# auth.checkSessionKey

Call this API at the server side. For more information, see Server API.

Verifies whether the session_key of the login status saved on the server is legal. To ensure the confidentiality of the session_key, the API does not transmit the session_key in clear text. Rather, it checks the login status signature.

# Request Address

GET https://api.weixin.qq.com/wxa/checksession?access_token=ACCESS_TOKEN&signature=SIGNATURE&openid=OPENID&sig_method=SIG_METHOD

# Request Parameters

Attribute Type Default Required Description
access_token string Yes Credentials to call API
openid string Yes The unique identifier of the user.
signature string Yes The signature of the user login status.
sig_method string Yes The hash method for the signature of the user login status. Only hmac_sha256 is supported.

# Return Value

# Object

JSON data package that is returned

Attribute Type Description
errcode number Error code
errmsg string Error message

Valid values of errcode

Value Description Minimum Version
0 Request successful
87009 Invalid signature

# Calling Example

curl -G 'https://api.weixin.qq.com/wxa/checksession?access_token=OsAoOMw4niuuVbfSxxxxxxxxxxxxxxxxxxx&signature=fefce01bfba4670c85b228e6ca2b493c90971e7c442f54fc448662eb7cd72509&openid=oGZUI0egBJY1zhBYw2KhdUfwVJJE&sig_method=hmac_sha256'

# Response Example

When correct, the returned JSON packet includes:

{"errcode": 0, "errmsg": "ok"}

When an error occurs, the returned JSON packet includes (this is an example of a signature error):

{"errcode": 87009, "errmsg": "invalid signature"}

点击咨询小助手