prepareACQP → Alipay+
The prepare API is used by the Acquiring Service Provider (ACQP) to obtain an authorization URL where the user is redirected to and authorizes the Auto Debit payment. If the authorization succeeds, the authorization code is also returned to the ACQP in the redirection-back URL.
Note:
In the following sections, Mobile Payment Provider (MPP) is also known as PSP. For example, pspId refers to the ID that identifies an MPP, and acquirerId refers to the ID that identifies an Acquiring Service Provider .
Structure
A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see:
Note:
Set the data type of each field (except array) as String. This means that you must use double quotation marks (" ") to enclose the field value. Examples:
- If the data type of a field is Integer and its value is 20, set it as "20".
- If the data type of a field is Boolean and its value is
true
, set it as "true".
Request parameters
authClientId String REQUIRED
The unique ID that is assigned by the ACQP to identify the auth client, which is the merchant. For an authorization attempt, the value of the authClientId parameter in the applyToken API must be the same as the one in the prepare API.
More information:
- This field is an API idempotency field.See More information -- Idempotency for details.
- Maximum length: 64 characters
authClientName String REQUIRED
The registered legal name of the auth client. The name usually appears with the agreement on the authorization page.
More information:
- Maximum length: 256 characters
authClientDisplayName String
The trade name of the auth client. The name is usually displayed on the title of the authorization page.
Note: Required if the value of the authClientDisplayName parameter is different from the value of the authClientName parameter.
More information:
- Maximum length: 64 characters
authClientLogo URL
The URL for the MPP to display the auth client logo. The URL domain is provided by the auth client.
Note: Required if the auth client wants to display its logo on the MPP authorization page.
More information:
- Maximum length: 2048 characters
referenceMerchantId String REQUIRED
The unique ID that is assigned by the ACQP to identify a merchant.
More information:
- Maximum length: 32 characters
authRedirectUrl URL REQUIRED
The first part of the redirection URL that the user is redirected to after the user agrees to authorize. The complete URL consists of the values of the authRedirectUrl, the authCode, and the authState parameter.
The auth client needs to validate the consistency of the values of authState in authRedirectUrl and that in the prepare request. The following example shows a format of the complete authorization redirection URL:
More information:
- Maximum length: 1024 characters
customerBelongsTo String REQUIRED
This parameter specifies which MPP the user's account belongs to, which is specified as the MPP app name selected by the user. The MPP app name is obtained from the value of the walletName parameter that is returned in the response of the consultPayment API.
More information:
- Maximum length: 16 characters
scopes Array<String> REQUIRED
The authorization scopes, which means what resources or capabilities are authorized to the auth client. Valid values are:
AGREEMENT_PAY
: indicates that the auth client can use an access token to deduct funds from the user's MPP app for Auto Debit payments.USER_LOGIN_ID
: indicates that the auth client can obtain the desensitized user login ID for the MPP app by using the applyToken API.
authState String REQUIRED
A string that is generated by the auth client to represent the prepare API request. The consistency of this field and that in the redirection URL needs to be guaranteed when the authorization code is returned.
Important: Avoid using special characters in the value of this parameter. If you have to use special characters, do not encode them and pass in the value as it is. For example, if the value is 188oCeAiZOa/vipUycm+twEDuj6M91T2AtUPAVJ+EBqBU0k5ljt9cq2dw/kPYlrlCss
, DO NOT encode it as 188oCeAiZOa%2FvipUycm%2BtwEDuj6M91T2AtUPAVJ%2BEBqBU0k5ljt9cq2dw%2FkPYlrlCss
.
More information:
- Maximum length: 256 characters
terminalType String REQUIRED
The type of the auth client terminal that initiates the authorization. Valid values are:
WEB
: indicates that the auth client terminal is a PC browser.WAP
: indicates that the auth client terminal is a mobile browser.APP
: indicates that the auth client terminal is a mobile app.
referenceAgreementId String
The unique ID that is assigned by the auth client to identify an authorization. The ACQP needs to map the referenceAgreementId with the related authorization information so as to obtain the related authorization information from the authNotify API request .
Note:
- Required if the value of the scopes parameter contains
AGREEMENT_PAY
.
More information:
- This field is an API idempotency field.See More information -- Idempotency for details.
- Maximum length: 64 characters
osType String
The operating system type of the auth client device. Valid values are:
IOS
ANDROID
Note: Required if the value of the teminalType parameter is APP/WAP
.
osVersion String
The operating system version of the auth client device.
Provide this parameter if you have the information. This helps Alipay+ analyze the authorization scenario.
More information:
- Maximum length: 16 characters
userAgent String
The user agent of the auth client browser.
Provide this parameter if you have the information. This helps Alipay+ analyze the authorization scenario.
More information:
- Maximum length: 1024 characters
authNotifyUrl URL
The URL that ACQP uses to receive the authorization information from Alipay+ via the authNotify API.
Notes:
- Required if the ACQP wants to receive the authorization notification from Alipay+.
- For security reasons, The URL must use HTTPS instead of HTTP.
More information:
- Maximum length: 2048 characters
passThroughInfo String
The information that is passed through by the ACQP to Alipay+. The value of this parameter is in the set of key_value pairs.
Note: Specify this parameter if the ACQP wants to pass information to the MPP.
