mobile.securitypay.pay
Call this interface to initiate an app payment request.
Request
Service address
Environment | HTTPS request URL |
Production environment | |
Test environment |
Request parameters
| Parameter | Description |
service String | Interface name
|
partner String(16) | The partner ID that is assigned by Alipay to identify an Alipay account. The partner ID is composed of 16 digits and begins with 2088.
|
_input_charset String | The charset with which the request data are encoded. UTF-8 is supported.
|
sign_type String | Sign type. RSA and RSA2 are supported. Use uppercase. Note: RSA2 cannot be used for synchronous notification verification.
|
sign String | Sign value
|
return_url URL(200) | After the payment is completed, the web page is redirected to this URL.
|
notify_url URL(200) | The URL for receiving asynchronous notifications after the payment is completed.
|
appenv String | A string used to identify client source. Parameter value is agreed as follows: appenv="system=client platform name ^version=business system version".
|
out_trade_no String(64) | The unique transaction ID that is assigned by the merchant. If the ID is duplicated with the out_trade_no of a previous transaction, the payment fails and an error message is returned to indicate the payment is duplicated.
|
subject String(256) | Brief description of the transaction. Special characters are not supported. Note: The value of this field will be displayed to customers.
|
payment_type String(4) | Payment type. The default value is 1, which stands for purchase of goods.
|
seller_id String(16) | Seller ID. The value can be the unique Alipay account ID of the seller in an email or mobile number format, or the partner ID that contains 16 digits and begins with 2088.
|
total_fee Number(9,2) | The transaction amount, which is a floating number in the range 0.01 - 1000000.00. If total_fee is not null, the transaction uses a currency that is not CNY and the product price is to be calculated in RMB based on the exchange rate.
|
rmb_fee Number(9,2) | The transaction amount in RMB, which is a floating number in the range 0.01 - 1000000.00. This parameter is used to replace the total_fee parameter when merchants want to price their product in RMB. If total_fee is used, don't specify the rmb_fee parameter because they are mutually exclusive.
|
body String(1000) | Detailed description about the goods. Special characters are not supported.
|
currency String(10) | The currency for the payment. Use upper case. For more information about supported currencies, see Supported Currencies.
|
forex_biz String(10) | The value of this field is FP.
|
it_b_pay String | Specifies the expiration time of unpaid transactions. The trade is closed automatically once the time is up. The value of this field is in the range of 1m - 15d or can be an absolute time such as 2014-06-13 16:00:00. Notes:
|
extern_token String(32) | The token that includes account information, returned by open platform. With the authorization token, merchants can access some services of Alipay within a specified period.
|
secondary_merchant_id String(64) | The unique ID assigned by the partner to identify a secondary merchant. The ID can contain letters, numbers, and underscores. Note: This field is required for acquirers and system integrators with secondary merchants, and is not required for merchants that are directly integrated with Alipay.
|
secondary_merchant_name String(64) | Registration legal name of the secondary merchant, shown in the Alipay Wallet and the reconciliation file to identify a secondary merchant. Note: This field is required for acquirers and system integrators with secondary merchants, and is not required for merchants that are directly integrated with Alipay.
|
secondary_merchant_industry String(4) | Industry classification identifier of the secondary merchant, which is assigned by Alipay. For more information about the MCC code, see MCC list. Note: This field is required for acquirers and system integrators with secondary merchants, and is not required for merchants that are directly integrated with Alipay.
|
refer_url URL(200) | The URL of the merchant website homepage. If the merchant doesn't have a website, the merchant app download address can be used for this field. Note: This field is required for merchants that are directly integrated with Alipay, and is optional for acquirers. Example:http://testmerchant.com/t_address |
product_code String(32) | Product code of the Alipay product that you use, with a value of NEW_WAP_OVERSEAS_SELLER for this interface. Note: This field is not required for the old cross-border in-app payment product. Contact technical support if you are not sure about your product type.
|
split_fund_info String(1600) | Split fund information, which is in the JSON format. For more details, see Split Detail Info. |
trade_information String(6000) | Information about the trade industry.See trade_information for details. Note: This field is required for merchants that are directly integrated with Alipay, and is optional for acquirers.
