applyTokenACQP → Alipay+
The applyToken API is used by the Acquiring Service Provider (ACQP ) to obtain an access token, which is used for the purposes such as:
- to initiate an Auto Debit payment.
- to initiate a one-time password (OTP) verification process.
The applyToken API is used in the following cases:
- After the auth client (which is usually the merchant) receives the auth code, the ACQP requests the access token from Alipay+. In this case, the applyToken API generally needs to be used with the prepare API.
- The auth client requests a new access token by using the refresh token when an existing access token is about to expire or has expired.
Notes:
- A refresh token can only be used to get a new access token within the refresh token expiry time. To get a new access token after the refresh token expires, the ACQP must reinitiate the authorization process.
- In the following sections, Mobile Payment Provider (MPP ) is also known as PSP. For example, pspId refers to the ID that identifies an MPP, and acquirerId refers to the ID that identifies an Acquiring Service Provider .
Structure
A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see:
Note:
1. Set the data type of each parameter (except array) as String. This means that you must use double quotation marks (" ") to enclose the parameter value. Examples:
- If the data type of a parameter is Integer and its value is 20, set it as "20".
- If the data type of a parameter is Boolean and its value is true, set it as "true".
2. For optional parameters that are not required in your case, you can take one of the following actions:
- Exclude the parameters from the request body.
- Set the parameter values as null (without the double quotation marks).
Do NOT leave the optional parameters empty by setting their values as ""; otherwise, an error might occur.
Request parameters
authClientId String REQUIRED
The unique ID that is assigned by the ACQP to identify the auth client, which is usually the merchant. For an authorization attempt, the value of the authClientId parameter in the applyToken API must be the same as the one in the prepare API.
More information:
- Maximum length: 64 characters
grantType String REQUIRED
This parameter specifies the method through which the auth client can get the access token. Valid values are:
AUTHORIZATION_CODE
: indicates that the auth client uses the authorization code (authCode) to get an access token.REFRESH_TOKEN
: indicates that the auth client uses the refresh token (refreshToken) to get a new access token to replace the existing one.
authCode String
The authorization code that is used by the auth client to get the access token. The value of the authCode parameter is extracted from the reconstructed redirection URL that is returned from the MPP or obtained from the authNotify API request.
Specify this parameter if the value of the grantType parameter is AUTHORIZATION_CODE
.
More information:
- Maximum length: 64 characters
refreshToken String
The refresh token that is used by the auth client to get a new access token to replace the existing one. With this parameter, valid access tokens can be obtained continuously without further interaction with the user.
Specify this parameter if the value of the grantType parameter is REFRESH_TOKEN
.
More information:
- Maximum length: 128 characters
passThroughInfo String
The information that is passed through by the ACQP to Alipay+. The value of this parameter is in the set of key-value pairs.
Specify this parameter if the ACQP wants to pass information to the MPP.
More information:
- Maximum length: 20000 characters
Response parameters
result Result REQUIRED
The result of applying the token. If the value of the result.resultCode parameter is SUCCESS
, the token is returned. For more information about how to handle the result of the applyToken API, see How to handle the result for details.
pspId String
The unique ID that is assigned by Alipay+ to identify an MPP.
This parameter is returned by Alipay+ if the value of the result.resultCode parameter is SUCCESS
.
More information:
- Maximum length: 64 characters
acquirerId String
The unique ID that is assigned by Alipay+ to identify an ACQP.
This parameter is returned by Alipay+ if the value of the result.resultCode parameter is SUCCESS
.
More information:
- Maximum length: 64 characters
accessToken String
The token that is used to access the MPP user's resources.
This parameter is returned by Alipay+ if the value of the result.resultCode parameter is SUCCESS
.
More information:
- Maximum length: 128 characters
accessTokenExpiryTime Datetime
The access token expiration time, after which the access token cannot be used.
This parameter is returned by Alipay+ if the value of the result.resultCode parameter is SUCCESS
.
More information:
- The value follows the ISO 8601 standard format. For example, "2019-11-27T12:01:01+08:00".
refreshToken String
The refresh token that is used by the auth client to get a new access token to replace the existing one. With this parameter, valid access tokens can be obtained continuously without further interaction with the user.
Notes:
- Returned if the value of the result.resultCode parameter is
SUCCESS
and the access token is short-term effective. - This parameter is not returned if the access token is long-term effective, that is, 10 years or longer.
More information:
- Maximum length: 128 characters
refreshTokenExpiryTime Datetime
The refresh token expiration time, after which the refresh token cannot be used. Usually, the refresh token has a longer validity than the access token.
This parameter is returned by Alipay+ if the value of the result.resultCode parameter is SUCCESS
and the access token is short-term effective.
