# prepare

The Mobile Payment Provider (MPP) uses the **prepare** API to provide an authorization URL for the Auto Debit payment. If the authorization succeeds, the authorization code is also returned to the Acquiring Service Provider (ACQP) in the redirection-back URL.

**Note**: In the following sections, Mobile Payment Partner (MPP) is also known as PSP. For example, _pspId_ refers to the ID that identifies a MPP.

# Structure

A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see:

-   [Request header](api_overview#3mLq0)
-   [Response header](api_overview#YdmVS)

> **Note**:
>
> 1.  Set the data type of each parameter (except array) as String. This means that you must use double quotation marks (" ") to enclose the parameter value. Examples:
>
> -   If the data type of a parameter is Integer and its value is 20, set it as "20".
> -   If the data type of a parameter is Boolean and its value is `true`, set it as "true".
>
> 2.  For optional parameters that are not required in your case, you can take one of the following actions:
>
> -   Exclude the parameters from the request body.
> -   Set the parameter values as `null` (without the double quotation marks).
>
> Do NOT leave the optional parameters empty by setting their values as `""`; otherwise, an error might occur.

## Request parameters

#### pspId (String, REQUIRED)

The unique ID that is assigned by Alipay+ to identify an MPP.

More information:

- Maximum length: 64 characters

#### acquirerId (String, REQUIRED)

The unique ID that is assigned by Alipay+ to identify an ACQP.

More information:

- Maximum length: 64 characters

#### authClientId (String, REQUIRED)

The unique ID that is assigned by the ACQP to identify the auth client, which is usually the merchant.

More information:

- This field is an API idempotency field.See More information -- API idempotency for details.
- Maximum length: 64 characters

#### authClientName (String, REQUIRED)

The registered legal name of the auth client. The name usually appears with the agreement on the authorization page.

More information:

- Maximum length: 256 characters

#### authClientDisplayName (String, REQUIRED)

The trade name of the auth client. The name is usually displayed in the title of the authorization page.

More information:

- Maximum length: 64 characters

#### authRedirectUrl (URL, REQUIRED)

The authorization redirection URL, of which the domain name is provided by the auth client. After receiving the value of this parameter, the MPP must append _authCode_ and _authState_ to it and reconstruct a complete URL that redirects the user back to the merchant when the user completes the authorization process at the wallet side. The _authCode_, which is used to obtain the access token later, must follow the Alipay+ coding standard and the length must be within 32 bytes. The first 8 digits of the authorization code must be in the format of `281***13`. The fourth to sixth digits are assigned by Alipay+.

The following example shows a format of the complete authorization redirection URL: 

https://www.merchant.com/authorizationResult?authCode=281010133AB2F588D14B432312345678&authState=663A8FA9-D836-48EE-8AA1-1FF682989DC7

More information:

- Maximum length: 1024 characters

#### scopes (Array<String>, REQUIRED)

The authorization scopes, which means what resources or capabilities are authorized to the auth client. Valid values are:

-   `AGREEMENT_PAY`: indicates that the auth client can use an access token to deduct funds from the user's MPP account for Auto Debit payments.
-   `USER_LOGIN_ID`: indicates that the auth client can obtain the desensitized user login ID for the MPP platform by using the **applyToken** API.
-   `BASE_USER_INFO`: indicates that the auth client can obtain the unique user ID of the MPP platform.
-   `HASH_LOGIN_ID`: indicates that the auth client can obtain the hash user login ID of the MPP platform.
-   `SEND_OTP`: indicates that the auth client can send OTPs to the user.

#### customerBelongsTo (String, REQUIRED)

This parameter specifies which MPP the user's account belongs to, which is specified as the MPP app name selected by the user. The MPP app name is obtained from the value of the _walletName_ parameter that is returned in the response of the **consultPayment** API.

More information:

- Maximum length: 32 characters

#### authState (String, REQUIRED)

A string that is generated by the auth client to represent the **prepare** API request. The consistency of this field and that in the redirection URL needs to be guaranteed if the authorization code is returned.

