Send authorization notification
By integrating the authNotify API, the Mobile Payment Provider (MPP) can send authorization notifications to Alipay+ in the following three scenarios:
- An authorization code is created at the MPP side.
- An access token is created at the MPP side.
- An access token is canceled at the MPP side.
The topic introduces how to call the authNotify API in different scenarios.
Scenario 1: An authorization code is created
In this scenario, the MPP calls the authNotify API to asynchronously notify Alipay+ of the authorization code that is created at the MPP side.
Processing logic
When calling the authNotify API request, ensure the following parameters are configured properly in the request:
- authorizationNotifyType: Set the value to
AUTHCODE_CREATED
to indicate that the notification is about authorization code creation.
Sample
The MPP sends a request to Alipay+ to notify that the authorization code is created at the MPP side.
{
"authorizationNotifyType":"AUTHCODE_CREATED",
"authClientId": "218823863726123456789",
"referenceMerchantId": "218823863726123456789",
"authCode": "281010133AB2F588D14B432312345678",
"authState": "663A8FA9-D836-48EE-8AA1-1FF682989DC7",
"referenceAgreementId": "aNDJWQNNabdad1234"
}
Alipay+ returns a response to the MPP.
{
"result": {
"resultCode":"SUCCESS",
"resultStatus":"S",
"resultMessage":"success"
},
"acquirerId": "1021234567891230001",
"pspId":"1021234567891230002"
}
More information
For more information about how to call the authNotify API and handle the response, see authNotify.
Scenario 2: An access token is created
In this scenario, the MPP calls the authNotify API to notify Alipay+ of the access token that is created at the MPP side.
Processing logic
When calling the authNotify API request, ensure the following parameters are configured properly in the request:
- authorizationNotifyType: Set the value to
TOKEN_CREATED
to indicate that the notification is about access token creation. - userLoginId: In certain country/region, per regulatory requirements, when the value of the scopes parameter in the prepare API request includes
USER_LOGIN_ID
, the MPP must mask the user login ID to protect sensitive information.
Sample
The MPP sends a request to Alipay+ to notify that the access token is created at the MPP side.
{
"authorizationNotifyType":"TOKEN_CREATED",
"authClientId": "218823863726123456789",
"referenceMerchantId": "218823863726123456789",
"referenceAgreementId": "667d730b56123456789",
"accessToken": "281010033AB2F588D14B4323863726123456789",
"accessTokenExpiryTime": "2022-06-06T12:12:12+08:00",
"refreshToken": "2810100334F62CBC577F468AAC123456789",
"refreshTokenExpiryTime": "2022-06-08T12:12:12+08:00",
"scopes": ["AGREEMENT_PAY"],
"customerId":"2789808912345678912345671",
"userLoginId":"62-***2736"
}
Alipay+ returns a response to the MPP.
{
"result": {
"resultCode":"SUCCESS",
"resultStatus":"S",
"resultMessage":"success"
},
"acquirerId": "1021234567891230001",
"pspId":"1021234567891230002"
}
More information
For more information about how to call the authNotify API and handle the response, see authNotify.
Scenario 3: An access token is canceled
In this scenario, the MPP calls the authNotify API to asynchronously notify Alipay+ that an access token is revoked at the MPP side.
The MPP might revoke an access token due to one of the following reasons:
- A user successfully unbinds the merchant account and the MPP account through the merchant platform with the cancelToken API.
- A user successfully unbinds the merchant account and the MPP account through the MPP side.
- The MPP directly unbinds the user account from its back-end system.
For more information about account unbinding, see Unbind the user account.
Processing logic
When calling the authNotify API request, ensure the following parameters are configured properly in the request:
- authorizationNotifyType: Set the value to
TOKEN_CANCELED
to indicate that the notification is about access token cancellation. - reason: If the MPP directly unbinds the user account from its back-end system due to reasons such as customer complaints, the MPP needs to specify this parameter to provide a reason.
Sample
MPP sends a request to Alipay+ to notify that the access token is revoked at the MPP side.
{
"authorizationNotifyType":"TOKEN_CANCELED",
"authClientId": "218823863726123456789",
"referenceMerchantId": "218823863726123456789",
"accessToken": "281010033AB2F588D14B4323123456789"
}
Alipay+ returns a response to MPP.
{
"result": {
"resultCode":"SUCCESS",
"resultStatus":"S",
"resultMessage":"success"
},
"acquirerId": "1021234567891230001",
"pspId":"1021234567891230002"
}
More information
For more information about how to call the authNotify API and handle the response, see authNotify.