Alipay+ DocsAlipay+ Docs

Refresh the access token

The merchant can use the applyToken API to refresh the access token when the original access token is about to expire or has expired. This topic introduces the actions that you (the MPP) need to take to process requests for refreshing the access token.

Processing logic

When handling the applyToken API request, take the following things into consideration:

  • Handle the request properly, especially the following parameters:
    • grantType: When Alipay+ uses the refresh token to refresh the existing access token, the value of this parameter is set as REFRESH_TOKEN.
    • refreshToken: The refresh token that is used to refresh the existing access token.
  • Ensure the following parameters are configured properly in the response:
    • result.resultStatus: The MPP needs to check the validity of the refresh token.
      • If the refresh token is invalid, the MPP needs to returnĀ a result.resultStatus of F with error code INVALID_REFRESH_TOKEN.
      • If the refresh token is expired, the MPP needs to return a result.resultStatus of F with error code EXPIRED_REFRESH_TOKEN/INVALID_REFRESH_TOKEN.
    • accessToken and refreshToken: If the request is successful, the MPP needs to return a new pair of accessToken and refreshToken, and set the original accessToken and refreshToken to be invalid.
      • Considering special cases, such as network jitter, it is recommended that the MPP set a time duration of 5 minutes, during which the same refreshToken can be used to refresh the access token.

Sample

Alipay+ sends a request to the MPP to refresh the access token.

copy
{
  "acquirerId":"102218800000000001",
  "pspId":"102208800000000001",
  "refreshToken": "2810100334F62CBC577F468AAC87CFC6C9107811",
  "grantType": "REFRESH_TOKEN"
}

The MPP returns the access token to Alipay+.

copy
{
  "result": {
    "resultCode": "SUCCESS",
    "resultMessage": "success",
    "resultStatus": "S"
  },
  "accessToken": "281010033AB2F588D14B43238637264FCA5AAF35",
  "accessTokenExpiryTime": "2022-06-06T12:12:12+08:00",
  "refreshToken": "2810100334F62CBC577F468AAC87CFC6C9107811",
  "refreshTokenExpiryTime": "2022-06-08T12:12:12+08:00",
  "customerId":"2789808900000000000000001",
  "userLoginId":"62-***2736"
}

More information

For more information about how to handle the applyToken API request and send the response, see applyToken.