Background information
After you complete the AccessToken configuration, you can send mini program subscription notifications. This APi needs to implement the following functions:
1. Obtain the accessToken of WeChat applet. The input parameter sets whether to refresh the token for this request. Please ensure the availability of the token.
2. Connectivity test. QA will conduct a connectivity test after configuration. wxAppId will not be passed in (see AppId of WeChat applet, see API document). Please return it correctly (code is 200 and token is empty).
Parameters
Parameter | Parameters | Remarks |
The URL of a resource that is accessed. | Fill in the address for obtaining WeChat token on the customer side | The API developer provides the API and needs to implement the preceding functions. |
APP ID | Parameters used for signature verification | Please agree on APPID with the API developer and fill it in here. |
AccessKey | Parameters used for signature verification | Please agree with the API developer to fill in the AccessKey. |
SecretKey | Parameters used for signature verification | Please agree with the API developer and fill in the SecretKey here. |
1. API documentation
Usage notes | Query the AccessToken of a WeChat mini program | |||
URL | ${Address specified by the third party}?appId=aaa&accessKey=xxx×tamp=yyy | |||
Request method | POST | |||
The request type. | application/json | |||
Data type of the return value | */* | |||
Parameter | Data type | Data type | Required | Description |
1.wxAppId | string | body | Yes | WeChat applet appId |
2.refresh | boolean | body | Yes | Whether the token needs to be refreshed. Default value: false |
State | Term | Notes | ||
200 | OK | The request was successful. | ||
401 | Unauthorized | The request is unauthorized. | ||
403 | Forbidden | The error message returned because the request is denied. | ||
404 | Not Found | The requested resource does not exist. | ||
Return Property Name | Category | Migration description | ||
1.code | string | The request is status code. 200 or OK indicates success. | ||
2.message | string | The error message. | ||
3.accessToken | string | The accessToken of the WeChat mini program. | ||
4.expireTime | DateTime | The period of time for which the URL expires. HTTP request header format | ||
4.requestId | string | The request ID. | ||
Example | ||||
Request parameters | http://{URL used to obtain the token}?appId=aaa&accessKey=xxx×tamp=yyy | |||
Return value | {"code":"200","requestId":"string","message":"string","accessToken":"xxxx","expireTime":"2024-09-10 00:00:00"} | |||
II. Signature Verification Description
QA will generate the signature according to the following method. If necessary, please verify the signature according to this method.
QA will include appId, accessKey, timestamp (timestamp parameter) on the API path of the request, and need to add signature Authorization in the header.
Common parameters
Item | Example value | Location |
appId | the application id of the open platform. | Parameters section in the request URI |
accessKey | the ak of the application on the open platform | Parameters section in the request URI |
timestamp | Current timestamp (milliseconds) | Parameters section in the request URI |
Authorization | Generated signature | in the header of the request |
Signature generation rules:
Use the request parameters to construct a canonicalized query string.
Sort all the parameters in the request (including the "public request parameters" described in the document and the custom parameters of the given request API) in the lexicographical order of the request parameters names. Note: When the GET method is used to submit a request, these parameters are the parameter part of the request URI (that is, the part of the URI after "?" connected by "&")
Parameter names and values must be URL-encoded by using the UTF-8 character set.
Sample code
The following Java code provides an example of the signature generation logic:
String appId="tttt";
String accessKey = "xxxx";
String accessSecret ="yyyy";
String timeStamp = "1708235644862";
SortedMap<String, String> map = new TreeMap<>();
map.put("appId", appId);
map.put("accessKey", accessKey);
map.put("accessSecret",accessSecret );
map.put("timestamp", timeStamp);
// If it is a get request and there are other query parameters, continue to add
String aa = getCanonicalQueryString(map);
System.out.println(aa);
String authorization = org.apache.commons.codec.digest.DigestUtils.md5Hex(aa);
System.out.println(authorization);public static String getCanonicalQueryString(SortedMap<String, String> paramsMap) {
StringBuilder queryString = new StringBuilder();
boolean isFirstParameter = true;
for (Map.Entry<String, String> entry : paramsMap.entrySet()) {
String paramName = entry.getKey();
String value = entry.getValue();
if (!isFirstParameter) {
queryString.append("&");
} else {
isFirstParameter = false;
}
queryString.append(paramName).append("=").append(value);
}
return queryString.toString();
}Sample statement:
curl --location -g --request POST 'http://{configured URL for obtaining the token}?appId=aaa&accessKey=xxx×tamp=yyy' \
--header 'Authorization: demosign'3. Exception codes
Exception code | Description | |
ES05910010001 | The app does not exist. | Check whether the APP created on the open platform exists. |
ES05910010002 | The error code returned because the signature in the request is invalid. | Check whether the signature is generated correctly. |
ES05910010003 | The timestamp verification fails. | The generated timestamp must be called within 3 minutes. Otherwise, the verification fails. |
ES05910010004 | The application does not have the current API permission. | The application needs to subscribe to the API before it can be used. |
ES05910010005 | Check whether the appId, accessKey, and timestamp parameters are correct. | The public parameters appId, accessKey, and timestamp must be passed in accordance with the specifications of the platform. |