Alipay, China's leading third-party online payment solutionAlipay, China's leading third-party online payment solution

initAuthentication

POST /v1/users/initAuthentication

Use the initAuthentication API to verify the user's identity with an OTP (one time password). With this interface, merchants are provided with various types of OTPs, and the OTPs can be sent to the user through the specified message channel.

Structure

A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see: 


Note: Set the data type of each field (except array) as String. This means that you must use double quotation marks (" ") to enclose the field value. Examples:

  • If the data type of a field is Integer and its value is 20, set it as "20". 
  • If the data type of a field is Boolean and its value is true, set it as "true". 

Request parameters

authenticationType String  REQUIRED

Indicates the authentication type. Value:

  • OTP: One-time password

More information:

  • Maximum length: 16 characters

authenticationRequestId String  REQUIRED

The unique ID of an authentication generated by merchants.

More information:

  • This field is an API idempotency field.Merchant uses the authenticationRequestId field for idempotency control. For initAuthentication requests that are initiated with the same value of authenticationRequestId and reach a final status (S or F), the same result is to be returned for the request.
  • Maximum length: 64 characters

authenticationChannelType String  REQUIRED

Indicates the authentication channel type. Valid values are: 

  • EMAIL: Email 
  • SMS: Message

More information:

  • Maximum length: 16 characters

userIdentityType String  REQUIRED

Indicates the user identity type. Value:  

  • WALLET_TOKEN: Wallet access token

More information:

  • Maximum length: 16 characters

userIdentityValue String  REQUIRED

User identity value

More information:

  • Maximum length: 128 characters

Response parameters

result Result  REQUIRED

The request result contains information such as status and error codes.

Show child parameters

authenticationRequestId String  

The unique ID of an authentication generated by merchants.

More information:

  • Maximum length: 64 characters
API Explorer
Sample CodesRun in Sandbox

Request

URL

Request Body

Response

Response Body

Error codes

Error codes are usually classified into the following categories:

  • Common error codes: common for all online and in-store payment APIs.
  • API-specific error codes: listed in the following table.  

Result/Error codes

CodeValueMessageFurther action
SUCCESSSSuccess

Initialize authentication successful, no further action is needed.

CLIENT_INVALIDFThe client is invalid.

Check whether the clientId is correct.

USER_NOT_EXISTFThe user does not exist.

Prompt the user to check whether the user exists.

USER_STATUS_ABNORMALFThe user status is abnormal.

Prompt the user that the user status is abnormal.

SEND_TIMES_EXCEED_LIMITFSending limit exceeds.

Try to send again later.

METHOD_NOT_SUPPORTEDFThe server does not implement the requested HTTP method.

Check whether the HTTP method is correct.

INVALID_ACCESS_TOKENFThe access token is invalid.

Check whether the accessToken has expired.