More information:
- Maximum length: 20000 characters
Response parameters
result Result object REQUIRED
The result of the business processing. If the value of the result.resultCode parameter is SUCCESS
, the authorization URL is returned. See Result processing logic for details.
pspId String
The unique ID that is assigned by Alipay+ to identify an MPP.
Note: Returned if the value of the result.resultCode parameter is SUCCESS
.
More information:
- Maximum length: 64 characters
acquirerId String
The unique ID that is assigned by Alipay+ to identify an ACQP.
Note: Returned if the value of the result.resultCode parameter is SUCCESS
.
More information:
- Maximum length: 64 characters
schemeUrl URL
The authorization URL in the form of a URL scheme, which redirects users to an app.
Note: When the value of result.resultCode is SUCCESS
, one of schemeUrl, applinkUrl and normalUrl must be specified.
More information:
- Maximum length: 2048 characters
applinkUrl URL
The authorization URL in the form of a link that redirects users to an app, or, if no APP is installed, to a WAP page. For Android, the link is the native App Link; and for iOS, the Universal Link.
Note: When the value of result.resultCode is SUCCESS
, one of schemeUrl, applinkUrl and normalUrl must be specified.
More information:
- Maximum length: 2048 characters
normalUrl URL
The authorization URL that redirects users to a WAP or Web page in the browser or in the WebView.
Note: When the value of result.resultCode is SUCCESS
, one of schemeUrl, applinkUrl and normalUrl must be specified.
More information:
- Maximum length: 2048 characters
appIdentifier String
The Android package name. This parameter is used to identify which wallet app is to be invoked for the redirection.
Note: Returned if the value of the osType parameter is ANDROID
and the value of the schemeUrl parameter or the applinkUrl parameter is specified.
More information:
- Maximum length: 128 characters
passThroughInfo String
The information that is passed through by Alipay+ to the ACQP. The value of this parameter is in the set of key-value pairs.
Note: Returned by Alipay+ if the MPP wants to pass information to the ACQP.
More information:
- Maximum length: 2048 characters
Request
Response
More information
schemeUrl/applinkUrl/normalUrl
- If the value of result.resultCode is
SUCCESS
, one of schemeUrl, applinkUrl, and normalUrl must be returned. - The order of priority of which URL to use to redirect to the MPP side is schemeUrl > applinkUrl > normalUrl.
- The auth client needs to trust all the URLs returned by Alipay+, instead of adding them to the whitelist.
- The values of schemeUrl, applinkUrl, and normalUrl are different depending on the values of terminalType and osType.
Idempotency
The authClientId parameter and the referenceAgreementId parameter are jointly used for idempotency control. For requests that are initiated with the same authClientId and referenceAgreementId, Alipay+ regards the requests as repeated and processes the requests only once. If the values of the other parameters in the repeated requests are different, Alipay+ returns the REPEAT_REQ_INCONSISTENT
result code.
Result processing logic:
For different request results, different actions are to be performed. See the following list for details:
result.resultStatus | result.resultCode | Actions |
S | SUCCESS | Obtain the authorization URL from the response. |
F | ... | The request is failed, which might be caused by system defects or failures. It is recommended to monitor and check manually. |
U | ... | Retry the prepare interface API with the same request parameter values, until a certain response result is returned. Contact connect_support@service.alipay.com if the result remains unknown after too many retries. |
No result received | Retry the prepare interface API with the same request parameter values, until a certain response result is returned. Contact connect_support@service.alipay.com if the result remains unknown after too many retries. |
Result/Error codes
Code | Value | Message | Further action |
---|---|---|---|
SUCCESS | S | Success | Obtain the authorization URL from the response. |
ACCESS_DENIED | F | Access is denied. | It is recommended that you contact connect_support@service.alipay.com to troubleshoot the issue. |
INVALID_CLIENT | F | The client is invalid. | It is recommended that you contact connect_support@service.alipay.com to troubleshoot the issue. |
INVALID_SIGNATURE | F | The signature is invalid. | Check whether the public key, signed message, and signature algorithm are as expected. |
KEY_NOT_FOUND | F | The key is not found. | It is recommended that you contact connect_support@service.alipay.com to troubleshoot the issue. |
MEDIA_TYPE_NOT_ACCEPTABLE | F | The server does not implement the media type that is acceptable to the client. | Use a media type that is accepted by Alipay+. |
METHOD_NOT_SUPPORTED | F | The server does not implement the requested HTTPS method. | Ensure the HTTP method is POST. |
NO_INTERFACE_DEF | F | API is not defined. | Check whether the request URL is correct. Ensure that the endpoint of the called API is correct. |
PARAM_ILLEGAL | F | Illegal parameters. For example, non-numeric input, invalid date. | Check whether the request parameters, including the header parameters and body parameters, are correct and valid. For more information about the parameters of each API, see the Structure section of the specific API reference topic. |
PROCESS_FAIL | F | A general business failure occurred. Do not retry. | It is recommended that you contact connect_support@service.alipay.com to troubleshoot the issue. |
REQUEST_TRAFFIC_EXCEED_LIMIT | U | The request traffic exceeds the limit. | Reduce the frequency of API calls. |
UNKNOWN_EXCEPTION | U | An API call failed, which is caused by unknown reasons. | Try to recall the API. |