Obtain access_token Using Code
API Description
This API is used to get access_token using code.
Request Description
HTTP request method: GET
https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code
Parameters
Parameter | Required | Description |
---|---|---|
appid | Yes | The unique identifier of the app, which is obtained after the app submitted for review on Weixin Open Platform is approved. |
secret | Yes | The AppSecret of the app, which is obtained after the app submitted for review on Weixin Open Platform is approved. |
code | Yes | Enter the code parameter obtained in Step 1 |
grant_type | Yes | Enter authorization_code |
Response Description
Response for a successful request:
{
"access_token":"ACCESS_TOKEN",
"expires_in":7200,
"refresh_token":"REFRESH_TOKEN","openid":"OPENID",
"scope":"SCOPE"
}
Parameter | Description |
---|---|
access_token | API call credential |
expires_in | The time to expiration of the API call credential (access_token), in seconds. |
refresh_token | The access_token refreshed by the user |
openid | The unique identifier of the authorizing user |
scope | User authorization scope. Multiple scopes are separated by a comma (,) |
Example of response for a failed request:
{
"errcode":40029,"errmsg":"invalid code"
}
# Refreshing/Renewing access_token
API Description
access_token is the credential used to call the authorized API. The validity period of access_token is short ( 2 hours). When it expires, you can use refresh_token to refresh it. There are two refresh results:
1. If access_token has expired, a new access_token and a new validity period will be obtained by calling refresh_token.
2. If access_token remains valid, using refresh_token will not change access_token, but the validity period will be refreshed, which is equivalent to the renewal of access_token.
refresh_token has a longer validity (30 days). Once the refresh_token expires, you must get authorization again. Therefore, developers should regularly update refresh_token before it expires (e.g., on day 29) and save the new token.
Request method
refresh_token obtained through the /sns/oauth2/access_token API can be used to call the following APIs:
HTTP request method: GET
https://api.weixin.qq.com/sns/oauth2/refresh_token?appid=APPID&grant_type=refresh_token&refresh_token=REFRESH_TOKEN
Parameters
Parameter | Required | Description |
---|---|---|
appid | Yes | App's unique identifier |
grant_type | Yes | Enter refresh_token |
refresh_token | Yes | Enter the refresh_token parameter obtained through access_token |
Response Description
Response for a successful request:
{
"access_token":"ACCESS_TOKEN",
"expires_in":7200,
"refresh_token":"REFRESH_TOKEN",
"openid":"OPENID",
"scope":"SCOPE"
}
Parameter | Description |
---|---|
access_token | API call credential |
expires_in | The time to expiration of the API call credential (access_token), in seconds. |
refresh_token | The access_token refreshed by the user |
openid | The unique identifier of the authorizing user |
scope | User authorization scope. Multiple scopes are separated by a comma (,) |
Example of response for a failed request:
{
"errcode":40030,"errmsg":"invalid refresh_token"
}
API Description
Check the validity of the authorization credential (access_token)
Request Description
HTTP request method: GET
https://api.weixin.qq.com/sns/auth?access_token=ACCESS_TOKEN&openid=OPENID
Parameters
Parameter | Required | Description |
---|---|---|
access_token | Yes | The credential for API call |
openid | Yes | The ID of an ordinary user, which is unique for the Official Account. |
Response Description
The returned JSON packet for a successful request:
{
"errcode":0,"errmsg":"ok"
}
Example of returned JSON packet for a failed request:
{
"errcode":40003,"errmsg":"invalid openid"
}
Get the user's personal information (UnionID mechanism)
API Description
This API is used to get users' personal information. Developers are able to access user profiles via OpenIDs. Note: If a developer has more than one apps, website applications, and official accounts, the uniqueness of users can be identified by the UnionID contained in basic user information. For the mobile apps, website applications, and official accounts under the same Weixin Open Platform account, the UnionID of a user is unique. In other words, a user has one UnionID in different apps under the same account of the Weixin Open Platform. When a user changes the WeChat profile photo, the URL of the old profile photo becomes invalid. Therefore, after they get user information, developers should save the profile photo to avoid the profile photo URL from being invalid.
Request Description
HTTP request method: GET
https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID
Parameters
Parameter | Required | Description |
---|---|---|
access_token | Yes | Call credential |
openid | Yes | The ID of an ordinary user, which is unique for the developer account. |
lang | No | Language used in a country/region. zh_CN: Simplified Chinese (default); zh_TW: Traditional Chinese; en: English |
Response Description
The returned JSON packet for a successful request:
{
"openid":"OPENID",
"nickname":"NICKNAME",
"sex":1,
"province":"PROVINCE",
"city":"CITY",
"country":"COUNTRY",
"headimgurl": "http://wx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/0",
"privilege":[
"PRIVILEGE1",
"PRIVILEGE2"
],
"unionid": " o6_bmasdasdsad6_2sgVt7hMZOPfL"
}
Parameter | Description |
---|---|
openid | The ID of an ordinary user, which is unique for the developer account. |
nickname | The alias of an ordinary user |
sex | The gender of an ordinary user. 1: male; 2: female. |
province | The province entered in the ordinary user's personal information |
city | The city entered in the ordinary user's personal information |
country | The country, e.g. CN for China. |
headimgurl | Profile photo of a user. The last numeric value represents the size of a square profile photo (The value can be 0, 46, 64, 96, or 132. The value 0 represents a 132*132 square profile photo). This parameter is left blank if a user has no profile photo. |
privilege | User privilege information, in the form of a JSON array. For example, Weixin Woka users have the value "chinaunicom". |
unionid | The user's unified ID. A user's apps under the same Weixin Open Platform account share the same UnionID. |
Note:
It is recommended that developers save unionID information to facilitate user information interoperability between different apps.
Example of returned JSON packet for a failed request:
{
"errcode":40003,"errmsg":"invalid openid"
}
Call frequency limits
API Name | Frequency Limit |
---|---|
Exchange code for access_token | 10,000 calls/minute |
Refresh access_token | 50,000 calls/minute |
Get user's basic information | 50,000 calls/minute |