|
trade_information
| Parameter | Description |
business_type String | Business type. 5 types are supported: 1: Hotel 2: AIR 3: Overseas study consulting 4: Sales of goods 5: Others, including all the other business types that do not fall into the above 4 categories. For example, mobile data service recharge, airport pick up service, etc. If more than one type is involved, separate type values with vertical bar (|).
|
hotel_name String | Hotel name that consists of numbers, letters, spaces, and special characters including ,.<>()[]/\-,. If more than one hotel name exists, separate values with vertical bar (|). Specify this field only when business_type is 1 (Hotel).
|
check_in_time Date | Check-in time. Format: yyyy-MM-dd. Timezone: GMT +8. Specify this field only when business_type is 1 (Hotel).
|
check_out_time Date | Check-out time. Format: yyyy-MM-dd. Timezone: GMT +8. Specify this field only when business_type is 1 (Hotel).
|
flight_number String | Flight number. If flight transfer exists, separate flight numbers with vertical bar (|). Specify this field only when business_type is 2 (AIR).
|
departure_time Date | Departure time.Format: yyyy-MM-dd HH:mmTimezone: GMT +8. If flight transfer exists, separate time values with vertical bar (|). Specify this field only when business_type is 2 (AIR).
|
admission_notice_url String | If business_type is 3 (Overseas study consulting), the URL of admission notice (image) must be specified.
|
goods_info String | Goods information that includes SKU names and corresponding quantities, in the format of SKU_name^quantity. If more than one goods exists, separate values with vertical bar (|). Specify this field only when business_type is 4 (Sales of goods).
|
total_quantity Number | Total quantities of all goods in one order. Specify this field only when business_type is 4 (Sales of goods).
|
other_business_type String | If business_type is 5 (Others), specify the business type in details.
|
Notes:
1、Extra parameters to seller/merchant's request parameter attached by sellers should not be duplicated with the stipulated key (see table 6 below) in Alipay system, otherwise it will lead to unknown exceptions. For example, in the request parameters with a format of out_trade_no="1234566"&total_fee="123.5"&rn_check="TRE", out_trade_no, total_fee, and rn_check are all reserved payment processing keys. If sellers take out_trade_no and total_fee as parameters from Alipay and rn_check="TRE" as sellers' own business data, an analysis error will be caused because rn_check is a reserved key of Alipay and Alipay regards rn_check as the parameter from Alipay. The analysis error will lead to an unexpected exception of payment.
2、Alipay suggests that sellers do not add any keys to the request parameters except the reserved key specified by Alipay All keys should be connected via &. For example, out_trade_no="1234566"&total_fee="123.5"&homepage="http://www.***.com" , where homepage is sellers' own business key; Alipay do not advise to attach any keys related to the data of business system that is irrelevant to the payment in the request parameters.
3、Reserved key of Alipay should not appear in the values of all keys (Alipay reserved key or sellers' own key) such as out_trade_no, total_fee, and seller_id. Otherwise the relevant transactions will be intercepted by Alipay and payment will be prohibited. Take the request below as an example,
out_trade_no="1234566"&total_fee="123.5"&homepage="http://www.***.com"&body="testout_trade_no=123 total_fee=123.5"&memo="memo seller_id=2088123213"In this request, Alipay's reserved keys out_trade_no , total_fee, and seller_id are included in the memo field, therefore, this type of business requests will be intercepted by Alipay.
4、If the parameter with String type has no limitation of length, the system doesn't verify the length of this parameter.
5、The decimal place accuracy of amounts, such as the values of total_fee, depends on the value of currency. If the value of currency isJPY, then the amount must be an integer. For example, 100 JPY. For other currencies, the amount is of two decimal place accuracy. For example, 100.00 USD. Amounts in other formats will cause error, for example, 100.999 USD. The value of rmb_fee is also of two decimal places because the currency is CNY.
Response
Synchronous response
After the synchronous notification is processed by Alipay SDK, the payment result will be synchronously fed back to the merchant app.
The data returned by the synchronous notification must be verified by the merchant on the server side. After the verification is passed, the payment can be considered successful. In some cases, the synchronous result cannot be received correctly. Then, the payment result can be completely dependent on the asynchronous notification received in merchant server.
