Refresh the access token
By calling the applyToken API with the valid existing refresh token, the Acquiring Service Provider (ACQP) can request a new pair of access token and refresh token from Alipay+ if the merchant wants to deactivate the existing access token and get a new access token for the same authorization.
Processing logic
- The following list provides the key information that the ACQP needs to take into consideration when configuring the request parameters of the applyToken API to refresh the access token:
- authClientId: the unique identifier for the auth client. Normally, it is a unique ID for the merchant.
- grantType:
to refresh an access token with the refresh token, set the grant type asREFRESH_TOKEN
. - refreshToken: specifies the refresh token that is retrieved from the response of the applyToken API request.
- The following table lists the different results that the ACQP might receive from Alipay+.
result.resultStatus | result.resultCode | Actions |
S | SUCCESS | A new access token has been generated successfully. The ACQP sends the access token to the merchant, who then proceeds to the next action. |
F | ... | The access token application failed. Take actions according to the error message in result.resultCode. |
U | ... | The result of the access token application is unknown. The ACQP syncs the result with the merchant and waits for the authorization notification from Alipay+. The merchant can either wait for the authorization notification from Alipay+ via the ACQP or retry the same request. |
No result received |
- When an access token and refresh token are generated, the accessTokenExpiryTime and refreshTokenExpiryTime parameters are also specified by Alipay+ and returned to the merchant. The merchant needs to set up the token refresh process, which ensures that the token refresh process is initiated before the original access token expired.
- The expiry period is defined by the Mobile Payment Provider (MPP). Different MPPs might have different requirements of the expiry period.
Sample
The ACQP sends an applyToken request to Alipay+ to refresh the access token.
{
"authClientId": "218xxxxxxxxx1234",
"grantType": "REFRESH_TOKEN",
"refreshToken": "281xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7811"
}
Alipay+ returns a response to the ACQP.
{
"acquirerId": "102xxxxxxxxxxx0001",
"pspId": "102xxxxxxxxxxx0001",
"result": {
"resultCode": "SUCCESS",
"resultMessage": "Success",
"resultStatus": "S"
},
"accessToken": "281xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxAF35",
"accessTokenExpiryTime": "2019-06-06T12:12:12+08:00",
"refreshToken": "281xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7811",
"refreshTokenExpiryTime": "2019-06-08T12:12:12+08:00",
"customerId": "27898089xxxxxxxxxxxxxxxx1",
"userLoginId": "138******27"
}
For more information about how to use the applyToken API (such as the field description and format), see applyToken.