', 'csrf_state')
+
+    assert_includes url, 'https://auth.mercadopago.com/authorization'
+    assert_includes url, 'client_id=MY_APP_ID'
+    assert_includes url, 'response_type=code'
+    assert_includes url, 'platform_id=mp'
+    assert_includes url, 'state=csrf_state'
+    assert_includes url, 'redirect_uri='
+  end
+
+  def test_create_raises_on_non_hash
+    sdk = Mercadopago::SDK.new('TEST_TOKEN')
+    assert_raises(TypeError) { sdk.oauth.create('not_a_hash') }
+  end
+
+  def test_refresh_raises_on_non_hash
+    sdk = Mercadopago::SDK.new('TEST_TOKEN')
+    assert_raises(TypeError) { sdk.oauth.refresh('not_a_hash') }
+  end
+end

data/tests/test_point.rb

@@ -0,0 +1,24 @@
+# typed: true
+# frozen_string_literal: true
+
+require_relative '../lib/mercadopago'
+
+require 'minitest/autorun'
+
+class TestPoint < Minitest::Test
+  def test_get_devices_returns_valid_status
+    sdk = Mercadopago::SDK.new(ENV['ACCESS_TOKEN'])
+    result = sdk.point.get_devices
+    assert_includes [200, 400, 401, 403, 404], result[:status]
+  end
+
+  def test_create_raises_on_non_hash
+    sdk = Mercadopago::SDK.new('TEST_TOKEN')
+    assert_raises(TypeError) { sdk.point.create('device_123', 'not_a_hash') }
+  end
+
+  def test_get_devices_raises_on_non_hash_filters
+    sdk = Mercadopago::SDK.new('TEST_TOKEN')
+    assert_raises(TypeError) { sdk.point.get_devices(filters: 'not_a_hash') }
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mercadopago-sdk
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.1.0
 platform: ruby
 authors:
 - Mercado Pago
@@ -75,6 +75,7 @@ files:
 - ".github/ISSUE_TEMPLATE/config.yml"
 - ".github/ISSUE_TEMPLATE/feature_request.yml"
 - ".github/ISSUE_TEMPLATE/question.yml"
+- ".github/dependabot.yml"
 - ".github/workflows/ci.yml"
 - ".github/workflows/release.yml"
 - ".gitignore"
@@ -82,6 +83,7 @@ files:
 - ".rubocop.yml"
 - ".rubocop_todo.yml"
 - ".ruby-version"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - CODING_GUIDELINES.md
 - CONTRIBUTING.md
@@ -158,6 +160,9 @@ files:
 - docs/js/searcher.js
 - docs/js/searcher.js.gz
 - docs/table_of_contents.html
+- examples/chargeback/search_chargeback.rb
+- examples/invoice/get_invoice.rb
+- examples/oauth/create_token.rb
 - examples/order/cancel.rb
 - examples/order/capture.rb
 - examples/order/create.rb
@@ -168,6 +173,7 @@ files:
 - examples/order/transaction/create.rb
 - examples/order/transaction/delete.rb
 - examples/order/transaction/update.rb
+- examples/point/create_payment_intent.rb
 - examples/preference/create.rb
 - lib/mercadopago.rb
 - lib/mercadopago/config/config.rb
@@ -177,14 +183,18 @@ files:
 - lib/mercadopago/resources/advanced_payment.rb
 - lib/mercadopago/resources/card.rb
 - lib/mercadopago/resources/card_token.rb
+- lib/mercadopago/resources/chargeback.rb
 - lib/mercadopago/resources/customer.rb
 - lib/mercadopago/resources/disbursement_refund.rb
 - lib/mercadopago/resources/identification_type.rb
+- lib/mercadopago/resources/invoice.rb
 - lib/mercadopago/resources/merchant_order.rb
+- lib/mercadopago/resources/oauth.rb
 - lib/mercadopago/resources/order.rb
 - lib/mercadopago/resources/order_transaction.rb
 - lib/mercadopago/resources/payment.rb
 - lib/mercadopago/resources/payment_methods.rb
+- lib/mercadopago/resources/point.rb
 - lib/mercadopago/resources/preapproval.rb
 - lib/mercadopago/resources/preapproval_plan.rb
 - lib/mercadopago/resources/preference.rb
@@ -195,13 +205,17 @@ files:
 - mercadopago.gemspec
 - tests/test_card.rb
 - tests/test_card_token.rb
+- tests/test_chargeback.rb
 - tests/test_customer.rb
 - tests/test_identification_type.rb
+- tests/test_invoice.rb
 - tests/test_merchant_order.rb
+- tests/test_oauth.rb
 - tests/test_order.rb
 - tests/test_order_transaction.rb
 - tests/test_payment.rb
 - tests/test_payment_methods.rb
+- tests/test_point.rb
 - tests/test_preapproval.rb
 - tests/test_preapproval_plan.rb
 - tests/test_preference.rb
@@ -228,19 +242,23 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Mercado Pago Ruby SDK
 test_files:
 - tests/test_card.rb
 - tests/test_card_token.rb
+- tests/test_chargeback.rb
 - tests/test_customer.rb
 - tests/test_identification_type.rb
+- tests/test_invoice.rb
 - tests/test_merchant_order.rb
+- tests/test_oauth.rb
 - tests/test_order.rb
 - tests/test_order_transaction.rb
 - tests/test_payment.rb
 - tests/test_payment_methods.rb
+- tests/test_point.rb
 - tests/test_preapproval.rb
 - tests/test_preapproval_plan.rb
 - tests/test_preference.rb