Note:
Both the synchronous notification and asynchronous notification can be used as the payment completion certificate. The asynchronous notification will be surely sent to the merchant server from Alipay. However, to simplify the integration process, merchants can only use the synchronous result as a notification of the end of payment (ignore the verification), and completely rely on the server-side received asynchronous notification to decide whether the payment is successful.
| Parameter | Description |
resultStatus String | Status code, which is returned from the operation. For more details, see Codes Returned to Client End.
|
result String | Result data returned from the operation. The part before &success="true"&sign_type="RSA"&sign="xxx" is the original request data of the merchant. The value of "success" is used to indicate the result of the payment. The value of "sign" is the signature of Alipay for the result of the payment. The merchant needs to verify this signature with the Alipay public key.
|
memo String | Parameter reserved. In most cases, no value for this parameter. |
To get the iOS synchronous response parameters, refer to "iOS->Callback API".
To get the Android synchronous response parameters, instantiate PayTask object in new thread, call pay method, and notify main thread via Handler object to obtain payment result. The alipay_sdk_demo project implementation can be referred.
Asynchronous response
After processing the request data, Alipay will notify seller's website of the processed result data in a server-actively-notifying manner. These processed result data are the asynchronous response parameters of the server.
Notification trigger condition
Trigger condition name | Description on trigger condition | Note |
TRADE_FINISHED | Trade is completed successfully | true (trigger notification) |
WAIT_BUYER_PAY | Trade creation | false (does not trigger notification) |
TRADE_CLOSED | Trade closed | true (trigger notification) |
Description: detailed value of true (trigger notification) / false (does not trigger notification) remains synchronous with the value at the time of signing and configuration.
Acquisition of server asynchronous response
Things to know about the asynchoronous response from Alipay:
Ensure that the Notification Page (
notify_url) is absolutely blank, without space, html tag, or any error messages threw from the program system.
Alipay sends the notification information in POST method, you can retrieve the parameter details by using, for example,
Form("out_trade_no"),$_POST['out_trade_no'].
This response will be used, if Alipay actively notifies.
Interaction between servers, unlike interaction between websites, is usually not visible.
After the program is executed, the page must print "success" (without quote). If not, Alipay server keeps re-sending notification for the next 24 hours and 22 minutes. Generally, there are eight notifications within 25 hours (Frequency: 2m, 10m, 15m, 1h, 2h, 6h, 15h).
After the program is executed, the page will not be redirected if Alipay doesn't recognize a "success" string. The Alipay system would regard it as an error and keep sending notification.
Cookies and sessions would be invalid on this page, which means these data would not be captured.
The configuration and testing of this system must be on a server, via internet.
The asynchronous notification prevents loss of transactions even if the synchronous redirection fails, therefore, with the asynchronous notification, the order on the partner system can still be updated.
As long as the partner receives the server's asynchronous response and prints "success", the parameter
notify_idbecomes invalid. This means when Alipay sends the same asynchronous notification (including the re-sending notifications because of no "success"), the parameternotify_iddoesn't change.Alipay might add new parameters (existing parameters will not change) along the way. When doing notification verification, merchants must use all parameters returned from Alipay.
Validation of notification
Alipay sends processed result data to sellers. After receiving these result data, sellers must validate the notification parameters by following the these steps:
- Verify the signature.
- Verify whether the notification is sent by Alipay.
- Process business data:
- Sellers need to check whether
out_trade_noin the notice data is the order number created in seller's system, and judge whethertotal_feeis the actual amount of this order (i.e. the amount when seller's order is created), and meanwhile needs to verify whetherseller_id(orseller_email) in the notification is the correct operator of this order ofout_trade_no(sometimes, one seller may have severalseller_id/seller_email). Failure in verifying any of the above indicates that this notification is abnormal and should be ignored. - After successfully verifying the above, sellers must conduct different business processing in accordance with different types of business notification of Alipay, and filter repeated notification result data. Only when the trade notification status is
TRADE_FINISHED, Alipay can recognize the successful payment of the seller. If sellers need to verify the signature of synchronously returned data, it must be implemented via signature verification code logic at the server. If sellers fail to process business notice correctly, potential risks may exist, and sellers will bear all loss at their own cost.
Note:
The notification of a trade status TRADE_FINISHED is triggered when the products/services signed by sellers fail to support the refund function but the buyer has paid successfully; or when the products/services signed by sellers support the refund function and the transaction has been made successfully, but the refund period is over.
