# auth.getAccessToken

Call this API at the server side. For more information, see Server API.

Obtains the globally unique credential (access_token) for calling backend APIs on Mini Programs. The access_token is required for calls to most backend APIs. Developers need to save it properly.

# Request Address

GET https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=APPID&secret=APPSECRET

# Request Parameters

Attribute Type Default Required Description
grant_type string Yes Enters client_credential.
appid string Yes The AppID. It is the unique credential of the Mini Program. You can obtain it in WeChat Official Accounts Platform > Settings > Development Settings. (A developer account in a normal status is required)
secret string Yes The AppSecret. It is the password of the unique credential of the Mini Program. It is obtained in the same way as the AppID.

# Return Value

# Object

JSON data package that is returned

Attribute Type Description
access_token string The obtained credential.
expires_in number The time when the credential expires, in seconds. Its value is within 7,200 seconds.
errcode number Error code
errmsg string Error message

Valid values of errcode

Value Description Minimum Version
-1 System is busy. Try again later.
0 Request successful
40001 Incorrect AppSecret or mismatched AppSecret. Check whether AppSecret is correct.
40002 Ensure that the value of grant_type fields is client_credential.
40013 Invalid AppID. Check whether AppID is correct. Avoid abnormal characters. Note the capitalization.

# Return Data Example

Success response


Failure response

{"errcode":40013,"errmsg":"invalid appid"}

# Storage and Updates of access_token

  • To store access_token, you need to reserve space for at least 512 characters.
  • access_token is valid for 2 hours, and needs to be updated periodically. Repeatedly obtaining access_token will cause the previously obtained access_token to expire.
  • It is recommended to obtain and update access_token by using a central control server. All the access_token values used by other service logic servers come from this central control server, and should not be updated separately. Otherwise, access_token may be overwritten, which affects services.
  • The validity period of access_token is expressed in the returned expire_in, and its available value is within 7200 seconds. The central control server needs to update access_token in advance based on this validity period. During the update, the central control server may continue to output old access_token values. In this case, the backend of the Official Accounts Platform will ensure that both new and old access_token values are available within five minutes, so that third-party services are smoothly transitioned.
  • The validity of access_token may be adjusted in the future. Therefore, the central control server not only needs to actively update access_token on schedule, but also provides an API for passive update of access_token. In this way, when learning that access_token is expired in a call, the service server may trigger the update procedure for access_token.

For details, see the Obtaining access_token document on WeChat Official Accounts Platform.

# Online Debugging

Developers can debug this API via Webpage Debugging Tools.