Alipay+ DocsAlipay+ Docs

Refresh the access token

By calling the applyToken API with the valid existing refresh token, the Acquiring Service Provider (ACQP) can request a new pair of access token and refresh token from Alipay+ if the merchant wants to deactivate the existing access token and get a new access token for the same authorization.

Processing logic

  • The following list provides the key information that the ACQP needs to take into consideration when configuring the request parameters of the applyToken API to refresh the access token:
  • authClientId: the unique identifier for the auth client. Normally, it is a unique ID for the merchant.
  • grantType: to refresh an access token with the refresh token, set the grant type as REFRESH_TOKEN.
  • refreshToken: specifies the refresh token that is retrieved from the response of the applyToken API request.
  • The following table lists the different results that the ACQP might receive from Alipay+.






A new access token has been generated successfully. The ACQP sends the access token to the merchant, who then proceeds to the next action.



The access token application failed. Take actions according to the error message in result.resultCode.



The result of the access token application is unknown. The ACQP syncs the result with the merchant and waits for the authorization notification from Alipay+. The merchant can either wait for the authorization notification from Alipay+ via the ACQP or retry the same request.

No result received

  • When an access token and refresh token are generated, the accessTokenExpiryTime and refreshTokenExpiryTime parameters are also specified by Alipay+ and returned to the merchant. The merchant needs to set up the token refresh process, which ensures that the token refresh process is initiated before the original access token expired.
  • The expiry period is defined by the Mobile Payment Provider (MPP). Different MPPs might have different requirements of the expiry period.


The ACQP sends an applyToken request to Alipay+ to refresh the access token.

    "authClientId": "218xxxxxxxxx1234",
    "grantType": "REFRESH_TOKEN",
    "refreshToken": "281xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7811"

Alipay+ returns a response to the ACQP.

    "acquirerId": "102xxxxxxxxxxx0001",
    "pspId": "102xxxxxxxxxxx0001",
    "result": {
        "resultCode": "SUCCESS",
        "resultMessage": "Success",
        "resultStatus": "S"
    "accessToken": "281xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxAF35",
    "accessTokenExpiryTime": "2019-06-06T12:12:12+08:00",
    "refreshToken": "281xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7811",
    "refreshTokenExpiryTime": "2019-06-08T12:12:12+08:00",
    "customerId": "27898089xxxxxxxxxxxxxxxx1",
    "userLoginId": "138******27"

For more information about how to use the applyToken API (such as the field description and format), see applyToken.