More information:

- Maximum length: 256 characters

#### terminalType (String, REQUIRED)

The type of the auth client terminal that initiates the authorization. Valid values are:

-   `WEB`: indicates that the auth client terminal is a PC browser.
-   `WAP`: indicates that the auth client terminal is a mobile browser.
-   `APP`: indicates that the auth client terminal is a mobile app.

#### osType (String)

The operating system type of the auth client device. Valid values are:

-   `IOS`
-   `ANDROID`

This parameter is specified by Alipay+ if the value of the _teminalType_ parameter is `APP`/`WAP`.

#### osVersion (String)

The operating system version of the auth client device.

This parameter is specified by Alipay+ if the auth client has provided the OS version.

More information:

- Maximum length: 16 characters

#### authClientLogo (URL)

The URL for the MPP to display the auth client logo. The URL domain is provided by the auth client.

This parameter is specified by Alipay+ if the auth client has provided the logo.

More information:

- Maximum length: 2048 characters

#### userAgent (String)

The user agent of the auth client browser.

This parameter is specified by Alipay+ if the auth client has provided the user agent.

More information:

- Maximum length: 1024 characters

#### referenceAgreementId (String, REQUIRED)

The unique ID that is assigned by the auth client to identify an authorization.

More information:

- This field is an API idempotency field.See More information -- API idempotency for details.
- Maximum length: 64 characters

#### authNotifyUrl (URL)

The URL that Alipay+ uses to notify the auth client of the authorization information via the **authNotify** API.

**Important**: The notification must be sent to the specified URL if this parameter is specified.

More information:

- Maximum length: 2048 characters

#### referenceMerchantId (String, REQUIRED)

The unique ID that is assigned by the ACQP to identify a merchant.

More information:

- Maximum length: 32 characters

#### passThroughInfo (String)

The information that is passed through by the MPP to Alipay+. The value of this parameter is in the set of key-value pairs.

This parameter is specified by Alipay+ if the ACQP wants to pass information to the MPP.

More information:

- Maximum length: 20000 characters

## Response parameters

#### result (Result, REQUIRED)

The result of the business processing. If the value of the _result_._resultCode_ parameter is `SUCCESS`, the authorization URL is sent to Alipay+ successfully. For more information about how to return the result, see _How to return the result_.

##### resultCode (String, REQUIRED)

The result code that indicates the detailed processing result.

More information:

- Maximum length: 64 characters

##### resultStatus (String, REQUIRED)

The result status that indicates the processing result. Valid values are:

-   `S`: Successful
-   `F`: Failed
-   `U`: Unknown

##### resultMessage (String)

The result message that describes the result code in detail.

**I**t is recommended that you specify this parameter to provide details about the result.

More information:

- Maximum length: 256 characters

#### codeValue (String)

The value of the authorization QR code that the user scans with an MPP app to complete account binding. With this parameter, the merchant can render the authorization QR code on its web page.

Return this parameter if your app supports code scanning.

More information:

- Maximum length: 2048 characters

#### codeExpireTime (Datetime)

The expiration time of the authorization QR code. Return this parameter if the following two conditions are met:

-   The _codeValue_ parameter is returned.
-   The authorization QR code has an expiration time.

If you return the _codeValue_ parameter but not the _codeExpireTime_ parameter, it means the authorization QR code is permanently valid.

More information:

- The value follows the [ISO 8601](https://www.iso.org/iso-8601-date-and-time-format.html) standard format. For example, "2019-11-27T12:01:01+08:00".

#### schemeUrl (URL)

The authorization URL in the form of a URL scheme, which redirects users to an app.

Return this parameter if the value of the _result_._resultCode_ parameter is `SUCCESS`.

More information:

- Maximum length: 2048 characters

#### applinkUrl (URL)

The authorization URL in the form of a link that redirects users to an app, or, if no APP is installed, to a WAP page. For Android, the link is the native App Link; and for iOS, the Universal Link.

Return this parameter if the value of the _result_._resultCode_ parameter is `SUCCESS`.

More information:

- Maximum length: 2048 characters

#### normalUrl (URL)

The authorization URL that redirects users to a WAP or Web page in the browser.

Return this parameter if the value of the _result_._resultCode_ parameter is `SUCCESS`.

