Alipay, China's leading third-party online payment solutionAlipay, China's leading third-party online payment solution


POST /v1/users/verifyAuthentication

Use the verifyAuthentication API to verify the legality of the one-time password (OTP) received by the user. 


A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see: 

Note: Set the data type of each field (except array) as String. This means that you must use double quotation marks (" ") to enclose the field value. Examples:

  • If the data type of a field is Integer and its value is 20, set it as "20". 
  • If the data type of a field is Boolean and its value is true, set it as "true". 

Request parameters

authenticationType String  REQUIRED

Indicates the authentication type. Value:

  • OTP: One-time password

authenticationRequestId String  REQUIRED

The unique ID of an authentication generated by merchants. The value of this field must be identical to that of authenticationRequestId in the initAuthentication interface.

More information:

  • Maximum length: 64 characters

authenticationValue String  REQUIRED

Authentication value

More information:

  • Maximum length: 256 characters

Response parameters

result Result object REQUIRED

The request result contains information such as status and error codes.

Show child parameters

isPassed Boolean  

Indicates whether the authentication is passed.
API Explorer
Sample CodesRun in Sandbox


Request Body


Response Body

Error codes

Error codes are usually classified into the following categories:

  • Common error codes: common for all online and in-store payment APIs.
  • API-specific error codes: listed in the following table.  

Result/Error codes

CodeValueMessageFurther action

The verification is successful, no further action is needed.

CLIENT_INVALIDFThe client is invalid.

Check whether the clientId is correct.

METHOD_NOT_SUPPORTEDFThe server does not implement the requested HTTP method.

Check whether the HTTP method is correct.

USER_NOT_EXISTFThe user does not exist.

Prompt the user to check whether the user exists.

USER_STATUS_ABNORMALFThe user status is abnormal.

Prompt the user that the user status is abnormal.

INVALID_ACCESS_TOKENFThe access token is invalid.

Check whether the accessToken has expired.

VERIFY_TIMES_EXCEED_LIMITFThe verification code was failed too many times. The user must get a new verification.

Try again later

VERIFY_UNMATCHEDFThe verification code is invalid.

Check whether the verification code is correct.

AUTHENTICATION_REQUEST_ID_INVALIDFThe value of authenticationRequestId is invalid

Change authenticationRequestId and call the interface again.