Alipay, China's leading third-party online payment solutionAlipay, China's leading third-party online payment solution

alipay.intl.oauth.auth.applyToken

API Overview

name: alipay.intl.oauth.auth.applyToken
version: 2.0.0
endpoint: https://open.alipay.hk/api/alipay/intl/oauth/auth/applyToken.htm
description: The API is used by the merchant to get access token from the authSite.

This openAPI can be used together with 'my.getAuthCode' and the jsapi will return the authCode to the merchant. The merchant can invoke this applyToken API call with 'authCode' . The accessToken will be granted by the site only if the 'authCode' is correct. The merchant can also integrate the 'auth.notify' to get the accessToken.

Function Logic

Request Parameter

Header

No

Name

Description

Type

Length

Required

Remarks

Condition

Sample

1

version

API version

string

8

ME

As per the respective API reference

2.0.0

2

function

API interface

string

128

ME

According to specifications defined by each business domain

alipay.intl.function

3

clientId

Client ID

string

32

ME

Provided by Alipay, used to identify partner and application system

211020000000000000044

4

reqTime

Request time

datetime

/

M

DateTime with timezone, which follows the ISO-8601 standard.Refer to: RFC 3339 Section 5.6

2001-07-04T12:08:56+05:30

5

reqMsgId

Request message ID

string

64

ME

Each request will be assigned with a unique id (uuid).The reqMsgId identify an unique system request, it is not used to identity an unique business request.

1234567asdfasdf1123fda

6

reserve

Reserved for future implementation

string

256

O

Key/Value

{}

Body

No

Name

Description

Type

Length

Required

Remarks

Condition

Sample

1

grantType

Grant type. The accessToken could be granted by authCode or refreshToken.

enum<[OAuthGrantTypeEnum](data_structure/02. OAuth Domain Structure.htm#OAuthGrantTypeEnum)>

64

M

AUTHORIZATION_CODE

2

authMerchantId

Auth merchant ID. The auth merchant can be authorized by the user  to access user resources.

string

64

M

218820000000000000023

3

authSite

The site which can authorize the user.

enum<[SiteEnum](data_structure/00. Global Common Structure.htm#SiteEnum)>

64

M

ALIPAY_CN

4

authCode

An authorization code which the caller can used to obtain an access token.

string

64

C

Authentication code. The authCode is generated by the authSite and returned to the merchant.

y: (grantType = AUTHORIZATION_CODE)

4b203fe6c11548bcabd8da5bb087a83b

5

verifyCode

Verify code

string

64

O

y: (if authCode is collected through ‘auth.applyCode’ API call.)The verifyCode is only needed when the authCode is generated through ‘auth.applyCode’ API call.

y: (grantType = AUTHORIZATION_CODE)

934754

6

refreshToken

Refresh token, which is used to refresh the access token.

string

64

C

y: (grantType = REFRESH_TOKEN)

201208134b203fe6c11548bcabd8da5bb087a83b

Response Parameter

Header

No

Name

Description

Type

Length

Required

Remarks

Condition

Sample

1

version

API version

string

8

ME

As per the respective API reference

2.0.0

2

function

API interface

string

128

ME

According to specifications defined by each business domain

alipay.intl.function

3

clientId

Client ID

string

32

ME

Provided by Alipay, used to identify partner and application system

211020000000000000044

4

respTime

Response time

datetime

/

M

DateTime with timezone, which follows the ISO-8601 standard.  Refer to: RFC 3339 Section 5.6

2001-07-04T12:08:56+05:30

5

reqMsgId

Request message ID

string

64

ME

Each request will be assigned with a unique id (uuid).

1234567asdfasdf1123fda

6

reserve

Reserved for future implementation

string

256

O

Key/Value

{}

Body

No

Name

Description

Type

Length

Required

Remarks

Condition

Sample

1

resultInfo

Result info

[ResultInfo](data_structure/00. Global Common Structure.htm#ResultInfo)

/

M

{  "resultStatus": "S",  "resultCodeId": "00000000",  "resultCode":"SUCCESS",  "resultMsg": "result message"  }

2

accessTokenInfo

The detailed accessToken information.

