# auth.getAccessToken
Call this API at the server side. For more information, see Server API.
Obtains the globally unique credential (access_token
) for calling backend APIs on Mini Programs. The access_token
is required for calls to most backend APIs. Developers need to save it properly.
# Request Address
GET https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=APPID&secret=APPSECRET
# Request Parameters
Attribute | Type | Default | Required | Description |
---|---|---|---|---|
grant_type | string | Yes | Enters client_credential. | |
appid | string | Yes | The AppID. It is the unique credential of the Mini Program. You can obtain it in WeChat Official Accounts Platform > Settings > Development Settings. (A developer account in a normal status is required) | |
secret | string | Yes | The AppSecret. It is the password of the unique credential of the Mini Program. It is obtained in the same way as the AppID. |
# Return Value
# Object
JSON data package that is returned
Attribute | Type | Description |
---|---|---|
access_token | string | The obtained credential. |
expires_in | number | The time when the credential expires, in seconds. Its value is within 7,200 seconds. |
errcode | number | Error code |
errmsg | string | Error message |
Valid values of errcode
Value | Description | Minimum Version |
---|---|---|
-1 | System is busy. Try again later. | |
0 | Request successful | |
40001 | Incorrect AppSecret or mismatched AppSecret. Check whether AppSecret is correct. | |
40002 | Ensure that the value of grant_type fields is client_credential. | |
40013 | Invalid AppID. Check whether AppID is correct. Avoid abnormal characters. Note the capitalization. |
# Return Data Example
Success response
{"access_token":"ACCESS_TOKEN","expires_in":7200}
Failure response
{"errcode":40013,"errmsg":"invalid appid"}
# Storage and Updates of access_token
- To store
access_token
, you need to reserve space for at least 512 characters. access_token
is valid for 2 hours, and needs to be updated periodically. Repeatedly obtainingaccess_token
will cause the previously obtainedaccess_token
to expire.- It is recommended to obtain and update
access_token
by using a central control server. All theaccess_token
values used by other service logic servers come from this central control server, and should not be updated separately. Otherwise,access_token
may be overwritten, which affects services. - The validity period of
access_token
is expressed in the returnedexpire_in
, and its available value is within 7200 seconds. The central control server needs to updateaccess_token
in advance based on this validity period. During the update, the central control server may continue to output oldaccess_token
values. In this case, the backend of the Official Accounts Platform will ensure that both new and oldaccess_token
values are available within five minutes, so that third-party services are smoothly transitioned. - The validity of
access_token
may be adjusted in the future. Therefore, the central control server not only needs to actively updateaccess_token
on schedule, but also provides an API for passive update ofaccess_token
. In this way, when learning thataccess_token
is expired in a call, the service server may trigger the update procedure foraccess_token
.
For details, see the Obtaining access_token document on WeChat Official Accounts Platform.
# Online Debugging
Developers can debug this API via Webpage Debugging Tools.