Trade status
Enumeration name | Description |
WAIT_BUYER_PAY | The trade is created and waits for the buyer to pay. |
TRADE_CLOSED | The trade is closed due to absence of payment in the specified time. |
TRADE_FINISHED | The trade has been made successfully and the refund can be requested. |
Verifying the notification
The verification relates to the parameter notify_id, which is used to verify the legitimacy of the Alipay asynchronous notification by calling the notify verification API (notify_verify). This API request uses simulation of the remote HTTP submission; the callback mode is "output result at the current page directly"; the return data are in the text format.
The full request link is shown below:
https://mapi.alipay.com/gateway.do?service=notify_verify&partner=2088002396712354¬ify_id=RqPnCoPT3K9%252Fvwbh3I%252BFioE227%252BPfNMl8jwyZqMIiXQWxhOCmQ5MQO%252FWd93rvCB%252BaiGgThere are two types of outcome from processing results:
Successful: true
Unsuccessful: report the corresponding error
Codes returned to client end
Return code | Description |
9000 | Successful order payment |
8000 | Under processing, unknown payment result (payment might have been made successfully), please inquiry order payment status in sellers' orders list. (This code returns from Alipay server side.) |
4000 | Failed order payment |
6001 | Canceled by user during the process |
6002 | Error in network connection |
6004 | Unknown payment result (payment might have been made successfully), please inquiry order payment status in sellers' orders list. (Usually caused by network issue, causing Alipay client cannot receive response from Alipay server side) |
Others | Other payment errors |
Business logic management
Merchants' business logic for processing
Generally, it is suggested that the important processing codes of merchants' business logic are to be written in the following ways:
- Signature verification and
notify_idlegitimacy verification aretrue. - In the page file of "active callback" (asynchronous notification
notify_url), only if the business logic processing codes are executed and the business logic are changed successfully, the current page "success" can be printed. The page redirect function should not exist.
Notes:
- It is compulsory to check the verification signature and verify the legitimacy of
notify_id. - It is compulsory to check the possibility of repetitive calling.
- Perform different codes according to the actual business logic conditions. Particularly execute different parts of codes according to the different transaction status.
- In the page files of active callback mode, it is recommended to check if "success" is successfully printed and other information exists;
- The page files under the active callback mode do not exist in "cookie" and "session".
- Page redirecting action cannot be implemented on page files that are required to print "success" under the active callback mode.
Attentions
- About the signature: during the integration process, the signature needs to be used at the server side and the private key needs to be properly kept. Remember not to place the private key at the client side.
- About the notification address: the notification address needs to adopt the format of HTTPS to ensure that the order information of seller is not disclosed.
