2. Obtaining the Alipay user ID

Last updated: 2019-12-30

Before you begin

You must wait until the H5 page is loaded and then start to obtain the Alipay user ID. Otherwise, the H5 page loading process is to be very slow because the H5 page will be loaded after you get the result of obtaining the Alipay user ID.

Obtaining the Alipay user ID

The buyer’s Alipay ID (buyer_id) is required as one of the request parameters of the alipay.acquire.create interface. Therefore, to complete a payment transaction, firstly you must obtain the buyer’s Alipay user ID by completing the following steps:

  1. Construct the openauth link and then guide the user to visit this link.
  2. The authorization will occur silently and redirection page occurs automatically. In this case, users will be automatically redirected to the configured callback page, and the auth_code will be passed. With the auth code, the alipay.system.oauth.token API is called to obtain the Alipay user ID.

Constructing the openauth link

URL format:

https://openauth.alipay.com/oauth2/publicAppAuthorize.htm?app_id=APPID&scope=auth_base&redirect_uri=ENCODED_URL


Description of URL parameters

ParameterRequiredDescription
app_idYApplication ID of the app in the Developer Center.
scopeYInterface permission value, fixed as auth_base in this condition.
redirect_uriYEscaped URL of the callback page (the URL must begin with http or https), for example: http%3A%2F%2Fexample.com Before the request, developers must configure the authorization callback URL in the corresponding application at Developer Center.
stateNSelf-defined parameter by the merchant. After a user has given permission, the state value will be returned as is to the merchant after redirection. To avoid CSRF attack, it’s suggested to pass the state parameter. This state parameter must be unpredictable while at the same can prove connections exist between the user and the login authentication status of the third-party website.

About the redirect_uri:

The API verifies whether the redirect_uri configured in the authorization link is consistent with that in the corresponding application at the Developer Center.

For example:

If the link configured in the application by the developer is: https://auth.example.com/authCallBack , then the redirect_uri is https%3A%2F%2Fauth.example.com%2FauthCallBack. After configuration, URLs under this domain name (auth.example.com), such as http://auth.example.com/authCallBack、https://auth.example.com/authRedirect、https://auth.example.com/ can support OAuth 2.0 –based authentication.

However, http://www.example.com/、http://example.com would not be supported for web-based authentication.


Obtaining the auth_code

When the user is redirected to the callback page, Alipay will add request parameters into the callback including auth_code, app_id, scope and so on. An example of the request is as below:

http://example.com/doc/toAuthPage.html?app_id=2014101500013658&source=alipay_wallet&scope=auth_base&auth_code=ca34ea491e7146cc87d25fca24c4cD11


Among which,auth_code=ca34ea491e7146cc87d25fca24c4cD11


Obtaining the user ID by using auth_code

Interface name: alipay.system.oauth.token

For the information about request and response parameters and error codes, refer to the API doc

The developer can obtain the Alipay user ID by using auth_code. As the token to obtain the Alipay user ID, the auth_code returned is unique in each authorization. Each auth_code can be used only once and will automatically be expired in one day.


Sample request:

REQUEST URL: https://openapi.alipay.com/gateway.do
REQUEST METHOD: POST
CONTENT:
    app_id=2014070100171525
    method=alipay.system.oauth.token
    charset=GBK
    sign_type=RSA2
    timestamp=2014-01-01 08:08:08
    sign=rXaTEfJ7WTDsP1DWRPHARW3uOr19+fzlngMCJBvbhP1XPEa9qZwGGng9oMDloABpJMT2SGeOj46+BUkqCGRO9fH90Vci3hOH01BfYnbhJz3ADK2h7gpjlponx4/sxELN6f2GXi51XKiHKnxMA9XpLLo68q+roY0M/ZFQ1UdnqeM=
    version=1.0
    grant_type=authorization_code
    code=4b203fe6c11548bcabd8da5bb087a83b


Request parameters

ParameterTypeDescriptionRequiredSample
grant_typeStringFixed as authorization_code in this situation

Y

authorization_code
codeStringThe auth_code obtained by the developer in step 2

Y

4b203fe6c11548bcabd8da5bb087a83b

Synchronous response sample

{
    "alipay_system_oauth_token_response": {
        "access_token": "publicpBa869cad0990e4e17a57ecf7c5469a4b2",
        "user_id": "2088411964574197",
        "alipay_user_id": "20881007434917916336963360919773",
        "expires_in": 300,
        "re_expires_in": 300,
        "refresh_token": "publicpB0ff17e364f0743c79b0b0d7f55e20bfc"
    },
    "sign": "xDffQVBBelDiY/FdJi4/a2iQV1I7TgKDFf/9BUCe6+l1UB55YDOdlCAir8CGlTfa0zLYdX0UaYAa43zY2jLhCTDG+d6EjhCBWsNY74yTdiM95kTNsREgAt4PkOkpsbyZVXdLIShxLFAqI49GIv82J3YtzBcVDDdDeqFcUhfasII="
}


Synchronous response parameters

ParameterTypeDescription

Required

Sample
access_tokenStringToken used to obtain the user’s information.

Y

publicpBa869cad0990e4e17a57ecf7c5469a4b2
user_idStringThe unique Alipay user ID.

Y

2088411964574197
alipay_user_idObsoleteObsoleteObsoleteObsolete
expires_inNumberThe validity time of the token. Unit: second.

Y

300
re_expires_inNumberRefresh the validity time of the token. Unit is second.

Y

300
refresh_tokenStringBy this token you can refresh the access_token token

Y

publicpB0ff17e364f0743c79b0b0d7f55e20bfc

In this condition we only focus on user_id

If you have any question, please contact us