Alipay, China's leading third-party online payment solutionAlipay, China's leading third-party online payment solution

      verifyAuthentication

      Use the verifyAuthentication API to verify the legality of the one-time password (OTP) received by the user. 

      Structure

      A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see: 

      Note: Set the data type of each field (except array) as String. This means that you must use double quotation marks (" ") to enclose the field value. Examples:

      • If the data type of a field is Integer and its value is 20, set it as "20". 
      • If the data type of a field is Boolean and its value is true, set it as "true". 

      Request parameters

      authenticationType StringRequired

      Indicates the authentication type. Value:

      • OTP: One-time password
      authenticationRequestId StringRequired

      The unique ID of an authentication generated by merchants. The value of this field must be identical to that of authenticationRequestId in the initAuthentication interface.

      More information about this field:

      • This field is an API idempotency field. Merchant uses the authenticationRequestId field for idempotency control. For initAuthentication requests that are initiated with the same value of authenticationRequestId and reach a final status (S or F), the same result is to be returned for the request.
      • Maximum length: 64 characters
      authenticationValue StringRequired

      Authentication value

      More information about this field:

      • Maximum length: 256 characters

      Response parameters

      result ResultRequired

      The request result contains information such as status and error codes.

      resultCode StringRequired

      Result code

      More information about this field:

      • Maximum length: 64 characters
      resultStatus StringRequired

      Result status. Valid values are:

      • S: Indicates that the result status is successful. 
      • F: Indicates that the result status failed. 
      • U: Indicates that the result status is unknown.
      resultMessage StringOptional

      Result message

      More information about this field:

      • Maximum length: 256 characters
      isPassed BooleanOptional
      Indicates whether the authentication is passed.

      Error codes

      Error codes are usually classified into the following categories:

      • Common error codes: common for all online and in-store payment APIs.
      • API-specific error codes: listed in the following table.  

      Result/Error codes

      CodeValueMessageFurther action
      SUCCESSSSuccess

      The verification is successful, no further action is needed.

      CLIENT_INVALIDFThe client is invalid.

      Check whether the clientId is correct.

      METHOD_NOT_SUPPORTEDFThe server does not implement the requested HTTP method.

      Check whether the HTTP method is correct.

      USER_NOT_EXISTFThe user does not exist.

      Prompt the user to check whether the user exists.

      USER_STATUS_ABNORMALFThe user status is abnormal.

      Prompt the user that the user status is abnormal.

      INVALID_ACCESS_TOKENFThe access token is invalid.

      Check whether the accessToken has expired.

      VERIFY_TIMES_EXCEED_LIMITFThe verification code was failed too many times. The user must get a new verification.

      Try again later

      VERIFY_UNMATCHEDFThe verification code is invalid.

      Check whether the verification code is correct.

      AUTHENTICATION_REQUEST_ID_INVALIDThe value of authenticationRequestId is invalid

      Change authenticationRequestId and call the interface again.

      Request/Response Code

      Request

      Method

      POST

      Endpoint

      /v1/users/verifyAuthentication

      Header

      Accept: application/json

      URL

      Domain name

      Request Body
      Request parameters
      Response Body
      Body content