Obtain access_token Using Code

API Description

This API is used to get access_token using code.

Request Description

HTTP request method: GET
https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code

Parameters

Parameter Required Description
appid Yes The unique identifier of the app, which is obtained after the app submitted for review on Weixin Open Platform is approved.
secret Yes The AppSecret of the app, which is obtained after the app submitted for review on Weixin Open Platform is approved.
code Yes Enter the code parameter obtained in Step 1
grant_type Yes Enter authorization_code

Response Description

Response for a successful request:

{
"access_token":"ACCESS_TOKEN",
"expires_in":7200,
"refresh_token":"REFRESH_TOKEN","openid":"OPENID",
"scope":"SCOPE"
}
Parameter Description
access_token API call credential
expires_in The time to expiration of the API call credential (access_token), in seconds.
refresh_token The access_token refreshed by the user
openid The unique identifier of the authorizing user
scope User authorization scope. Multiple scopes are separated by a comma (,)

Example of response for a failed request:

{
"errcode":40029,"errmsg":"invalid code"
}
# Refreshing/Renewing access_token

API Description

access_token is the credential used to call the authorized API. The validity period of access_token is short ( 2 hours). When it expires, you can use refresh_token to refresh it. There are two refresh results:

1. If access_token has expired, a new access_token and a new validity period will be obtained by calling refresh_token.

2. If access_token remains valid, using refresh_token will not change access_token, but the validity period will be refreshed, which is equivalent to the renewal of access_token.

refresh_token has a longer validity (30 days). Once the refresh_token expires, you must get authorization again. Therefore, developers should regularly update refresh_token before it expires (e.g., on day 29) and save the new token.

Request method

refresh_token obtained through the /sns/oauth2/access_token API can be used to call the following APIs:

HTTP request method: GET
https://api.weixin.qq.com/sns/oauth2/refresh_token?appid=APPID&grant_type=refresh_token&refresh_token=REFRESH_TOKEN

Parameters

Parameter Required Description
appid Yes App's unique identifier
grant_type Yes Enter refresh_token
refresh_token Yes Enter the refresh_token parameter obtained through access_token

Response Description

Response for a successful request:

{
"access_token":"ACCESS_TOKEN",
"expires_in":7200,
"refresh_token":"REFRESH_TOKEN",
"openid":"OPENID",
"scope":"SCOPE"
}
Parameter Description
access_token API call credential
expires_in The time to expiration of the API call credential (access_token), in seconds.
refresh_token The access_token refreshed by the user
openid The unique identifier of the authorizing user
scope User authorization scope. Multiple scopes are separated by a comma (,)

Example of response for a failed request:

{
"errcode":40030,"errmsg":"invalid refresh_token"
}

API Description

Check the validity of the authorization credential (access_token)

Request Description

HTTP request method: GET
https://api.weixin.qq.com/sns/auth?access_token=ACCESS_TOKEN&openid=OPENID

Parameters

Parameter Required Description
access_token Yes The credential for API call
openid Yes The ID of an ordinary user, which is unique for the Official Account.

Response Description

The returned JSON packet for a successful request:

{
"errcode":0,"errmsg":"ok"
}

Example of returned JSON packet for a failed request:

{
"errcode":40003,"errmsg":"invalid openid"
}

Get the user's personal information (UnionID mechanism)

API Description

This API is used to get users' personal information. Developers are able to access user profiles via OpenIDs. Note: If a developer has more than one apps, website applications, and official accounts, the uniqueness of users can be identified by the UnionID contained in basic user information. For the mobile apps, website applications, and official accounts under the same Weixin Open Platform account, the UnionID of a user is unique. In other words, a user has one UnionID in different apps under the same account of the Weixin Open Platform. When a user changes the WeChat profile photo, the URL of the old profile photo becomes invalid. Therefore, after they get user information, developers should save the profile photo to avoid the profile photo URL from being invalid.

Request Description

HTTP request method: GET
https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID

Parameters

Parameter Required Description
access_token Yes Call credential
openid Yes The ID of an ordinary user, which is unique for the developer account.
lang No Language used in a country/region. zh_CN: Simplified Chinese (default); zh_TW: Traditional Chinese; en: English

Response Description

The returned JSON packet for a successful request:

{
"openid":"OPENID",
"nickname":"NICKNAME",
"sex":1,
"province":"PROVINCE",
"city":"CITY",
"country":"COUNTRY",
"headimgurl": "http://wx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/0",
"privilege":[
"PRIVILEGE1",
"PRIVILEGE2"
],
"unionid": " o6_bmasdasdsad6_2sgVt7hMZOPfL"

}
Parameter Description
openid The ID of an ordinary user, which is unique for the developer account.
nickname The alias of an ordinary user
sex The gender of an ordinary user. 1: male; 2: female.
province The province entered in the ordinary user's personal information
city The city entered in the ordinary user's personal information
country The country, e.g. CN for China.
headimgurl Profile photo of a user. The last numeric value represents the size of a square profile photo (The value can be 0, 46, 64, 96, or 132. The value 0 represents a 132*132 square profile photo). This parameter is left blank if a user has no profile photo.
privilege User privilege information, in the form of a JSON array. For example, Weixin Woka users have the value "chinaunicom".
unionid The user's unified ID. A user's apps under the same Weixin Open Platform account share the same UnionID.

Note:

It is recommended that developers save unionID information to facilitate user information interoperability between different apps.

Example of returned JSON packet for a failed request:

{
"errcode":40003,"errmsg":"invalid openid"
}

Call frequency limits

API Name Frequency Limit
Exchange code for access_token 10,000 calls/minute
Refresh access_token 50,000 calls/minute
Get user's basic information 50,000 calls/minute