Apply for Access Token

POST /api/open/v1/alipayhk/merchant/applyToken

Use this interface to request access token with the authorization code retrieved, or refresh access token with refresh token.


General Headers

Name

Description

Type

Sample

Client-Id

REQUIRED

An ID provided by AlipayHK, used to identify partner and application system.

String

4Q5Y8W0WSG45P907917

Content-Type

REQUIRED

The RFC 2616 media type of the request body, the charset should be as same as the one used for cryptographic operations. 

String

application/json; charset=UTF-8

Signature

REQUIRED

A key-value pairs string separated by commas (,), which keys and values are joined by equal signs (key=value). 

Valid keys include: 

  • algorithm: The digital signature algorithm used in generating the signature, RSA256 or ECC224, uses RSA256 by default. 
  • keyVersion: The key version of the signing key configured with Client-Id, uses the latest version by default. 
  • signature: The signature value of this request. 

String

algorithm=RSA256,keyVersion=1,signature=KEhXthj4bJ801Hqw8kaLvEKc0Rii8KsNUazw7kZgjxyGSPuOZ48058UVJUkkR21iD9JkHBGR rWiHPae8ZRPuBagh2H3qu7fxY5GxVDWayJUhUYkr9m%2FOW4UQVmXaQ9yn%2Fw2dCtzwAW0htPHYrKMyrT pMk%2BfDDmRflA%2FAMJhQ71yeyhufIA2PCJV8%2FCMOa46303A0WHhH0YPJ9%2FI0UeLVMWlJ1XcBo3Jr bRFvcowQwt0lP1XkoPmSLGpBevDE8%2FQ9WnxjPNDfrHnKgV2fp0hpMKVXNM%2BrLHNyMv3MkHg9iTMOD% 2FFYDAwSd%2B6%2FEOFo9UbdlKcmodJwjKlQoxZZIzmF8w%3D%3D

Encrypt

REQUIRED when message content needs to be encrypted. 

A key-value pairs string separated by commas (,), which keys and values are joined by equal signs (key=value). 

Valid keys include: 

  • algorithmThe symmetric key algorithm used in encryptingthe signature, only RSA_AES is supported
  • keyVersionThe key version of the signing key configured with Client-Id, uses the latest version by default.
  • symmetricKey: The encrypted symmetric key.

String

algorithm=RSA_AES,keyVersion=1,symmetricKey=bqS8HSmdaRrpKSuPy7CqUlyd8lJurG93

Request-only Headers

Name

Description

Type

Sample

Request-Time

REQUIRED

The ISO-8601 datetime of this API request with timezone.

String

2024-05-22T06:42:21+05:30

Response-only Headers

Name

Description

Type

Sample

Response-Time

REQUIRED

The ISO-8601 datetime of this API response with timezone.

String

2024-05-22T06:42:21+05:30

Tracer-Id

An ID for tracing this request.

String

abcdefg135202000000000263818


Request parameters

grantType string  REQUIRED

A string indicates the purpose of this request.

  • AUTHORIZATION_CODE: Exchange for an access token.
  • REFRESH_TOKEN: Exchange for a new access token when the original one expires.

authCode string  

The authorization code for exchanging access token, given in the redirect url as a query parameter.

REQUIRED when grantType == AUTHORIZATION_CODE

The authCode is only valid for 10 minutes.

refreshToken string  

The refresh token for exchanging a new access token after expiry.

REQUIRED when grantType == REFRESH_TOKEN

Response parameters

result Result  REQUIRED

A metadata object indicates the result of the request.

Show child parameters

accessToken string  

An access token to access user information.

accessTokenExpiryTime string  

Expiry time of the accessToken.

More information:

  • The value follows the ISO 8601 standard format. For example, "2019-11-27T12:01:01+08:00".

customerId string  

The AlipayHK user ID of this authorization process.

refreshToken string  

A refresh token for exchanging a new access token when the original one expires.

refreshTokenExpiryTime string  

Expiry time of the refreshToken.

More information:

  • The value follows the ISO 8601 standard format. For example, "2019-11-27T12:01:01+08:00".
API Explorer

Request

Case
AUTHORIZATION_CODE
Request Body

Response

Response Body

Result/Error codes

CodeValueMessage
SUCCESSSSuccess
AUTH_CODE_EXPIREDFThe authCode has expired, ask user to perform the authorization flow again.
INVALID_AUTHCODEFThe authCode fulfills the generation logic but invalid.
PARAM_ILLEGALFPlease check the parameters of request.
PROCESS_FAILFBusiness process failure, do not retry.
UNKNOWN_EXCEPTIONUAPI failed due to unknown reason, please check with support.
USER_NOT_EXISTFNo user was found with this authCode.
USER_STATUS_ABNORMALFThe status of user with authCode is abnormal.