# Receive authorization notification

By integrating the **authNotify** API, the Acquiring Service Provider (ACQP) can receive authorization notifications from Alipay+ in the following three scenarios:

-   An authorization code is created at the Mobile Payment Provider (MPP) side.
-   An access token is created at the MPP side.
-   An access token is canceled at the MPP side due to one of the following reasons:

-   A user successfully unbinds the merchant platform account and the MPP platform account through the merchant platform with the **cancelToken** API.
-   A user successfully unbinds the merchant platform account and the MPP platform account through the MPP side.
-   The MPP has to unbind the user account directly from the back-end system.

The following sections introduce how to process the **authNotify** request in different scenarios.

## Scenario 1: An authorization code is created

In this scenario, Alipay+ sends an **authNotify** request to the ACQP when an authorization code is created at the MPP side.

### Processing logic

-   The following list provides the key information that the ACQP needs to take into consideration when handling the request parameters of the **authNotify** API:

-   _authorizationNotifyType_: as the notification is sent out to notify the ACQP of the auth code, the value is set as `AUTHCODE_CREATED`.
-   _authCode_: used by confidential and public clients to exchange for an access token. This parameter is only available when _authorizationNotifyType_ is set as `AUTHCODE_CREATED`.
-   _authState_: specifies the authorization statement. The value is consistent with the one that is specified on the _authState_ parameter of the **prepare** request. This parameter is only available when _authorizationNotifyType_ is set as `AUTHCODE_CREATED`.
-   _customerId_: The unique ID that is assigned by the wallet to identify a user. The parameter is available when the authorization is successful.

-   After the ACQP successfully handles the notification request, the ACQP needs to return a response to Alipay+. Alipay+ provides a notification retry mechanism if the _result.resultCode_ parameter in the notification response returned from the ACQP is not `S`. For the best practices about how to handle the notification, see [Handle a notification](handle_notification).

### Sample

Alipay+ sends an **authNotify** request to the ACQP.

```plaintext
{
  "authorizationNotifyType":"AUTHCODE_CREATED",
  "authClientId": "218823863726*********",
  "referenceMerchantId": "218823863726*********",
  "authCode": "281010133AB2F588D14B43231234****",
  "authState": "663A8FA9-D836-48EE-8AA1-1FF682989DC7",
  "referenceAgreementId": "aNDJWQNNabdad****",
  "acquirerId": "102xxxxxxxxxxxx0001",
  "pspId":"102xxxxxxxxxxxx0001"
}
```

The ACQP returns a response to Alipay+.

```plaintext
{
    "result": {
        "resultCode": "SUCCESS",
        "resultMessage": "Success",
        "resultStatus": "S"
    }
}
```

For more information about how to use the **authNotify** API (such as the field description and format), see the [**authNotify**](../api_acq_tile/auth_notify) API.

## Scenario 2: An access token is created

In this scenario, Alipay+ sends an **authNotify** request to the ACQP when an access token is created at the MPP side.

### Processing logic

-   The following list provides the key information that the ACQP needs to take into consideration when handling the request parameters of the **authNotify** API:

-   _authorizationNotifyType_: as the notification is sent out to notify the ACQP of the access token, the value is set as `TOKEN_CREATED`.
-   _accessToken_: specifies the access token from Alipay+, which is used by the auth client to initiate a payment against the user.
-   _accessTokenExpiryTime_: specifies the expiration time of the access token, after which the auth client cannot use this access token to deduct funds from the user's account.
-   _refreshToken_: used by the auth client to request a new access token when the current access token expires. With this parameter, a valid access token can be obtained continuously without any further interaction with the user.
-   _refreshTokenExpiryTime_: the expiration time of the refresh token, after which the auth client cannot use this token to retrieve a new access token.
-   _walletForAccountBinding_: the wallet that is selected by the user for account binding. Specified only if the access token is successfully created.

-   After the ACQP successfully handles the notification request, the ACQP needs to return a response to Alipay+. Alipay+ provides a notification retry mechanism if the _result.resultCode_ parameter in the notification response returned from the Acquiring Service Provider is not `S`. For the best practices about how to handle the notification, see [Handle a notification](handle_notification).