- About the testing scenario of sellers' payment process: test the system with Alipay wallet installed and the system without Alipay wallet installed. Ensure that both scenarios can enable successful payments.
Error codes
A list of error codes and description is shown below:
Error codes | Description |
ILLEGAL_SIGN | Incorrect signature |
ILLEGAL_DYN_MD5_KEY | Dynamic Private key information error |
ILLEGAL_ENCRYPT | Incorrect encryption |
ILLEGAL_ARGUMENT | Incorrect parameter |
ILLEGAL_SERVICE | Incorrect API name |
ILLEGAL_PARTNER | Incorrect cooperating partner ID |
ILLEGAL_EXTERFACE | Incorrect API configuration |
ILLEGAL_PARTNER_EXTERFACE | Incorrect cooperating partner API configuration |
ILLEGAL_SECURITY_PROFILE | Private key configuration without matching detected |
ILLEGAL_AGENT | Incorrect agency ID |
ILLEGAL_SIGN_TYPE | Incorrect signature type |
ILLEGAL_CHARSET | Illegal character set |
ILLEGAL_CLIENT_IP | No right integration service of customer's IP address |
ILLEGAL_DIGEST_TYPE | Incorrect abstract type |
ILLEGAL_DIGEST | Incorrect file abstract |
ILLEGAL_FILE_FORMAT | Incorrect file format |
ILLEGAL_ENCODING | Do not support the coding type |
ILLEGAL_REQUEST_REFERER | Anti-phishing inspection does not support the request resource |
ILLEGAL_ANTI_PHISHING_KEY | Illegal timestamp parameter of anti-phishing inspection |
ANTI_PHISHING_KEY_TIMEOUT | Overtime of anti-phishing inspection timestamp |
ILLEGAL_EXTER_INVOKE_IP | Illegal callback IP of anti-phishing inspection |
ILLEGAL_NUMBER_FORMAT | Illegal digital format |
ILLEGAL_INTEGER_FORMAT | Illegal "int" type format |
ILLEGAL_MONEY_FORMAT | Illegal amount format |
ILLEGAL_DATA_FORMAT | Wrong data format |
REGEXP_MATCH_FAIL | Failed matching of regular expression |
ILLEGAL_LENGTH | Illegal parameter value length |
PARAMTER_IS_NULL | Null parameter |
HAS_NO_PRIVILEGE | No privilege to use the service |
SYSTEM_ERROR | Wrong Alipay system |
SESSION_TIMEOUT | Session overtime |
ILLEGAL_TARGET_SERVICE | Wrong "target_service" |
ILLEGAL_ACCESS_SWITCH_SYSTEM | "partner" does not allow the system of the type. |
ILLEGAL_SWITCH_SYSTEM | Abnormal switching system |
EXTERFACE_IS_CLOSED | Closed API |
SECONDARY_MERCHANT_ID_BLANK | The secondary merchant ID is not provided to Alipay. |
SECONDARY_MERCHANT_ID_INVALID | The secondary merchant is not registered with Alipay. |
SECONDARY_MERCHANT_STATUS_ERROR | The status of secondary merchant is abnormal in the Alipay system. |
Samples
Request
Request sample for merchants directly integrated with Alipay
_input_charset="UTF-8"&appenv="system=android^version=3.0.1.2"¤cy="USD"&forex_biz="FP"¬ify_url="http://www.mikascoffee.com/notify"&out_trade_no="out_trade_no_20190826_204550"&partner="208xxxxxxxxx6931"&payment_type="1"&product_code="NEW_WAP_OVERSEAS_SELLER"&refer_url="http://www.mikascoffee.com"&return_url="http://www.mikascoffee.com/return"&seller_id="2088021017666931"&service="mobile.securitypay.pay"&sign="gFXGKhF4Tdh%2FRppQUKn62AaYB3kEz03Wi3nuKlgCrO49B8UpJvHl9oAGgsKyKyz5RPUoqa1dttjZkYmpJr4YgLot9LLIq8sWbKi0n7LnlwNAfXTaTdcETV75muoEAQgrfzLNVttoPti%2BJF075fXUOPCBYo2cBQIZehE4fZQxPbaMplwQrU6rprNutJFl%2B56uy73B6VT9o8lwU%2FNgjRgIZgYhJGVtLCNUbiHM4PwPSQJrAovzDVbQOsOcS%2BViHe5wgQjk8BrkqbgcZ5aMVRWQjg3HzvJ8jog3AaYjtehx2TaMFcugL%2BoZv2MOjeVHpczNqhkYmSdj1ttIOL2v92cZZQ%3D%3D"&sign_type="RSA"&subject="Mika's capsule coffee"&total_fee="12"&trade_information="{"business_type":"4","goods_info":"Mika's capsule coffee^1","total_quantity":"1"}"
