notifyAuthorization
Alipay uses the notifyAuthorization API to send the authorization result to the merchant.
Structure
A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see:
Note: Set the data type of each field (except array) as String. This means that you must use double quotation marks (" ") to enclose the field value. Examples:
- If the data type of a field is Integer and its value is 20, set it as "20".
- If the data type of a field is Boolean and its value is true, set it as "true".
Request parameters
authorizationNotifyType String REQUIRED
Authorization notification type. Valid values are:
AUTHCODE_CREATED: indicates that the user agrees to authorize. After the user agrees to authorize, the wallet-generated authorization code can be obtained from this notification and be used in the applyToken API to obtain the access token.TOKEN_CANCELED: indicates that the merchant initiates the authorization cancellation or the user initiates the authorization cancellation on the wallet side.
More information:
- Maximum length: 64 characters
authClientId String
The unique ID of the authorization object to which the user grants resource access permission. For an Alipay+ MPP, this is the unique ID for secondary merchants or the referenceMerchantId. The value is provided by the merchant and needs to be registered in Alipay. This field is required when the consult interface is initiated by Alipay+ MPP.
Alipay+ MPP: Alipay+ Mobile Payment Partner, is an organization that processes payment services and other value-added services on behalf of the payer. For online and in-store payments, an Alipay+ Mobile Payment Partner is a digital wallet, such as GCash.
More information:
- Maximum length: 64 characters
accessToken String
An access token that can be used to access the user resource scope.
Note: This field is required when authorizationNotifyType is TOKEN_CANCELED.
More information:
- Maximum length: 128 characters
authState String
A string generated by the merchant, which represents the request. This field will be used later for validation.
Note: This field is required when authorizationNotifyType is AUTHCODE_CREATED.
More information:
- Maximum length: 256 characters
authCode String
The authorization code, which is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
Note: This field is required when authorizationNotifyType is AUTHCODE_CREATED.
More information:
- Maximum length: 32 characters
reason String
The reason why the account unbinding is initiated. This field is sent to the merchant when the user provides the reason for authorization cancellation.
Note: This field is required when authorizationNotifyType is TOKEN_CANCELED.
More information:
- Maximum length: 256 characters
result Result REQUIRED
The authorization result
Response parameters
result Result REQUIRED
The request result contains information such as status and error codes.
Request
Response
Result process logic
The merchant needs to send SUCCESS to Alipay after receiving the notification. If no asynchronous notification is returned to Alipay as required or due to network issues, Alipay will retry the notification request within 24 hours until SUCCESS is returned by the merchant. The notification request is called up to eight times, with an interval of 0s, 2m, 10m, 10m, 1h, 2h, 6h, and 15h.
Error codes
Error codes are usually classified into the following categories:
- Common error codes: common for all online and in-store payment APIs.
- API-specific error codes: listed in the following table.
Result/Error codes
| Code | Value | Message | Further action |
|---|---|---|---|
| SUCCESS | S | Success | The authorization is successful, no further action is needed. |