# auth.getAccessToken
Call this API at the server side. For more information, see Server API.
Obtains the globally unique credential (access_token) for calling backend APIs on Mini Programs. The access_token is required for calls to most backend APIs. Developers need to save it properly.
# Request Address
GET https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=APPID&secret=APPSECRET
# Request Parameters
| Attribute | Type | Default | Required | Description |
|---|---|---|---|---|
| grant_type | string | Yes | Enters client_credential. | |
| appid | string | Yes | The AppID. It is the unique credential of the Mini Program. You can obtain it in WeChat Official Accounts Platform > Settings > Development Settings. (A developer account in a normal status is required) | |
| secret | string | Yes | The AppSecret. It is the password of the unique credential of the Mini Program. It is obtained in the same way as the AppID. |
# Return Value
# Object
JSON data package that is returned
| Attribute | Type | Description |
|---|---|---|
| access_token | string | The obtained credential. |
| expires_in | number | The time when the credential expires, in seconds. Its value is within 7,200 seconds. |
| errcode | number | Error code |
| errmsg | string | Error message |
Valid values of errcode
| Value | Description | Minimum Version |
|---|---|---|
| -1 | System is busy. Try again later. | |
| 0 | Request successful | |
| 40001 | Incorrect AppSecret or mismatched AppSecret. Check whether AppSecret is correct. | |
| 40002 | Ensure that the value of grant_type fields is client_credential. | |
| 40013 | Invalid AppID. Check whether AppID is correct. Avoid abnormal characters. Note the capitalization. |
# Return Data Example
Success response
{"access_token":"ACCESS_TOKEN","expires_in":7200}
Failure response
{"errcode":40013,"errmsg":"invalid appid"}
# Storage and Updates of access_token
- To store
access_token, you need to reserve space for at least 512 characters. access_tokenis valid for 2 hours, and needs to be updated periodically. Repeatedly obtainingaccess_tokenwill cause the previously obtainedaccess_tokento expire.- It is recommended to obtain and update
access_tokenby using a central control server. All theaccess_tokenvalues used by other service logic servers come from this central control server, and should not be updated separately. Otherwise,access_tokenmay be overwritten, which affects services. - The validity period of
access_tokenis expressed in the returnedexpire_in, and its available value is within 7200 seconds. The central control server needs to updateaccess_tokenin advance based on this validity period. During the update, the central control server may continue to output oldaccess_tokenvalues. In this case, the backend of the Official Accounts Platform will ensure that both new and oldaccess_tokenvalues are available within five minutes, so that third-party services are smoothly transitioned. - The validity of
access_tokenmay be adjusted in the future. Therefore, the central control server not only needs to actively updateaccess_tokenon schedule, but also provides an API for passive update ofaccess_token. In this way, when learning thataccess_tokenis expired in a call, the service server may trigger the update procedure foraccess_token.
For details, see the Obtaining access_token document on WeChat Official Accounts Platform.
# Online Debugging
Developers can debug this API via Webpage Debugging Tools.