[AccessTokenInfo](data_structure/02. OAuth Domain Structure.htm#AccessTokenInfo)

/

C

y: (resultInfo.resultCode = SUCCESS)

{    "accessToken": "publicpBa869cad0990e4e17a57ecf7c5469a4b2",    "expiresIn": "2001-07-04T12:08:56+05:30",    "refreshToken":"201510BB0c409dd5758b4d939d4008a525463X62",    "reExpiresIn": "2001-07-04T12:08:56+05:30", "tokenStatus":"ACTIVE"  }

3

authSiteUserId

The parameter identifies the unique user id within the authSite. Recommend to provide.

string

64

C

y: (&(resultInfo.resultCode = SUCCESS)(authSiteCanProvide = true))

2088455609687485

Request Sample

copy
{
      "request":{
          "head":{
              "version":"2.0.0",
              "function":"alipay.intl.oauth.auth.applyToken",
              "clientId":"211020000000000000044",
              "reqTime":"2001-07-04T12:08:56+05:30",
              "reqMsgId":"1234567asdfasdf1123fda",
              "reserve":"{}"
          },
          "body":{
              "grantType":"AUTHORIZATION_CODE",
              "authMerchantId":"218820000000000000023",
              "authSite":"ALIPAY_CN",
              "authCode":"4b203fe6c11548bcabd8da5bb087a83b",
              "verifyCode":"934754"
          }
      },
      "signature":"signature string"
  }

Response Sample

copy
{
      "response":{
          "head":{
              "version":"2.0.0",
              "function":"alipay.intl.oauth.auth.applyToken",
              "clientId":"211020000000000000044",
              "respTime":"2001-07-04T12:08:56+05:30",
              "reqMsgId":"1234567asdfasdf1123fda",
              "reserve":"{}"
          },
          "body":{
              "resultInfo":{
                  "resultStatus":"S",
                  "resultCodeId":"00000000",
                  "resultCode":"SUCCESS",
                  "resultMsg":"success"
              },
              "accessTokenInfo":{
                  "accessToken":"publicpBa869cad0990e4e17a57ecf7c5469a4b2",
                  "tokenStatus":"ACTIVE"
              }
          }
      },
      "signature":"signature string"
  }

Result Info

No

ResultCodeId

ResultCode

ResultStatus

Remarks

1

00000011

RISK_REJECT

F

Risk reject

2

12002005

USER_NOT_EXIST

F

User does not exist

3

12002006

USER_STATUS_ABNORMAL

F

User status is not normal.

4

12002027

OTP_VERIFY_TIMES_EXCEED_LIMIT

F

Verify code failed too many times, user must get a new code.

5

12002026

OTP_VERIFY_UNMATCHED

F

Verify code invalid

6

12014174

AUTH_CODE_INVALID

F

authCode is invalid

7

12014175

REFRESH_TOKEN_INVALID

F

Refresh token is invalid

Basic Result Code: The following global result codes might be returned for all APIs.

No

ResultCodeId

ResultCode

ResultStatus

Remarks

1

00000000

SUCCESS

S

Success

2

00000019

PROCESS_FAIL

F

General business failure. No retry.

3

00000901

UNKNOWN_EXCEPTION

U

API failed due to unknown reason.

4

00000004

PARAM_ILLEGAL

F

Illegal parameters. For example, non-numeric input, invalid date.

5

00000007

INVALID_SIGNATURE

F

Signature is invalid.

6

00000008

KEY_NO_FOUND

F

Key is not found.

7

00000013

NO_INTERFACE_DEF

F

API is not defined

8

00000014

API_IS_INVALID

F

API is invalid (or not active)

9

00000016

OAUTH_FAILED

F

oAuth authentication failed

10

00000021

ACCESS_DENIED

F

Access denied

11

12014152

CLIENT_FORBIDDEN_ACCESS_API

F

Client is not authorized to use this API

12

12014155

UNKNOWN_CLIENT

F

Unknown client

13

12014156

INVALID_CLIENT_STATUS

F

Invalid client status

14

00000024

REQUEST_TRAFFIC_EXCEED_LIMIT

F

The request traffic exceeds the limit.