Request sample for acquirers and system integrators with secondary merchants
_input_charset="UTF-8"&appenv="system=android^version=3.0.1.2"¤cy="USD"&forex_biz="FP"¬ify_url="http://www.mikascoffee.com/notify"&out_trade_no="out_trade_no_20190826_204550"&partner="208xxxxxxxxx6931"&payment_type="1"&product_code="NEW_WAP_OVERSEAS_SELLER"&return_url="http://www.mikascoffee.com/return"&secondary_merchant_id="1314520"&secondary_merchant_industry="5499"&secondary_merchant_name="China Substation"&seller_id="208xxxxxxxxx6931"&service="mobile.securitypay.pay"&sign="b8tOyjuPOun3idy1f%2BBDZHMDo0F68mfcqILD%2FatSZ7BXbK1yRJx6YxfJKYzarUtb%2BE9g6NwRitwxCM2qhotkP%2F8zeGd8iTabhr2fX810VoPkyJkxYchnHbZmQyxCI%2FwZDTKqYjpSstIUN1ZBkOUbzt4B%2FKi1MgdyK5qTw0ianipRVK%2BNWxDUr5wgG0IZ4rvxxOsk4CqQXaLbM2OV2yA24qQrQuy9zYyax387fDfOTxEU3tKHu82BCVnP1kWjcngaKM5ZYvSpD56GyrTwLTHEIhm2KMRV3wdV7AasOOOH1xkRJIoOMiMZz0HiLO%2FPMninaT4zYnUVsinbZqwKw0HzyA%3D%3D"&sign_type="RSA"&subject="Mika's capsule coffee"&total_fee="12"
Response
Synchronous response sample
{resultStatus=9000, result=_input_charset="UTF-8"&appenv="system=android^version=3.0.1.2"¤cy="USD"&forex_biz="FP"¬ify_url="http://www.mikascoffee.com/notify"&out_trade_no="out_trade_no_20190826_204539"&partner="208xxxxxxxxx6931"&payment_type="1"&product_code="NEW_WAP_OVERSEAS_SELLER"&refer_url="http://www.mikascoffee.com"&return_url="http://www.mikascoffee.com/return"&seller_id="208xxxxxxxxx6931"&service="mobile.securitypay.pay"&subject="Mika's capsule coffee"&total_fee="0.01"&trade_information="{"business_type":"4","goods_info":"Mika's capsule coffee^1","total_quantity":"1"}"&success="true"&sign_type="RSA"&sign="ZL7835QAkmm66hSQKQ5dPhT7ECtljq6sZltmu8AMb8Cu1bbY6/4nsGtbwbn/VieWn4851zkFHviMq9ze+N5eRUJYYG2hW8pfd5V2jpGcaeIV8GNY0/E02u0fMILrcV/hj/nPHtIsdi2cPOHMCeCyU4NeVUkZt9BxiTffWxqpjIk=", memo=}
resultStatus=9000
result=
_input_charset="UTF-8"
appenv="system=android^version=3.0.1.2"
currency="USD"
forex_biz="FP"
notify_url="http://www.mikascoffee.com/notify"
out_trade_no="out_trade_no_20190826_204539"
partner="208xxxxxxxxx6931"
payment_type="1"
product_code="NEW_WAP_OVERSEAS_SELLER"
refer_url="http://www.mikascoffee.com"
return_url="http://www.mikascoffee.com/return"
seller_id="208xxxxxxxxx6931"
service="mobile.securitypay.pay"
subject="Mika's capsule coffee"
total_fee="0.01"
trade_information="{"business_type":"4","goods_info":"Mika's capsule coffee^1","total_quantity":"1"}"
success="true"
sign_type="RSA"
sign="ZL7835QAkmm66hSQKQ5dPhT7ECtljq6sZltmu8AMb8Cu1bbY6/4nsGtbwbn/VieWn4851zkFHviMq9ze+N5eRUJYYG2hW8pfd5V2jpGcaeIV8GNY0/E02u0fMILrcV/hj/nPHtIsdi2cPOHMCeCyU4NeVUkZt9BxiTffWxqpjIk="
memo=Asynchronous response sample
http://www.mikascoffee.com/notify?notify_id=201xxxxxxxxxxxxxxxxxxxxxxxxxxx2208¬ify_type=trade_status_sync&sign=$$$&trade_no=201xxxxxxxxxxxxxxxxxxxxx7415&buyer_id=208xxxxxxxxx6535&total_fee=0.01&forex_rate=7.20211000&out_trade_no=out_trade_no_20190826_204539&rmb_fee=0.07&seller_id=208xxxxxxxxx6931¤cy=USD¬ify_time=2019-08-26 22%3A11%3A32&trade_status=TRADE_FINISHED&sign_type=RSA
http://www.mikascoffee.com/notify
notify_id=201xxxxxxxxxxxxxxxxxxxxxxxxxxx2208
notify_type=trade_status_sync
sign=$$$
trade_no=201xxxxxxxxxxxxxxxxxxxxx7415
buyer_id=208xxxxxxxxx6535
total_fee=0.01
forex_rate=7.20211000
out_trade_no=out_trade_no_20190826_204539
rmb_fee=0.07
seller_id=208xxxxxxxxx6931
currency=USD
notify_time=2019-08-26 22:11:32
trade_status=TRADE_FINISHED
sign_type=RSA