# 初始值

After the completion of the merchant authorization to the third-party platform, the third-party platform can obtain the authorizer_access_Token to call the relevant api, this chapter is mainly introduced to generate Token process.

step Introductions
1. Configure the authorization event URL for receivingcomponent_verify_ticket For security reasons, after the approval of the third-party platform creation, the WeChat server at intervals of 10 Minutes will be pushed once to the third-party message receiving address component_verify_Ticket to obtain a third-party platform interface call credential. component_verify_The ticket is valid for 12 hours
2, get the component_verify_After the ticket, follow theAccess to third-party platforms component_access_Token Interface document, calling the interface to get the component_access_Token component_access_Token is valid for 2 hours, when the component is not received in time_verify_Ticket, it is suggested that the component that is available once_verify_Ticket continues to build component_access_token。 Avoid them because component_verify_ticket Failed to receive updates component_access_Token The situation.
3, access to component_access_After the token, follow theGet Preauthorization Code pre_auth_codeInterface Documentation , Adjust the interface to get pre_auth_code Used to generate scan authorization two-dimensional code or link required pre_auth_code
4. Get the pre_auth_After the code, follow theAuthorization Technical Process Dxplainationfile , Get authorization after guiding user authorization_code authorization_Code has an expiration time that is called back after authorization URI to return.Also through the pushNotification of Change of AuthorizationThe way in which authorization_Send code to a third-party platform
5. Obtaining authorization_After the code, follow theUse an authorization code in exchange for Official Account message template Or Mini Program interface call credentials and authorization information Interface Documentation , Call interface to get authorizer_refresh_Token Invoking credentials through the authorization code and its own interface component_access_Token) in exchange for the Official Account message template or Mini Program interface call credentials (authorizer)_access_Token And for refreshing the former when it is about to expire authorizer_refresh_Token) and authorization information (such as which permissions are granted)
6. Get an authorizer_refresh_After the token, follow theObtain/Refresh Authorization Official Account message template Or the interface call credentials of the Mini Program Interface Documentation , Call interface to get authorizer_access_Token Can be accessed through authorizer_refresh_Token Obtain Official Account message template Or the call token of the Mini Program interface
7. According to the interface document, instead of Official Account message template Or Mini Program call interface After authorization is completed, the third-party platform can invoke the credentials (authorizer) via the Official Account message template or Mini Program interface._access_Token) to invoke the interface instead, see the interface documentation

Note:

All of the above mentioned API The call needs to validate the caller IP Address. Whitelist only filled in the whitelist IP address list of third-party platforms IP In the address list. IP Address, can be called legally, all others are rejected.