### Sample

Alipay+ sends an **authNotify** request to the ACQP.

```plaintext
{
    "authorizationNotifyType": "TOKEN_CREATED",
    "authClientId": "218823863726123456789",
    "referenceMerchantId": "218823863726123456780",
    "referenceAgreementId": "667d730b56123456789",
    "accessToken": "281010033AB2F588D14B4323863726123456789",
    "accessTokenExpiryTime": "2022-06-06T12:12:12+08:00",
    "refreshToken": "2810100334F62CBC577F468AAC123456789",
    "refreshTokenExpiryTime": "2022-06-08T12:12:12+08:00",
    "scopes": [
        "AGREEMENT_PAY",
        "USER_LOGIN_ID"
    ],
    "customerId": "278980891234567891234567891",
    "userLoginId": "62-34312736",
    "acquirerId": "1021234567891230001",
    "pspId": "1021234567891230002",
    "walletForAccountBinding": {
        "walletName": "AlipayCN",
        "walletBrandName": "AlipayCN",
        "walletLogo": {
            "logoName": "AlipayCN",
            "logoUrl": "https://www.alipayplus.com/logo/20022222xxx.png"
        }
    }
}
```

The ACQP returns a response to Alipay+.

```plaintext
{
    "result": {
        "resultCode": "SUCCESS",
        "resultStatus": "S",
        "resultMessage": "success"
    }
}
```

For more information about how to use the **authNotify** API (such as the field description and format), see the [**authNotify**](../api_acq_tile/auth_notify) API.

## Scenario 3: An access token is canceled

In this scenario, Alipay+ sends an **authNotify** request to the ACQP when an access token is canceled at the MPP side.

### Processing logic

-   The following list provides the key information that the ACQP needs to take into consideration when handling the request parameters of the **authNotify** API:

-   _authorizationNotifyType_: the value is set to `TOKEN_CANCELED` to indicate the access token in the request has been deactivated by the MPP. The merchant cannot use the access token for any further interactions.
-   _accessToken_: specifies the access token that needs to be revoked.
-   _tokenCancelSource_: specifies the source of the unbinding. The value is set to `ACQUIRER` if the account unbinding process is initiated from the merchant side. The value is set to `PSP` if the account unbinding process is initiated from the MPP side.

-   After the ACQP successfully handles the notification request, the ACQP needs to return a response to Alipay+. Alipay+ provides a notification retry mechanism if the _result.resultCode_ parameter in the notification response returned from the ACQP is not `S`. For the best practices about how to handle the notification, see [Handle a notification](handle_notification).

The ACQP also needs to sync the notification with the merchant.

### Sample

Alipay+ sends an **authNotify** request to the ACQP if the account unbinding process is initiated from the merchant side.

```plaintext
{
    "authorizationNotifyType": "TOKEN_CANCELED",
    "authClientId": "218xxxxxxxxx1234",
    "referenceMerchantId": "218823863726*********",
    "accessToken": "663xxxxxxxxxxxxxxxxxxxxxxxxx9DC7",
    "tokenCancelSource": "ACQUIRER",
    "acquirerId": "102xxxxxxxxxxxx0001",
    "pspId":"102xxxxxxxxxxxx0001"
}
```

Alipay+ sends an **authNotify** request to the ACQP if the account unbinding process is initiated from the merchant side.

```plaintext
{
    "authorizationNotifyType": "TOKEN_CANCELED",
    "authClientId": "218xxxxxxxxx1234",
    "referenceMerchantId": "218823863726*********",
    "accessToken": "663xxxxxxxxxxxxxxxxxxxxxxxxx9DC7",
    "tokenCancelSource": "PSP",
    "acquirerId": "102xxxxxxxxxxxx0001",
    "pspId":"102xxxxxxxxxxxx0001"
}
```

The ACQP returns a response to Alipay+.

```plaintext
{
    "result": {
        "resultCode": "SUCCESS",
        "resultMessage": "Success",
        "resultStatus": "S"
    }
}
```

For more information about how to use the **authNotify** API (such as the field description and format), see the [**authNotify**](../api_acq_tile/auth_notify) API.