mobile.securitypay.pay
Call this interface to initiate an app payment request.
Request
Service address
| Environment | HTTPS request URL |
| Production environment | https://intlmapi.alipay.com/gateway.do |
| Test environment | https://mapi.alipaydev.com/gateway.do |
Request parameters
trade_information
| Parameter | Description |
business_type String | Business type. 5 types are supported: 1: Hotel 2: AIR 3: Overseas study consulting 4: Sales of goods 5: Others, including all the other business types that do not fall into the above 4 categories. For example, mobile data service recharge, airport pick up service, etc. If more than one type is involved, use the vertical bar to seperate type values.
|
hotel_name String | Hotel name that consists of numbers, letters, spaces, and special characters including ,.<>()[]/\-,. If more than one hotel name exists, separate values with vertical bar (|). Specify this field only when business_type is 1 (Hotel).
|
check_in_time Date | Check-in time. Format: yyyy-MM-dd. Timezone: GMT +8. Specify this field only when business_type is 1 (Hotel).
|
| check_out_timeDate | Check-out time. Format: yyyy-MM-dd. Timezone: GMT +8. Specify this field only when business_type is 1 (Hotel).
|
flight_number String | Flight number. If flight transfer exists, separate flight numbers with vertical bar (|). Specify this field only when business_type is 2 (AIR).
|
| departure_timeDate | Departure time.Format: yyyy-MM-dd HH:mmTimezone: GMT +8. If flight transfer exists, separate time values with vertical bar (|). Specify this field only when business_type is 2 (AIR).
|
admission_notice_url String | If business_type is 3 (Overseas study consulting), the URL of admission notice (image) must be specified.
|
goods_info String | Goods information that includes SKU names and corresponding quantities, in the format of SKU_name^quantity. If more than one goods exists, separate values with vertical bar (|). Specify this field only when business_type is 4 (Sales of goods).
|
total_quantity Number | Total quantities of all goods in one order. Specify this field only when business_type is 4 (Sales of goods).
|
other_business_type String | If business_type is 5 (Others), specify the business type in details.
|
Note:
Do not use the halfwidth quotation mark (") in parameter values.
Response
Synchronous response
| Parameter | Description |
resultStatus String | Status code, which is returned from the operation. For more details, see Codes returned to the client end.
|
result String | Result data returned from the operation. The part before &success="true"&sign_type="RSA"&sign="xxx" is the original request data of the merchant. The value of “success” is used to indicate the result of the payment. The value of "sign" is the signature of Alipay for the result of the payment. The merchant needs to verify this signature with the Alipay public key.
|
memo String | Parameter reserved. Normally there is no content. |
Codes returned to the client end
| Return code | Description |
| 9000 | Successful order payment |
| 8000 | Under processing, with unknown payment result. The payment might have been made successfully or not. Inquiry the order payment status in the sellers' order list. This code is returned from Alipay server side. |
| 4000 | Failed order payment |
| 6001 | Cancelled by the user during the process |
| 6002 | Error occurred in the network connection |
| 6004 | Unknown payment result, which means the payment might have been made successfully or not. Inquiry the order payment status in the sellers' order list. This code is usually returned when the network issue prevents the Alipay client to receive a response from the Alipay server side. |
| Others | Other payment errors |
Asynchronous response
| Parameter | Description |
notify_type String | Notification type, with a value of forex_trade_status_sync |
notify_id String(34) | Notification ID, used by the partner system to verify the notification |
notify_time Timestamp | The time in GMT+8 when the notification is sent. The time format is yyyy-MM-dd HH:mm:ss. |
sign String | Sign value |
sign_type String | Sign type |
out_trade_no String(64) | Unique order ID in the merchant system |
| trade_statusString(32) | Trade status, with a value of TRADE_FINISHED or TRADE_CLOSED. See Trade status for details. |
trade_no String(16) | Unique order ID in the Alipay system |
currency String(10) | The settlement currency |
total_fee Number(9,2) | The transaction amount, which is a floating number in the range 0.01 - 1000000.00. |
Notification trigger condition
| Trigger condition name | Description on trigger condition | Note |
| TRADE_FINISHED | Trade successfully | true (trigger nofitication) |
| WAIT_BUYER_PAY | Trade creation | false (does not trigger nofitication) |
| TRADE_CLOSED | Trade closed | true (trigger nofitication) |
Description: the detailed value of true (trigger nofitication) / false (does not trigger nofitication) remains synchronous with the value at the time of signing and configuration.
