Alipay+ DocsAlipay+ Docs

Refresh the access token

By calling the applyToken API with the valid existing refresh token, the Acquiring Service Provider (ACQP) can request a new pair of access token and refresh token from Alipay+ if the merchant wants to deactivate the existing access token and get a new access token for the same authorization.

Processing logic

  • The following list provides the key information that the ACQP needs to take into consideration when configuring the request parameters of the applyToken API to refresh the access token:
  • authClientId: the unique identifier for the auth client. Normally, it is a unique ID for the merchant.
  • grantType: to refresh an access token with the refresh token, set the grant type as REFRESH_TOKEN.
  • refreshToken: specifies the refresh token that is retrieved from the response of the applyToken API request.
  • The following table lists the different results that the ACQP might receive from Alipay+.

result.resultStatus

result.resultCode

Actions

S

SUCCESS

A new access token has been generated successfully. The ACQP sends the access token to the merchant, who then proceeds to the next action.

F

...

The access token application failed. Take actions according to the error message in result.resultCode.

U

...

The result of the access token application is unknown. The ACQP syncs the result with the merchant and waits for the authorization notification from Alipay+. The merchant can either wait for the authorization notification from Alipay+ via the ACQP or retry the same request.

No result received

  • When an access token and refresh token are generated, the accessTokenExpiryTime and refreshTokenExpiryTime parameters are also specified by Alipay+ and returned to the merchant. The merchant needs to set up the token refresh process, which ensures that the token refresh process is initiated before the original access token expired.
  • The expiry period is defined by the Mobile Payment Provider (MPP). Different MPPs might have different requirements of the expiry period.

Sample

The ACQP sends an applyToken request to Alipay+ to refresh the access token.

copy
{
    "authClientId": "218xxxxxxxxx1234",
    "grantType": "REFRESH_TOKEN",
    "refreshToken": "281xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7811"
}

Alipay+ returns a response to the ACQP.

copy
{
    "acquirerId": "102xxxxxxxxxxx0001",
    "pspId": "102xxxxxxxxxxx0001",
    "result": {
        "resultCode": "SUCCESS",
        "resultMessage": "Success",
        "resultStatus": "S"
    },
    "accessToken": "281xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxAF35",
    "accessTokenExpiryTime": "2019-06-06T12:12:12+08:00",
    "refreshToken": "281xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7811",
    "refreshTokenExpiryTime": "2019-06-08T12:12:12+08:00",
    "customerId": "27898089xxxxxxxxxxxxxxxx1",
    "userLoginId": "138******27"
}

For more information about how to use the applyToken API (such as the field description and format), see applyToken.