Alipay, China's leading third-party online payment solutionAlipay, China's leading third-party online payment solutionDOCS

      2. Obtaining the Alipay user ID

      #Before you begin

      You must wait until the H5 page is loaded and then start to obtain the Alipay user ID. Otherwise, the H5 page loading process is to be very slow because the H5 page will be loaded after you get the result of obtaining the Alipay user ID.

      #Obtaining the Alipay user ID

      The buyer’s Alipay ID (buyer_id) is required as one of the request parameters of the alipay.acquire.create interface. Therefore, to complete a payment transaction, firstly you must obtain the buyer’s Alipay user ID by completing the following steps:

      1. Construct the openauth link and then guide the user to visit this link.
      2. The authorization will occur silently and redirection page occurs automatically. In this case, users will be automatically redirected to the configured callback page, and the auth_code will be passed. With the auth code, the alipay.system.oauth.token API is called to obtain the Alipay user ID.

      #Constructing the openauth link

      URL format:

      copy
      https://openauth.alipay.com/oauth2/publicAppAuthorize.htm?app_id=APPID&scope=auth_base&redirect_uri=ENCODED_URL


      Description of URL parameters

      ParameterRequiredDescription
      app_idYApplication ID of the app in the Developer Center.
      scopeYInterface permission value, fixed as auth_base in this condition.
      redirect_uriYEscaped URL of the callback page (the URL must begin with http or https), for example: http%3A%2F%2Fexample.com Before the request, developers must configure the authorization callback URL in the corresponding application at Developer Center.
      stateNSelf-defined parameter by the merchant. After a user has given permission, the state value will be returned as is to the merchant after redirection. To avoid CSRF attack, it’s suggested to pass the state parameter. This state parameter must be unpredictable while at the same can prove connections exist between the user and the login authentication status of the third-party website.

      About the redirect_uri:

      The API verifies whether the redirect_uri configured in the authorization link is consistent with that in the corresponding application at the Developer Center.

      For example:

      If the link configured in the application by the developer is: https://auth.example.com/authCallBack , then the redirect_uri is https%3A%2F%2Fauth.example.com%2FauthCallBack. After configuration, URLs under this domain name (auth.example.com), such as http://auth.example.com/authCallBack、https://auth.example.com/authRedirect、https://auth.example.com/ can support OAuth 2.0 –based authentication.

      However, http://www.example.com/、http://example.com would not be supported for web-based authentication.

      #Obtaining the auth_code

      When the user is redirected to the callback page, Alipay will add request parameters into the callback including auth_code, app_id, scope and so on. An example of the request is as below:

      copy
      http://example.com/doc/toAuthPage.html?app_id=2014101500013658&source=alipay_wallet&scope=auth_base&auth_code=ca34ea491e7146cc87d25fca24c4cD11


      Among which,auth_code=ca34ea491e7146cc87d25fca24c4cD11


      #Obtaining the user ID by using auth_code

      Interface name: alipay.system.oauth.token

      For the information about request and response parameters and error codes, refer to the API doc

      The developer can obtain the Alipay user ID by using auth_code. As the token to obtain the Alipay user ID, the auth_code returned is unique in each authorization. Each auth_code can be used only once and will automatically be expired in one day.


      Sample request:

      copy
      REQUEST URL: https:/https://globalopenapi.alipay.com/gateway.do
REQUEST METHOD: POST
CONTENT:
    app_id=2014070100171525
    method=alipay.system.oauth.token
    charset=GBK
    sign_type=RSA2
    timestamp=2014-01-01 08:08:08
    sign=rXaTEfJ7WTDsP1DWRPHARW3uOr19+fzlngMCJBvbhP1XPEa9qZwGGng9oMDloABpJMT2SGeOj46+BUkqCGRO9fH90Vci3hOH01BfYnbhJz3ADK2h7gpjlponx4/sxELN6f2GXi51XKiHKnxMA9XpLLo68q+roY0M/ZFQ1UdnqeM=
    version=1.0
    grant_type=authorization_code
    code=4b203fe6c11548bcabd8da5bb087a83b


      Request parameters

      ParameterTypeDescriptionRequiredSample

      app_id

      String

      The unique ID that is assigned by Alipay to identify an application.

      Y

      2014072300007148

      method

      String

      Interface name.

      Y

      alipay.system.oauth.token

      charset

      String

      The charset with which the request data are encoded, such as GBK, UTF-8, and GB2312.

      Y

      UTF-8

      sign_type

      String

      Sign type. RSA and RSA2 are supported. RSA2 is recommended to be used.

      Y

      RSA2

      timestamp

      String

      The time when the merchant server sends the request. The format is yyyy-MM-dd HH:mm:ss.

      Y

      2014-07-24 03:07:50

      sign

      String

      The signature value. 

      Y

      Refer to the sample request

      version

      String

      The API version. The value is fixed as 1.0.

      Y

      1.0

      grant_typeStringFixed as authorization_code in this situation

      Y

      		authorization_code
      code StringThe auth_code obtained by the developer in step 2 

      Y

      		4b203fe6c11548bcabd8da5bb087a83b


      Synchronous response sample

      copy
      {
    "alipay_system_oauth_token_response": {
        "code": "10000",
        "msg": "Success",
        "access_token": "publicpBa869cad0990e4e17a57ecf7c5469a4b2",
        "user_id": "2088411964574197",
        "alipay_user_id": "20881007434917916336963360919773",
        "expires_in": 300,
        "re_expires_in": 300,
        "refresh_token": "publicpB0ff17e364f0743c79b0b0d7f55e20bfc"
    },
    "sign": "xDffQVBBelDiY/FdJi4/a2iQV1I7TgKDFf/9BUCe6+l1UB55YDOdlCAir8CGlTfa0zLYdX0UaYAa43zY2jLhCTDG+d6EjhCBWsNY74yTdiM95kTNsREgAt4PkOkpsbyZVXdLIShxLFAqI49GIv82J3YtzBcVDDdDeqFcUhfasII="
}


      Synchronous response parameters

      ParameterTypeDescription

      Required

      		Sample

      code

      String

      Gateway return code, which indicates whether the request is accepted by Alipay gateway.

      Y

      10000

      msg

      String

      Description of the gateway return code.

      Y

      Success

      access_token

      String

      		Token used to obtain the user's information.

      Y

      		publicpBa869cad0990e4e17a57ecf7c5469a4b2
      user_idStringThe unique Alipay user ID.

      Y

      		2088411964574197
      alipay_user_idObsoleteObsoleteObsoleteObsolete
      expires_inNumberThe validity time of the token. Unit: second.

      Y

      		300
      re_expires_inNumberRefresh the validity time of the token. Unit is second. 

      Y

      		300
      refresh_tokenStringBy this token you can refresh the access_token token.

      Y

      		publicpB0ff17e364f0743c79b0b0d7f55e20bfc

      sign

      String

      The signature value.

      Y

      Refer to the sample response

      In this condition we only focus on user_id