Acquisition of server asynchronous response
Things to know about the asynchoronous response from Alipay:
- Ensure that the Notification Page (notify_url) is absolutely blank, without space, html tag, or any error messages threw from the program system.
- Parameters on this page can be acquired with the GET method, such as, request.Form("out_trade_no"), $_POST['out_trade_no'].
- This response will be used, if Alipay actively notifies.
- Interaction between servers, unlike interaction between websites, is usually not visible.
- After the program is executed, the page must print “success” (without quote). If not, Alipay server keeps re-sending notification for the next 24 hour and 22 minutes. Generally, there would be 8 notifications within 25 hours (Frequency: 2m,10m,10m,1h,2h,6h,15h)
- After the program is executed, the page will not be redirected as Alipay does not recognize a “success” string. The Alipay system would regard it as an error and keep sending notification.
- Cookies and sessions would be invalid on this page, which means these data would not be captured.
- The configuration and testing of this system must be on a server, via internet
- The asynchronous notification prevents lost transactions even if the synchronous redirection fails, therefore, with the asynchronous notification, the order on the partner system can still be updated.
- As long as the partner receives the server’s asynchronous response and prints “success”, the parameter notify_id would be invalid. This means when Alipay sends same asynchronous notification (including the re-sending notifications because of no “success”), the parameter notify_id doesn't change.
- Alipay may add new parameters (existing parameters will not change) along the way. When doing notification verification, merchant must use all parameters returned from Alipay.
Validation of notification
Alipay sends processed result data to sellers. After receiving these result data, sellers must validate the notification parameters following the steps below:
- Verify the signature.
- Verify whether the notification is sent by Alipay. See Verify The Notification Is Sent by Alipay for more details.
- Process business data:
- Sellers need to check whether
out_trade_noin the notice data is the order number created in seller's system, and judge whethertotal_feeis the actual amount of this order (i.e. the amount when seller's order is created), and meanwhile needs to verify whetherseller_id(orseller_email) in the notification is the correct operator of this order ofout_trade_no(sometimes, one seller may have severalseller_id/seller_email). Failure in verifying any of the above indicates that this notification is abnormal and should be ignored. - After successfully verifying the above, sellers must conduct different business processing in accordance with different types of business notification of Alipay, and filter repeated notification result data. Only when the trade notification status is
TRADE_FINISHED, Alipay can recognize the successful payment of the seller. If sellers need to verify the signature of synchronously returned data, it must be implemented via signature verification code logic at the server. If sellers fail to process business notice correctly, potential risks may exist, and sellers will bear all loss at their own cost.
Note:
The notification of a trade status TRADE_FINISHED is triggered when the products/services signed by sellers fail to support the refund function but the buyer has paid successfully; or when the products/services signed by sellers support the refund function and the transaction has been made successfully, but the refund period is over.
Trade status
| Enumeration name | Enumeration description |
| WAIT_BUYER_PAY | The trade is created and waits for buyer to pay |
| TRADE_CLOSED | The trade is closed due to absence of payment in the specified time. |
| TRADE_FINISHED | The trade has been made successfully and refund can be requested. |
Verifying the notificaiton
The verification relates to the parameter notify_id, which is used to verify the legitimacy of the Alipay asynchronous notification by calling the notify verification API (notify_verify). This API request uses simulation of the remote HTTP submission; the callback mode is "output result at the current page directly"; the return data is in the text format.
The full request link is shown below:
https://mapi.alipay.com/gateway.do?service=notify_verify&partner=2088002396712354¬ify_id=RqPnCoPT3K9%252Fvwbh3I%252BFioE227%252BPfNMl8jwyZqMIiXQWxhOCmQ5MQO%252FWd93rvCB%252BaiGgThere are two types of outcome from processing results:
- Successful: true
- Unsuccessful: report the corresponding error
Business logic management
Merchants' business logic for processing
Generally, it is suggested that the important processing codes of merchants' business logic are to be written in the following ways:
- Signature verification and
notify_idlegitimacy verification aretrue. - In the page file of "active callback" (asynchronous notification
notify_url), only if the business logic processing codes are executed and the business logic are changed successfully, the current page "success" can be printed. The page redirect function should not exist.
