Receive authorization notification
After the user completes or cancels the authorization successfully from the payment method client, Alipay will send the authorization notification if you have provided the address used for receiving the authorization notification (Notification URL). The authorization notification follows the notifyAuthorization SPI specification.
To provide the Notification URL to Antom, complete the following tasks:
- Go to Antom Dashboard > Developer > Notification URL.
- Find alipay.ams.authorizations.notify and click Add.
- Enter an address as the address to receive the authorization notification.
The following graphic shows the configuration page in Antom Dashboard:
Figure 1. Configure the notification URL
Receive the authorization notification
After providing the Notification URL, you will receive the authorization notification from Alipay for the following scenarios:
- If the user authorization succeeds, Alipay sends to you an asynchronous notification immediately to notify you of a successful authorization result.
- If the user cancels the authorization successfully from the payment method client, Alipay sends to you an asynchronous notification to notify you of the authorization cancelation result.
The following example shows an authorization notification from Alipay that notifies you of a successful authorization result. In this case, the value of authorizationNotifyType is AUTHCODE_CREATED
.
{
"authorizationNotifyType ": "AUTHCODE_CREATED ",
"authState": "489767958497 ",
"authCode": "28100113_1631148338197000019ba74",
"resultInfo ": {
"resultCode ": "SUCCESS ",
"resultMessage ": "success ",
"resultStatus ": "S "
}
}
The following example shows an authorization notification from Alipay that notifies you of an authorization cancelation result. In this case, the value of authorizationNotifyType is TOKEN_CANCELED
.
{
"authorizationNotifyType ":"TOKEN_CANCELED ",
"accessToken ":"28100103_20215703001538122119 ",
"resultInfo ":{
"resultCode ":"SUCCESS ",
"resultMessage ":"success ",
"resultStatus ":"S "
}
}
The following fields in the notifyAuthorization request need to be understood correctly:
- authState: The value of this field should be the same as the authState field specified in the consult request, which represents the request. You need to check whether the value of this field is the same as that of the authState field in the consult request.
- authCode: This field can be used to obtain an accessToken and refreshToken by calling the applyToken API.
Process the payment notification
After receiving the payment notification, you need to take the following actions:
- Verify the signature: Check whether the authorization notification is sent by Alipay.
- Return a receipt acknowledgment message: Let Alipay know that you have already received the notification.
1. Verify the signature
The payment result notification from Alipay is signed by Alipay. It is recommended to verify the signature and check whether Alipay sent the notification. You can verify the signature by yourself or by using Alipay SDK.
To verify the signature by yourself, see Sign a request and validate the signature. To use Alipay SDK, specify the values for the corresponding parameters in the SignatureTool.verify
method provided in SDKs for signature verification:
boolean isSuccess = SignatureTool.verify(httpMethod, path, clientId, rspTimeStr, rspBody, signature, alipayPublicKey);
The value of signature is from the notification header. The following example shows a notification header:
"Content-Type": "application/json",
"Request-Time": "2019-07-12T12:08:56+05:30",
"client-id": "T_111222333",
"Signature": "algorithm=RSA256,keyVersion=1,signature=jTOHqknjk%2fnDjEn8lfg%2beNODdoh2eHGJV%2blvrKaDwP782WxJ7ro49giqUu23MUM8sFVVNvhg32qHS3sd4O6uf5kAVLqztqNOPJFZcjw141EVi1vrs%2bIB4vU0%2fK%2f8z2GyWUByh2lHOWFsp%2b5QKCclXp%2bjacYqWYUur5IVbuebR1LoD5IiJ7u7J9qYriFxodkxmIAJYJyJs7mks2FWHh2YePLj3K%2f4B65idy7RBKqY1NN1XcvqnbQmlfCH8CIv75bg%2fr9sGmPE5a%2bYgL8N9Q41buGwMSq1IcNsbceMbyPhw5Z5HnJ7tPz12fvdSi0cEicPikDthQ2EQFmtpntXcAc%2fHA%3d%3d"
2. Return a receipt acknowledgment message
After verifying the signature and confirming that the notification is from Alipay, you need to return a receipt acknowledgment message to Alipay to inform Alipay of a successful receipt of the authorization notification. No digital signature is required for the process of returning a receipt acknowledge message.
The example below shows the body of the receipt acknowledgment message you send to Alipay:
{
"result": {
"resultCode": "SUCCESS",
"resultStatus": "S",
"resultMessage": "success"
}
}
If no such message is returned to Alipay due to operation or network issues for the asynchronous notification, Alipay will automatically resend the asynchronous notification within 24 hours for up to seven times or until the correct response is received. The sending intervals are as follows:
0sec, 2min, 10min, 10min, 1h, 2h, 6h, 15h