More information:
- The value follows the ISO 8601 standard format. For example, "2019-11-27T12:01:01+08:00".
customerId String
The unique ID that is assigned by Aliapy+ to identify an MPP user.
This parameter is returned by Alipay+ if the value of the result.resultCode parameter is SUCCESS
and the MPP provides a unique ID that identifies the user.
More information:
- Maximum length: 64 characters
userLoginId String
The ID that is used by the user to log in to the MPP platform. The value of userLoginId can be the user's email address or the phone number and is desensitized when returned to the ACQP. The merchant can use this parameter to learn the identity of the user that has completed the authorization.
This parameter is returned by Alipay+ if the value of the result.resultCode parameter is SUCCESS
and the value of the scopes parameter of the prepare API contains USER_LOGIN_ID
.
More information:
- Maximum length: 64 characters
walletForAccountBinding Wallet
The wallet that is selected by the user for binding with the user's merchant account.
This parameter is returned by Alipay+ if the value of the result.resultCode parameter is SUCCESS
.
passThroughInfo String
The information that is passed through by Alipay+ to the ACQP. The value of this parameter is in the set of key-value pairs.
This parameter is returned by Alipay+ if the MPP wants to pass information to the ACQP.
More information:
- Maximum length: 20000 characters
Request
Response
More information
How to handle the result
You might receive different results from Alipay+. Follow the instructions below to handle the result.
result.resultStatus | result.resultCode | Application status | Actions |
|
| The request is successful and the access token is returned. | The auth client can use the access token to access the corresponding user's resources. |
| Multiple possible values exist, such as
| The access token is not returned. | Handle the error according to the result code table. |
| Multiple possible values exist, such as
| Unknown | The auth client can guide the user to try again. |
No result received | Unknown | The auth client can guide the user to try again. |
Samples
In this interface, sample requests and responses are provided. Details for these samples are as follows:
Apply the access token
Request
1. The ACQP requests the access token.
Response
1.1 Alipay+ sends a response with the access token and the refresh token to the ACQP.
1.2 Alipay+ sends the authorization result with a long-term effective access token to the ACQP. In this case, refresh token is not included.
Refresh the access token
Request
1. The ACQP use the refresh token to request a new access token.
Response
2. Alipay+ sends a response with the new access token to the ACQP.
Result/Error codes
Code | Value | Message | Further action |
---|---|---|---|
SUCCESS | S | Success | The authorization is completed. Store the accessToken and other related parameters. |
ACCESS_DENIED | F | Access is denied. | It is recommended that you contact connect_support@service.alipay.com to troubleshoot the issue. |
EXPIRED_REFRESH_TOKEN | F | The refresh token is expired. | The auth client can guide the user to reinitiate the authorization flow. |
INVALID_AUTHCODE | F | The authorization code is invalid. | Ensure that the authorization code is valid and obtained from Alipay+. If the problem persists, it is recommended that the auth client guide the user to reinitiate the authorization flow. |
INVALID_CLIENT | F | The client is invalid. | It is recommended that you contact connect_support@service.alipay.com to troubleshoot the issue. |
INVALID_REFRESH_TOKEN | F | The refresh token is invalid. | Ensure that the refresh token is valid and obtained from Alipay+. If the problem persists, it is recommended that you contact connect_support@service.alipay.com to troubleshoot the issue. |
INVALID_SIGNATURE | F | The signature is invalid. | Check whether the public key, signed message, and signature algorithm are as expected. |
KEY_NOT_FOUND | F | The key is not found. | It is recommended that you contact connect_support@service.alipay.com to troubleshoot the issue. |
MEDIA_TYPE_NOT_ACCEPTABLE | F | The server does not implement the media type that is acceptable to the client. | Use a media type that is accepted by Alipay+. |
METHOD_NOT_SUPPORTED | F | The server does not implement the requested HTTPS method. | Ensure the HTTP method is POST. |
NO_INTERFACE_DEF | F | API is not defined. | Check whether the request URL is correct. Ensure that the endpoint of the called API is correct. |
PARAM_ILLEGAL | F | Illegal parameters. For example, non-numeric input, invalid date. | Check whether the request parameters, including the header parameters and body parameters, are correct and valid. For more information about the parameters of each API, see the Structure section of the specific API reference topic. |
PROCESS_FAIL | F | A general business failure occurred. Do not retry. | It is recommended that you contact connect_support@service.alipay.com to troubleshoot the issue. |
REQUEST_TRAFFIC_EXCEED_LIMIT | U | The request traffic exceeds the limit. | Reduce the frequency of API calls. |
UNKNOWN_EXCEPTION | U | An API call failed, which is caused by unknown reasons. | Try to recall the API. |