Notes:
- It is compulsory to check the verification signature and verify the legitimacy of
notify_id. - It is compulsory to check the possibility of repetitive calling.
- Perform different codes according to the actual business logic conditions. Particularly execute different parts of codes according to the different transaction status.
- In the page files of active callback mode, it is recommended to check if "success" is successfully printed and other information exists;
- The page files under the active callback mode do not exist in "cookie" and "session".
- Page redirecting action cannot be implemented on page files that are required to print "success" under the active callback mode.
Attentions
- About the signature: during the integration process, the signature needs to be used at the server side and the private key needs to be properly kept. Remember not to place the private key at the client side.
- About the notification address: the notification address needs to adopt the format of HTTPS to ensure that the order information of seller is not disclosed.
- About the testing scenario of sellers' payment process: test the system with Alipay wallet installed and the system without Alipay wallet installed. Ensure that both scenarios can enable successful payments.
Error codes
A list of error codes and description is shown below:
| Error codes(error_code) | Meanings |
| ILLEGAL_SIGN | Incorrect signature |
| ILLEGAL_DYN_MD5_KEY | Dynamic private key information error |
| ILLEGAL_ENCRYPT | Incorrect encryption |
| ILLEGAL_ARGUMENT | Incorrect parameter |
| ILLEGAL_SERVICE | Incorrect API name |
| ILLEGAL_PARTNER | Incorrect cooperating partner ID |
| ILLEGAL_EXTERFACE | Incorrect API configuration |
| ILLEGAL_PARTNER_EXTERFACE | Incorrect cooperating partner API configuration |
| ILLEGAL_SECURITY_PROFILE | Private key configuration without matching detected |
| ILLEGAL_AGENT | Incorrect agency ID |
| ILLEGAL_SIGN_TYPE | Incorrect signature type |
| ILLEGAL_CHARSET | Illegal character set |
| ILLEGAL_CLIENT_IP | No right integration service of customer’s IP address |
| ILLEGAL_DIGEST_TYPE | Incorrect abstract type |
| ILLEGAL_DIGEST | Incorrect file abstract |
| ILLEGAL_FILE_FORMAT | Incorrect file format |
| ILLEGAL_ENCODING | The coding type is not supported. |
| ILLEGAL_REQUEST_REFERER | Anti-phishing inspection does not support the request resource. |
| ILLEGAL_ANTI_PHISHING_KEY | Illegal timestamp parameter of anti-phishing inspection |
| ANTI_PHISHING_KEY_TIMEOUT | Overtime of anti-phishing inspection timestamp |
| ILLEGAL_EXTER_INVOKE_IP | Illegal callback IP of anti-phishing inspection |
| ILLEGAL_NUMBER_FORMAT | Illegal digital format |
| ILLEGAL_INTEGER_FORMAT | Illegal “int” type format |
| ILLEGAL_MONEY_FORMAT | Illegal amount format |
| ILLEGAL_DATA_FORMAT | Wrong data format |
| REGEXP_MATCH_FAIL | Failed matching of regular expression |
| ILLEGAL_LENGTH | Illegal parameter value length |
| PARAMTER_IS_NULL | Null parameter |
| HAS_NO_PRIVILEGE | No privilege to use the service |
| SYSTEM_ERROR | Wrong Alipay system |
| SESSION_TIMEOUT | Session overtime |
