Alipay+ DocsAlipay+ Docs
APIs & SDKs

Send authorization notification

By integrating the authNotify API, the Mobile Payment Provider (MPP) can send authorization notifications to Alipay+ in the following three scenarios:

  • An authorization code is created at the MPP side.
  • An access token is created at the MPP side.
  • An access token is canceled at the MPP side.

The topic introduces how to call the authNotify API in different scenarios.

Scenario 1: An authorization code is created

In this scenario, the MPP calls the authNotify API to asynchronously notify Alipay+ of the authorization code that is created at the MPP side.

Processing logic

When calling the authNotify API request, ensure the following parameters are configured properly in the request:

  • authorizationNotifyType: Set the value to AUTHCODE_CREATED to indicate that the notification is about authorization code creation.

Sample

The MPP sends a request to Alipay+ to notify that the authorization code is created at the MPP side.

copy
{
  "authorizationNotifyType":"AUTHCODE_CREATED",
  "authClientId": "218823863726123456789",
  "referenceMerchantId": "218823863726123456789",
  "authCode": "281010133AB2F588D14B432312345678",
  "authState": "663A8FA9-D836-48EE-8AA1-1FF682989DC7",
  "referenceAgreementId": "aNDJWQNNabdad1234"
}

Alipay+ returns a response to the MPP.

copy
{
   "result": {
    "resultCode":"SUCCESS",
    "resultStatus":"S",
    "resultMessage":"success"
   },
  "acquirerId": "1021234567891230001",
  "pspId":"1021234567891230002"
}

More information

For more information about how to call the authNotify API and handle the response, see authNotify.

Scenario 2: An access token is created

In this scenario, the MPP calls the authNotify API to notify Alipay+ of the access token that is created at the MPP side.

Processing logic

When calling the authNotify API request, ensure the following parameters are configured properly in the request:

  • authorizationNotifyType: Set the value to TOKEN_CREATED to indicate that the notification is about access token creation.
  • userLoginId: In certain country/region, per regulatory requirements, when the value of the scopes parameter in the prepare API request includes USER_LOGIN_ID, the MPP must mask the user login ID to protect sensitive information.

Sample

The MPP sends a request to Alipay+ to notify that the access token is created at the MPP side.

copy
{
  "authorizationNotifyType":"TOKEN_CREATED",
  "authClientId": "218823863726123456789",
  "referenceMerchantId": "218823863726123456789",
  "referenceAgreementId": "667d730b56123456789",
  "accessToken": "281010033AB2F588D14B4323863726123456789",
  "accessTokenExpiryTime": "2022-06-06T12:12:12+08:00",
  "refreshToken": "2810100334F62CBC577F468AAC123456789",
  "refreshTokenExpiryTime": "2022-06-08T12:12:12+08:00",
  "scopes": ["AGREEMENT_PAY"],
  "customerId":"2789808912345678912345671",
  "userLoginId":"62-***2736"
}

Alipay+ returns a response to the MPP.

copy
{
   "result": {
    "resultCode":"SUCCESS",
    "resultStatus":"S",
    "resultMessage":"success"
   },
  "acquirerId": "1021234567891230001",
  "pspId":"1021234567891230002"
}

More information

For more information about how to call the authNotify API and handle the response, see authNotify.

Scenario 3: An access token is canceled

In this scenario, the MPP calls the authNotify API to asynchronously notify Alipay+ that an access token is revoked at the MPP side.

The MPP might revoke an access token due to one of the following reasons:

  • A user successfully unbinds the merchant account and the MPP account through the merchant platform with the cancelToken API.
  • A user successfully unbinds the merchant account and the MPP account through the MPP side.
  • The MPP directly unbinds the user account from its back-end system.

For more information about account unbinding, see Unbind the user account.

Processing logic

When calling the authNotify API request, ensure the following parameters are configured properly in the request:

  • authorizationNotifyType: Set the value to TOKEN_CANCELED to indicate that the notification is about access token cancellation.
  • reason: If the MPP directly unbinds the user account from its back-end system due to reasons such as customer complaints, the MPP needs to specify this parameter to provide a reason.

Sample

MPP sends a request to Alipay+ to notify that the access token is revoked at the MPP side.

copy
{
  "authorizationNotifyType":"TOKEN_CANCELED",
  "authClientId": "218823863726123456789",
  "referenceMerchantId": "218823863726123456789",
  "accessToken": "281010033AB2F588D14B4323123456789"
}

Alipay+ returns a response to MPP.

copy
{
   "result": {
    "resultCode":"SUCCESS",
    "resultStatus":"S",
    "resultMessage":"success"
   },
  "acquirerId": "1021234567891230001",
  "pspId":"1021234567891230002"
}

More information

For more information about how to call the authNotify API and handle the response, see authNotify.

Learn more about

Home
Get Support
Need more help?