Alipay+ DocsAlipay+ Docs

sendOTPAlipay+ → MPP

Alipay+ uses the sendOTP API to request that the Mobile Payment Provider (MPP) sends a one-time password (OTP) to the user. This API is used in risk control scenarios where the user identity needs to be verified with OTPs. 

Note: In the following sections, the MPP is also known as PSP. For example, pspId refers to the ID that identifies an MPP. 

Structure

A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see:

Note:

1. Set the data type of each parameter (except array) as String. This means that you must use double quotation marks (" ") to enclose the parameter value. Examples:

  • If the data type of a parameter is Integer and its value is 20, set it as "20".
  • If the data type of a parameter is Boolean and its value is true, set it as "true".  

2. For optional parameters that are not required in your case, you can take one of the following actions:

  • Exclude the parameters from the request body. 
  • Set the parameter values as null (without the double quotation marks). 

Do NOT leave the optional parameters empty by setting their values as ""; otherwise, an error might occur.  

Request parameters

acquirerId String  REQUIRED

The unique ID that is assigned by Alipay+ to identify an Acquiring Service Provider (ACQP). 

More information:

  • Maximum length: 64 characters

pspId String  REQUIRED

The unique ID that is assigned by Alipay+ to identify an MPP. 

More information:

  • Maximum length: 64 characters

accessToken String  REQUIRED

The token that is used to access the MPP user's resources. For the sendOTP API, the access token is used to specify the user. 

More information:

  • Maximum length: 128 characters

verifyType String  

The verification type. Valid values are:

  • MOBILE: indicates that the OTP is sent to the user's mobile phone.
  • EMAIL: indicates that the OTP is sent to the user's email.

By default, the value of this parameter is MOBILE

Response parameters

result Result  REQUIRED

The result of the OTP sending. For more information about how to return the OTP sending result, see How to return the result

Show child parameters

verifyRequestId String  

The unique ID that is assigned by the MPP to identify an OTP. After the user provides the OTP, Alipay+ uses this parameter in the verifyOTP API to check if the OTP is correct.

Return this parameter if the value of the result.resultStatus parameter is S.

More information:

  • Maximum length: 64 characters
API Explorer

Request

Request Body

Response

Response Body

More information

How to return the result

According to the request processing result, the MPP needs to return the corresponding result (specified by the result parameter):

  • If the OTP sending succeeds, set the value of result.resultStatus to S and the value of result.resultCode to SUCCESS.
  • If the OTP sending fails, set the value of result.resultStatus to F and the value of result.resultCode accordingly.
  • If the OTP sending result is unknown, set the value of result.resultStatus to U and the value of result.resultCode accordingly.

For more information about how to define your result codes, see the Result codes section below. 

Result/Error codes

CodeValueMessage
SUCCESSSSuccess
ACCESS_DENIEDFAccess is denied.
EXPIRED_ACCESS_TOKENFThe access token is expired.
INVALID_CLIENTFThe client is invalid.
INVALID_SIGNATUREFThe signature is invalid.
INVALID_TOKENFThe access token is invalid.
KEY_NOT_FOUNDFThe key is not found.
MEDIA_TYPE_NOT_ACCEPTABLEFThe server does not implement the media type that is acceptable to the client.
METHOD_NOT_SUPPORTEDFThe server does not implement the requested HTTPS method.
NO_INTERFACE_DEFFAPI is not defined.
OTP_SEND_TIMES_EXCEED_LIMITFThe times of sending OTP exceed the limit.
PARAM_ILLEGALFIllegal parameters. For example, non-numeric input, invalid date.
PROCESS_FAILFA general business failure occurred. Do not retry.
USER_NOT_EXISTFThe user does not exist.
USER_STATUS_ABNORMALFThe user status is abnormal.
REQUEST_TRAFFIC_EXCEED_LIMITUThe request traffic exceeds the limit.
UNKNOWN_EXCEPTIONUAn API call failed, which is caused by unknown reasons.