Apply for Access Token
Use this interface to request access token with the authorization code retrieved, or refresh access token with refresh token.
General Headers
Name | Description | Type | Sample |
Client-Id | An ID provided by AlipayHK, used to identify partner and application system. | String | 4Q5Y8W0WSG45P907917 |
Content-Type | The RFC 2616 media type of the request body, the charset should be as same as the one used for cryptographic operations. | String | application/json; charset=UTF-8 |
Signature | A key-value pairs string separated by commas (,), which keys and values are joined by equal signs (key=value). Valid keys include:
| String | algorithm=RSA256,keyVersion=1,signature=KEhXthj4bJ801Hqw8kaLvEKc0Rii8KsNUazw7kZgjxyGSPuOZ48058UVJUkkR21iD9JkHBGR rWiHPae8ZRPuBagh2H3qu7fxY5GxVDWayJUhUYkr9m%2FOW4UQVmXaQ9yn%2Fw2dCtzwAW0htPHYrKMyrT pMk%2BfDDmRflA%2FAMJhQ71yeyhufIA2PCJV8%2FCMOa46303A0WHhH0YPJ9%2FI0UeLVMWlJ1XcBo3Jr bRFvcowQwt0lP1XkoPmSLGpBevDE8%2FQ9WnxjPNDfrHnKgV2fp0hpMKVXNM%2BrLHNyMv3MkHg9iTMOD% 2FFYDAwSd%2B6%2FEOFo9UbdlKcmodJwjKlQoxZZIzmF8w%3D%3D |
Encrypt | when message content needs to be encrypted. A key-value pairs string separated by commas (,), which keys and values are joined by equal signs (key=value). Valid keys include:
| String | algorithm=RSA_AES,keyVersion=1,symmetricKey=bqS8HSmdaRrpKSuPy7CqUlyd8lJurG93 |
Request-only Headers
Name | Description | Type | Sample |
Request-Time | The ISO-8601 datetime of this API request with timezone. | String | 2024-05-22T06:42:21+05:30 |
Response-only Headers
Name | Description | Type | Sample |
Response-Time | The ISO-8601 datetime of this API response with timezone. | String | 2024-05-22T06:42:21+05:30 |
Tracer-Id | An ID for tracing this request. | String | abcdefg135202000000000263818 |
Request parameters
grantType string REQUIRED
A string indicates the purpose of this request.
AUTHORIZATION_CODE: Exchange for an access token.REFRESH_TOKEN: Exchange for a new access token when the original one expires.
authCode string
The authorization code for exchanging access token, given in the redirect url as a query parameter.
when
grantType==AUTHORIZATION_CODEThe authCode is only valid for 10 minutes.
refreshToken string
The refresh token for exchanging a new access token after expiry.
when
grantType== REFRESH_TOKEN
Response parameters
result Result REQUIRED
A metadata object indicates the result of the request.
accessToken string
An access token to access user information.
accessTokenExpiryTime string
Expiry time of the accessToken.
More information:
- The value follows the ISO 8601 standard format. For example, "2019-11-27T12:01:01+08:00".
customerId string
The AlipayHK user ID of this authorization process.
refreshToken string
A refresh token for exchanging a new access token when the original one expires.
refreshTokenExpiryTime string
Expiry time of the refreshToken.
More information:
- The value follows the ISO 8601 standard format. For example, "2019-11-27T12:01:01+08:00".
Request
Response
Result/Error codes
| Code | Value | Message |
|---|---|---|
| SUCCESS | S | Success |
| AUTH_CODE_EXPIRED | F | The authCode has expired, ask user to perform the authorization flow again. |
| INVALID_AUTHCODE | F | The authCode fulfills the generation logic but invalid. |
| PARAM_ILLEGAL | F | Please check the parameters of request. |
| PROCESS_FAIL | F | Business process failure, do not retry. |
| UNKNOWN_EXCEPTION | U | API failed due to unknown reason, please check with support. |
| USER_NOT_EXIST | F | No user was found with this authCode. |
| USER_STATUS_ABNORMAL | F | The status of user with authCode is abnormal. |