Redirect from wallet to payment method
This document provides an integration guideline for seamless redirection from the payment method to the merchant. The redirection address is determined by authRedirectUrl and authState, provided by the merchant, and authCode provided by the payment method.
Redirection process
After the user completes the authorization, whether the authorization succeeds or fails, the user is redirected from the payment method client back to the merchant client based on the redirection address. The redirection address is composed of three parts:
- authRedirectUrl: the first part of the from-payment method-to-merchant redirection address, specified in the consult request.
- Parameter of authCode and its value: the value is the authorization code provided by the payment method.
- Parameter of authState and its value: the value is the string used to identify the consult request, needs to be consistent with the authState value specified in the consult request.
An example of the redirection address is given below:
https://www.alipay.com/?authCode=d2f60253-ecdc-e9bc-27d1- 566970191040&authState=663A8FA9-D836-48EE-8AA1-1FF682989DC7As the merchant, you need to check whether the redirection address provided by the payment method has complete address information of the three parts as mentioned above. If the redirection address has complete address information and each parameter value is not null, the user authorization succeeded. Otherwise, the user authorization failed.
You are suggested to design your authorization status page that will be displayed to the user according to the scenario. You can take the following actions for each scenario:
Redirection address | Description | Action |
Complete address | The authorization succeeded. | Inform the user of the authorization success on the payment status page. |
Incomplete address with parameter lost or parameter value null | The authorization failed. | Inform the user of the authorization failure on the payment status page and ask the user whether to make the authorization again. |
Table 1. The corresponding action for different redirection cases
If the user closes the browser or app during the authorization process, the user will not be redirected to the merchant client from the payment method client. In this case, you need to obtain the authorization status via the asynchronous notification. You will receive the asynchronous notification only when the authorization succeeds, afterward, you need to inform the user of a successful payment via a notification.
About the redirection address
The user is redirected to the merchant client after the authorization is completed via the redirection address. The redirection address type is different for each client type. In addition, the address type of merchants (that are integrated with Alipay directly) and acquirers (that have secondary merchants) might be different for each client type as well. The following table shows the type of address used for each client type:
Terminal type of merchant | Merchants | Acquirers |
WEB | HTTPS address for a PC website of the merchant | HTTPS address for a PC website |
WAP | HTTPS address for a mobile web page of the merchant (WAP page) | HTTPS address for a WAP page |
APP | URL scheme that can be used for redirection to the merchant app | WAP address to a URL scheme that can be used for redirection to the merchant site |
Table 2. Addresses for each client type
Notes:
- For security reasons, the address must be an HTTPS address instead of an HTTP address.
- For the client type of APP, the acquirer uses a WAP address that can be redirected to a URL scheme, and then the URL scheme can be redirected to the merchant client. In this way, the acquirer does not need to provide different URL schemes for different sub-merchants when calling the consult API.
Parameters in the redirection address of each payment method
After completing the authorization in the payment method, the user is redirected to the merchant page via the redirection address, which contains the authstate and authcode parameters. The following table shows examples of these parameters contained in the redirection address of each payment method when the authorization is completed and the user is redirected to the merchant page successfully:
Wallet | Parameters and their values contained in the redirection address |
GCash | authState=G_D44D2368B042465888F1D089F69F4AE8&authCode=20210804AojyuD02MQ10884911622806 |
DANA | authCode=33yYAemh11fwMkAUCQ7YMRxtU9TWDGTJvddL0900&authState=G_D44D2368B042465888F1D089F69F4AE8 |
AlipayCN | authCode=28100113_16405973025670000171c0f&authState=STATE_20211227172755634 |
Touch 'n Go | authCode=2810111301SSjISNgbpU132409069675&authState=G_D44D2368B042465888F1D089F69F4AE8 |
TrueMoney | authCode=281007131d2a16e7c7b7c99af0f86e0a&authState=G_D44D2368B042465888F1D089F69F4AE8 |
AlipayHK | authState=G_D44D2368B042465888F1D089F69F4AE8&state=G_D44D2368B042465888F1D089F69F4AE8&auth_site=&merchantAgreementId=&authCode=28100413S9f52V8uYxpDybqDZfRHA779&client_id=4GGO000000000001 |
Table 3. Parameters contained in the redirection address of each payment method