# Send authorization notification

By integrating the **authNotify** API, the Mobile Payment Provider (MPP) can send authorization notifications to Alipay+ in the following three scenarios:

-   An authorization code is created at the MPP side.
-   An access token is created at the MPP side.
-   An access token is canceled at the MPP side.

The topic introduces how to call the **authNotify** API in different scenarios.

## Scenario 1: An authorization code is created

In this scenario, the MPP calls the **authNotify** API to asynchronously notify Alipay+ of the authorization code that is created at the MPP side.

### Processing logic

When calling the **authNotify** API request, ensure the following parameters are configured properly in the request:

-   _authorizationNotifyType:_ Set the value to `AUTHCODE_CREATED` to indicate that the notification is about authorization code creation.

### Sample

The MPP sends a request to Alipay+ to notify that the authorization code is created at the MPP side.

```json
{
  "authorizationNotifyType":"AUTHCODE_CREATED",
  "authClientId": "218823863726123456789",
  "referenceMerchantId": "218823863726123456789",
  "authCode": "281010133AB2F588D14B432312345678",
  "authState": "663A8FA9-D836-48EE-8AA1-1FF682989DC7",
  "referenceAgreementId": "aNDJWQNNabdad1234"
}
```

Alipay+ returns a response to the MPP.

```json
{
   "result": {
    "resultCode":"SUCCESS",
    "resultStatus":"S",
    "resultMessage":"success"
   },
  "acquirerId": "1021234567891230001",
  "pspId":"1021234567891230002"
}
```

### More information

For more information about how to call the **authNotify** API and handle the response, see [authNotify](../api_mpp/auth_notify).

## Scenario 2: An access token is created

In this scenario, the MPP calls the **authNotify** API to notify Alipay+ of the access token that is created at the MPP side.

### Processing logic

When calling the **authNotify** API request, ensure the following parameters are configured properly in the request:

-   _authorizationNotifyType_: Set the value to `TOKEN_CREATED` to indicate that the notification is about access token creation.
-   _userLoginId_: In certain country/region, per regulatory requirements, when the value of the _scopes_ parameter in the **prepare** API request includes `USER_LOGIN_ID`, the MPP must mask the user login ID to protect sensitive information.

### Sample

The MPP sends a request to Alipay+ to notify that the access token is created at the MPP side.

```json
{
  "authorizationNotifyType":"TOKEN_CREATED",
  "authClientId": "218823863726123456789",
  "referenceMerchantId": "218823863726123456789",
  "referenceAgreementId": "667d730b56123456789",
  "accessToken": "281010033AB2F588D14B4323863726123456789",
  "accessTokenExpiryTime": "2022-06-06T12:12:12+08:00",
  "refreshToken": "2810100334F62CBC577F468AAC123456789",
  "refreshTokenExpiryTime": "2022-06-08T12:12:12+08:00",
  "scopes": ["AGREEMENT_PAY"],
  "customerId":"2789808912345678912345671",
  "userLoginId":"62-***2736"
}
```

Alipay+ returns a response to the MPP.

```json
{
   "result": {
    "resultCode":"SUCCESS",
    "resultStatus":"S",
    "resultMessage":"success"
   },
  "acquirerId": "1021234567891230001",
  "pspId":"1021234567891230002"
}
```

### More information

For more information about how to call the **authNotify** API and handle the response, see [authNotify](../api_mpp/auth_notify).

## Scenario 3: An access token is canceled

In this scenario, the MPP calls the **authNotify** API to asynchronously notify Alipay+ that an access token is revoked at the MPP side.

The MPP might revoke an access token due to one of the following reasons:

-   A user successfully unbinds the merchant account and the MPP account through the merchant platform with the **cancelToken** API.
-   A user successfully unbinds the merchant account and the MPP account through the MPP side.
-   The MPP directly unbinds the user account from its back-end system.

For more information about account unbinding, see [Unbind the user account](account_unbinding).

### Processing logic

When calling the **authNotify** API request, ensure the following parameters are configured properly in the request:

-   _authorizationNotifyType_: Set the value to `TOKEN_CANCELED` to indicate that the notification is about access token cancellation.
-   _reason:_ If the MPP directly unbinds the user account from its back-end system due to reasons such as customer complaints, the MPP needs to specify this parameter to provide a reason.

### Sample

MPP sends a request to Alipay+ to notify that the access token is revoked at the MPP side.

```json
{
  "authorizationNotifyType":"TOKEN_CANCELED",
  "authClientId": "218823863726123456789",
  "referenceMerchantId": "218823863726123456789",
  "accessToken": "281010033AB2F588D14B4323123456789"
}
```

Alipay+ returns a response to MPP.

```json
{
   "result": {
    "resultCode":"SUCCESS",
    "resultStatus":"S",
    "resultMessage":"success"
   },
  "acquirerId": "1021234567891230001",
  "pspId":"1021234567891230002"
}
```

### More information

For more information about how to call the **authNotify** API and handle the response, see [authNotify](../api_mpp/auth_notify).