More information:

- Maximum length: 2048 characters

#### passThroughInfo (String)

The information that is passed through by Alipay+ to the MPP. The value of this parameter is in the set of key-value pairs.

Return this parameter if the MPP wants to pass information to the ACQP.

More information:

- Maximum length: 20000 characters

## More information

### How to return the result

According to the request processing result, the MPP needs to return the corresponding result (specified by the _result_ parameter):

-   If the business processing succeeds, set the value of _result.resultStatus_ to `S` and the value of _result.resultCode_ to `SUCCESS`, and return the authorization URL to Alipay+.
-   If the business processing fails, set the value of _result.resultStatus_ to `F` and the value of _result.resultCode_ accordingly.
-   If the business processing result is unknown, set the value of _result.resultStatus_ to `U` and the value of _result.resultCode_ accordingly.

For more information about how to define your result codes, see the _Result codes_ section below.

### API idempotency

The _authClientId_ parameter and the _referenceAgreementId_ parameter are jointly used for idempotency control. For requests that are initiated with the same _authClientId_ and _referenceAgreementId_, the MPP must return the same result.

The MPP is recommended to check the consistency of the following key request parameters: _authClientName, referenceMerchantId, authRedirectUrl_, and s_copes._ If any of their values is different from that in the previous request, the MPP needs to return the REPEAT\_REQ\_INCONSISTENT result code.  

### schemeUrl/applinkUrl/normalUrl

The values of the _schemeUrl, applinkUrl, and normalUrl_ parameters are different depending on the value of the _terminalType_ parameter.

## Result/Error codes

| Code | Value | Message |
| --- | --- | --- |
| SUCCESS | S | Success |
| ACCESS_DENIED | F | Access is denied. |
| INVALID_CLIENT | F | The client is invalid. |
| INVALID_SIGNATURE | F | The signature is invalid. |
| KEY_NOT_FOUND | F | The key is not found. |
| MEDIA_TYPE_NOT_ACCEPTABLE | F | The server does not implement the media type that is acceptable to the client. |
| METHOD_NOT_SUPPORTED | F | The server does not implement the requested HTTPS method. |
| NO_INTERFACE_DEF | F | API is not defined. |
| PARAM_ILLEGAL | F | Illegal parameters. For example, non-numeric input, invalid date. |
| PROCESS_FAIL | F | A general business failure occurred. Do not retry. |
| REQUEST_TRAFFIC_EXCEED_LIMIT | U | The request traffic exceeds the limit. |
| UNKNOWN_EXCEPTION | U | An API call failed, which is caused by unknown reasons. |

## Request

### ALIPAY, ALIPAY_HK, DANA, H5, DIRECT

```json
{
  "acquirerId": "102218800000001234",
  "pspId": "102208800000001234",
  "authClientId": "2188123412341234",
  "authClientName": "Merchant",
  "authClientDisplayName": "Merchant display",
  "referenceMerchantId": "2188123412341230",
  "authRedirectUrl": "https://www.merchant.com/authenticationResult?param1=123&param2=234",
  "scopes": [
    "AGREEMENT_PAY"
  ],
  "customerBelongsTo": "ALIPAY_CN",
  "authState": "663A8FA9-D836-48EE-8AA1-1FF682989DC7",
  "terminalType": "APP",
  "referenceAgreementId": "aNDJWQNNabdad1234",
  "osType": "IOS",
  "osVersion": "11.0.2",
  "authNotifyUrl": "https://www.alipayplus.com/authenticationNotify?referenceAgreementId=aNDJWQNNabdad1234"
}
```

## Response

```json
{
  "result": {
    "resultCode": "SUCCESS",
    "resultMessage": "Success",
    "resultStatus": "S"
  },
  "codeValue": "https://qr.alipayplus.com/aps/long/qwxe9x",
  "codeExpireTime": "2019-06-01T12:01:01+08:30",
  "applinkUrl": "https://applink.openauth.xxx.com/authentication.htm?authId=FBF16F91-28FB-47EC-B9BE-27B285C23CD3",
  "normalUrl": "https://openauth.xxx.com/authentication.htm?authId=FBF16F91-28FB-47EC-B9BE-27B285C23CD3",
  "schemeUrl": "scheme://cashierpay?param=1"
}
```