| ILLEGAL_TARGET_SERVICE | Wrong “target_service” |
| ILLEGAL_ACCESS_SWITCH_SYSTEM | “partner” does not allow the system of the type. |
| ILLEGAL_SWITCH_SYSTEM | Abnormal switching system |
| EXTERFACE_IS_CLOSED | Closed API |
Samples
Request
Request sample for merchants directly integrated with Alipay
_input_charset="UTF-8"&appenv="system=android^version=3.0.1.2"¤cy="HKD"&forex_biz="FP"¬ify_url="http://www.mikascoffee.com/notify"&out_trade_no="out_trade_no_20190910_141444"&partner="208xxxxxxxxx5500"&payment_inst="ALIPAYHK"&payment_type="1"&product_code="NEW_WAP_OVERSEAS_SELLER"&refer_url="http://www.mikascoffee.com"&return_url="http://www.mikascoffee.com/return"&seller_id="2088021966645500"&service="mobile.securitypay.pay"&sign="3v0t8CPxvNrZazSPhIFO0mR0hNS3Ph%2BwSOqlx0C4LRDjlgVShCW85omoT9wP4CpHfUdksTlgAoKaj1VWrzlkMXPyOhbW3Ex0euS1jczIBt47hK4105lcXIREzd7LGyg8uA8gxmQ49CQ8Zr9ZPEAbYRIlAsbN4yyAZHqYKPugnYM%3D"&sign_type="RSA"&subject="Mika's coffee shop"&total_fee="0.01"&trade_information="{"business_type":"4","goods_info":"Mika's capsule coffee^1","total_quantity":"1"}"
Request sample for acquirers and system integrators with secondary merchants
_input_charset="UTF-8"&appenv="system=android^version=3.0.1.2"¤cy="HKD"&forex_biz="FP"¬ify_url="http://www.mikascoffee.com/notify"&out_trade_no="out_trade_no_20190910_140255"&partner="208xxxxxxxxx5500"&payment_inst="ALIPAYHK"&payment_type="1"&product_code="NEW_WAP_OVERSEAS_SELLER"&return_url="http://www.mikascoffee.com/return"&secondary_merchant_id="1314520"&secondary_merchant_industry="5499"&secondary_merchant_name="Mika's coffee shop"&seller_id="208xxxxxxxxx5500"&service="mobile.securitypay.pay"&sign="8mAZ4DZo3USCmOmHtjpqt9yswfwZJT%2FmnChDjVZzno3X0vnsisch78ut%2BXiF7sOs5YPZgAexpa6MaFGRAN1i9euFuKqa4wglZcHB85Swtfz8%2FRHLY3NMAnJh4z9a%2BTJATVLDPLy7OP7nu%2BvefVUeci3zssCm9aYIDnt7eVbJXDs%3D"&sign_type="RSA"&subject="Mika's coffee shop"&total_fee="0.01"
Response
Synchronous response
resultStatus=9000
result=
_input_charset="UTF-8"
appenv="system=android^version=3.0.1.2"
currency="HKD"
forex_biz="FP"
it_b_pay="1h"
notify_url="http://www.mikascoffee.com/notify"
out_trade_no="out_trade_no_20190910_141442"
partner="208xxxxxxxxx5500"
payment_inst="ALIPAYCN"
payment_type="1"
product_code="NEW_WAP_OVERSEAS_SELLER"
refer_url="http://www.mikascoffee.com"
return_url="http://www.mikascoffee.com/return"
seller_id="208xxxxxxxxx5500"
service="mobile.securitypay.pay"
subject="Mika's coffee shop"
total_fee="0.01"
trade_information="{"business_type":"4","goods_info":"Mika's capsule coffee^1","total_quantity":"1"}"
success="true"
sign_type="RSA"
sign="GWWdENlqkRvlgXGxC2ucdnRYKe8ta2bsvgZSuo37jD6pp1e3yyy2f3/NVL7Qkv1poxxX7IYczk56ijo11c27Gi/lkn4QYJ9DcpYcdv469YA+WdHjOw0EkkXWZTMhCznO7psXAqeXleBkDHoE7KyqhddPrloOgIZ6aSfl6Tjc+qI="
memo=Asynchronous response
http://www.mikascoffee.com/notify
notify_id=201xxxxxxxxxxxxxxxxxxxxxxxxxxx2954
notify_type=trade_status_sync
sign=$$$
trade_no=201xxxxxxxxxxxxxxxxxxxx7004
total_fee=0.01
out_trade_no=out_trade_no_20190910_140255
notify_time=2019-09-10 14:23:31
currency=HKD
trade_status=TRADE_FINISHED
sign_type=RSA