2. Obtaining the Alipay user ID

Last updated: 2019-4-11

The buyer’s Alipay ID (buyer_id) is required as one of the request parameters of the alipay.acquire.create interface. Therefore, to complete a payment transaction, firstly you must obtain the buyer’s Alipay user ID by the following steps:


  1. Construct the openauth link and then guide the user to visit this link.
  2. The authorization will occur silently and redirection page occurs automatically. In this case, users will be automatically redirected to the configured callback page, and the auth_code will be passed. With the auth code, the alipay.system.oauth.token API is called to obtain the Alipay user ID.

Construct the openauth link

URL format:

https://openauth.alipay.com/oauth2/publicAppAuthorize.htm?app_id=APPID&scope=auth_base&redirect_uri=ENCODED_URL

Description of URL parameters

Parameter Required Description
app_id Y Application ID of the app in the Developer Center.
scope Y Interface permission value, fixed as auth_base in this condition.
redirect_uri Y Escaped URL of the callback page (the URL must begin with http or https), for example: http%3A%2F%2Fexample.com Before the request, developers must configure the authorization callback URL in the corresponding application at Developer Center.
state N Self-defined parameter by the merchant. After a user has given permission, the state value will be returned as is to the merchant after redirection. To avoid CSRF attack, it’s suggested to pass the state parameter. This state parameter must be unpredictable while at the same can prove connections exist between the user and the login authentication status of the third-party website.

About the redirect_uri:
The API verifies whether the redirect_uri configured in the authorization link is consistent with that in the corresponding application at the Developer Center.
For example:

If the link configured in the application by the developer is: https://auth.example.com/authCallBack , then the redirect_uri is https%3A%2F%2Fauth.example.com%2FauthCallBack. After configuration, URLs under this domain name (auth.example.com), such as http://auth.example.com/authCallBack、https://auth.example.com/authRedirect、https://auth.example.com/ can support OAuth 2.0 –based authentication.
However, http://www.example.com/、http://example.com would not be supported for web-based authentication.


Obtain the auth_code

When the user is redirected to the callback page, Alipay will add request parameters into the callback including auth_code, app_id, scope and so on. An example of the request is as below:

http://example.com/doc/toAuthPage.html?app_id=2014101500013658&source=alipay_wallet&scope=auth_base&auth_code=ca34ea491e7146cc87d25fca24c4cD11

Among which,auth_code=ca34ea491e7146cc87d25fca24c4cD11

Obtain the user ID by using auth_code

Interface name: alipay.system.oauth.token
For the information about request and response parameters and error codes, refer to the API doc

The developer can obtain the Alipay user ID by using auth_code. As the token to obtain the Alipay user ID, the auth_code returned is unique in each authorization. Each auth_code can be used only once and will automatically be expired in one day.

Sample request:

REQUEST URL: https://openapi.alipay.com/gateway.do
REQUEST METHOD: POST
CONTENT:
    app_id=2014070100171525
    method=alipay.system.oauth.token
    charset=GBK
    sign_type=RSA2
    timestamp=2014-01-01 08:08:08
    sign=rXaTEfJ7WTDsP1DWRPHARW3uOr19+fzlngMCJBvbhP1XPEa9qZwGGng9oMDloABpJMT2SGeOj46+BUkqCGRO9fH90Vci3hOH01BfYnbhJz3ADK2h7gpjlponx4/sxELN6f2GXi51XKiHKnxMA9XpLLo68q+roY0M/ZFQ1UdnqeM=
    version=1.0
    grant_type=authorization_code
    code=4b203fe6c11548bcabd8da5bb087a83b

Request parameters

Parameter Type Description Required Sample
grant_type String Fixed as authorization_code in this situation Y authorization_code
code String The auth_code obtained by the developer in step 2 Y 4b203fe6c11548bcabd8da5bb087a83b

Synchronous response sample

{
    "alipay_system_oauth_token_response": {
        "access_token": "publicpBa869cad0990e4e17a57ecf7c5469a4b2",
        "user_id": "2088411964574197",
        "alipay_user_id": "20881007434917916336963360919773",
        "expires_in": 300,
        "re_expires_in": 300,
        "refresh_token": "publicpB0ff17e364f0743c79b0b0d7f55e20bfc"
    },
    "sign": "xDffQVBBelDiY/FdJi4/a2iQV1I7TgKDFf/9BUCe6+l1UB55YDOdlCAir8CGlTfa0zLYdX0UaYAa43zY2jLhCTDG+d6EjhCBWsNY74yTdiM95kTNsREgAt4PkOkpsbyZVXdLIShxLFAqI49GIv82J3YtzBcVDDdDeqFcUhfasII="
}

Synchronous response parameters

Parameter Type Description Required Sample
access_token String Token used to obtain the user’s information. Y publicpBa869cad0990e4e17a57ecf7c5469a4b2
user_id String The unique Alipay user ID. Y 2088411964574197
alipay_user_id Obsolete Obsolete Obsolete Obsolete
expires_in Number The validity time of the token. Unit: second. Y 300
re_expires_in Number Refresh the validity time of the token. Unit is second. Y 300
refresh_token String By this token you can refresh the access_token token Y publicpB0ff17e364f0743c79b0b0d7f55e20bfc

In this condition we only focus on user_id

If you have any question, please contact us