Alipay, China's leading third-party online payment solutionAlipay, China's leading third-party online payment solution

      initAuthentication

      Use the initAuthentication API to verify the user's identity with an OTP (one time password). With this interface, merchants are provided with various types of OTPs, and the OTPs can be sent to the user through the specified message channel.

      Structure

      A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see: 


      Note: Set the data type of each field (except array) as String. This means that you must use double quotation marks (" ") to enclose the field value. Examples:

      • If the data type of a field is Integer and its value is 20, set it as "20". 
      • If the data type of a field is Boolean and its value is true, set it as "true". 

      Request parameters

      authenticationType StringRequired

      Indicates the authentication type. Value:

      • OTP: One-time password

      More information about this field:

      • Maximum length: 16 characters
      authenticationRequestId StringRequired

      The unique ID of an authentication generated by merchants.

      More information about this field:

      • This field is an API idempotency field. Merchant uses the authenticationRequestId field for idempotency control. For initAuthentication requests that are initiated with the same value of authenticationRequestId and reach a final status (S or F), the same result is to be returned for the request.
      • Maximum length: 64 characters
      authenticationChannelType StringRequired

      Indicates the authentication channel type. Valid values are: 

      • EMAIL: Email 
      • SMS: Message

      More information about this field:

      • Maximum length: 16 characters
      userIdentityType StringRequired

      Indicates the user identity type. Value:  

      • WALLET_TOKEN: Wallet access token

      More information about this field:

      • Maximum length: 16 characters
      userIdentityValue StringRequired

      User identity value

      More information about this field:

      • Maximum length: 128 characters

      Response parameters

      result ResultRequired

      The request result contains information such as status and error codes.

      resultCode StringRequired

      Result code

      More information about this field:

      • Maximum length: 64 characters
      resultStatus StringRequired

      Result status. Valid values are:  

      • S: Indicates that the result status is successful. 
      • F: Indicates that the result status failed. 
      • U: Indicates that the result status is unknown.
      resultMessage StringOptional

      Result message

      More information about this field:

      • Maximum length: 256 characters
      authenticationRequestId StringOptional

      The unique ID of an authentication generated by merchants.

      More information about this field:

      • This field is an API idempotency field. Merchant uses the authenticationRequestId field for idempotency control. For initAuthentication requests that are initiated with the same value of authenticationRequestId and reach a final status (S or F), the same result is to be returned for the request.
      • Maximum length: 64 characters

      Error codes

      Error codes are usually classified into the following categories:

      • Common error codes: common for all online and in-store payment APIs.
      • API-specific error codes: listed in the following table.  

      Result/Error codes

      CodeValueMessageFurther action
      SUCCESSSSuccess

      Initialize authentication successful, no further action is needed.

      CLIENT_INVALIDFThe client is invalid.

      Check whether the clientId is correct.

      USER_NOT_EXISTFThe user does not exist.

      Prompt the user to check whether the user exists.

      USER_STATUS_ABNORMALFThe user status is abnormal.

      Prompt the user that the user status is abnormal.

      SEND_TIMES_EXCEED_LIMITFSending limit exceeds.

      Try to send again later.

      METHOD_NOT_SUPPORTEDFThe server does not implement the requested HTTP method.

      Check whether the HTTP method is correct.

      INVALID_ACCESS_TOKENFThe access token is invalid.

      Check whether the accessToken has expired.

      Request/Response Code

      Request

      Method

      POST

      Endpoint

      /v1/users/initAuthentication

      Header

      Accept: application/json

      URL

      Domain name

      Request Body
      Request parameters
      Response Body
      Body content