# Service Providers Use Cloud Hosted Open Services

# I. What is an open interface service?

Open Interface ServicesWeChat cloud hosting launched the cloud call authentication solution service. adoptOpen Interface Services, developers do not need to maintain component_access_Token / authorizer_access_Token, you can easily access the WeChat system to access the official service interface. Dxplaination, Maintenance Free authorizer_access_Token Calling the official Mini Program server interface, the service provider needs to create an environment for each business Mini Program and bind it to use.
More about the interface of the Open Interface Service can be found atOpen Interface Services Introduction Documentation
This article will only use the third party mode in WeChat cloud hostingOpen Interface ServicesThe way to call the official server interface is described.

# II. Service Provider Business Deployment Architecture

The service deployment architecture of the service provider affects the service provider's use of cloud invocation to call the official server interface. For ease of understanding, this article will number the different deployment architectures
The following deployment structure is only an example of the interception part, does not mean that only the following deployment architecture is supported

# 2.1 Dxplaination of basic terms

Service providers usually need to developSAAS Business System for Merchant Systemsas well asSystem for batch management of merchant systems and data within a service providerThe former can be referred to as B for business(business)End system, which can be referred to simply as a service-oriented A(admin)End system. 初始值 Usually business-oriented B-side systems need to call the official Mini Program service API, that is, the traditional mode of use authorizer_access_Token The interfaces that are called
The A-side system for service providers needs to call the official third-party platform service API, that is, the traditional mode of use component_access_Token The interfaces that are called

# 2.2. Structure A to decipher

B-side systems and A-side systems are deployed in the same environment and within the same serviceYou need to call the third-party platform interface within the service, as well as the Mini Program server-side interface.
However, Mini Programs that only apply to the service are all subject to the same entity (for example, a service provider may deploy its enterprise Mini Programs to the architecture, which is not applicable to serving multiple merchant Mini Programs).
The service provider can passEnvironment Sharing InterfaceShare the environment with the same principal Mini Program(Currently only supports interface sharing), which can realize calling the service side interface of the Mini Program through the way of cloud calling with a plurality of Mini Program programs of the main body.
Under this architecture, the service provider can call the interface of the third-party platform through the cloud call (that is, the traditional mode of using component_access_Token Those interfaces called)
Under this architecture, the service provider can call the interface of the Mini Program server through a cloud call (that is, the traditional mode of using the authorizer_access_Token Those interfaces called)
For example, developers can avoid tokens callMini Program login interface, provided that the third-party platform account has been authorized by the corresponding Mini Program
For example, developers can avoid tokens callSubmit Mini Program code interface, provided that the third-party platform account has been authorized by the corresponding Mini Program

The calling address of the Mini Program login interface is as follows:

GET https://api.weixin.qq.com/sns/component/jscode2session?appid=APPID&js_code=JSCODE&grant_type=authorization_code&component_appid=COMPONENT_APPID&component_access_token=COMPONENT_ACCESS_TOKEN

LoginWeChat cloud hosting console, Open "Open Interface Services"

3, configuration, WeChat token permission configuration in the configuration, only need to api.WeChat.qq.com After that,?The part before the argument, i.e. “/sns/component/jscode2session” And then save it.

初始值_access_Token), such as

curl --location --request GET "http://api.weixin.qq.com/sns/component/jscode2session?appid=APPID&js_code=JSCODE&grant_type=authorization_code&component_appid=COMPONENT_APPID"

Note: http, not https. If you also need to install a certificate to use https, details can be foundCertificate and HTTPS。

# 2.2.2, Submit Mini Program Code Interface Call Example

1、Submit Mini Program CodeThe call address is as follows:

POST https://api.weixin.qq.com/wxa/commit?access_token=authorizer_access_Token

LoginWeChat cloud hosting console, Open "Open Interface Services"

3, configuration, WeChat token permission configuration in the configuration, only need to api.WeChat.qq.com After that,?The part before the argument, i.e. “/wxa/commit” And then save it.

Spell the appid that authorizes Mini Program on the request address, that is, "from"_appid=wxxxxx” , you can initiate a call within the service (no need to splice on the authorizer_access_Token), such as

curl --location --request POST "http://api.WeChat.qq.com/wxa/commit?from_appid=wxxx --data '{ " template_id": "0","ext_json": "{}","user_version": "V1.0","user_Desc": "test"}'

Dxplaination, spell on the Mini Program appid, the Mini Program should be authorized to the corresponding permission set to the third-party platform account, otherwise there will be 61007 no permission error when calling.
Note: http, not https. If you also need to install a certificate to use https, details can be foundCertificate and HTTPS。

# 2.3. Structure A' to decipher

A And AThe deployment architecture is similar, the difference is that in the A 'architecture, the Mini Program is the Mini Program of all merchants (different merchants Mini Program bodies are different).
Mini Programs with different principals cannot share the same environment, so they still need to go through the authorizer._access_Token calls the mini-program server interface.

# 2.4. Structure B to decipher

B Architecture, the B-end system and the A-end system, are deployed in different services
Where the A-side system can be called through the cloud without component_access_Token invokes third-party platform interface
However, the B-side system cannot be called through the cloud without authorizer_access_Token call Mini Program server interface (same architecture A ')
Note: WeChat cloud hosting currently does not support the call between services within the vpc, therefore, in the deployment architecture B, still need to access the public network way

# 2.5. Structure C to decipher

C Architecture, the B-end system and the A-end system, are deployed in different environments
The A-side system is deployed in the environment of the service provider, and the component is free through the cloud call._access_Token invokes third-party platform interface
The service provider throughCreating an Environment InterfaceCreate an environment for small business programs
Then, again through theEnvironment Sharing InterfaceShare merchant N's environment to merchant N's Mini Program account
Then, you can be in the environment N, through the cloud call way authorizer_access_Token call Mini Program service interface

# III. Summary of Rules

An environment created using a third-party platform account, and services deployed in that environment can be called through the cloud without component_access_Token invokes third-party platform interface
If the environment can also be used to deploy the same principal Mini Program services, you can call the cloud way authorizer free_access_Token call Mini Program service interface
When the business Mini Program served by the service provider is a number of different main Mini Program programs, the service provider can create an environment of the business main body for each business through the interface, and the services deployed in the environment can be cloud invoked without authorizer._access_Token calls the mini-program server interface.