# auth.checkSessionKey
Call this API at the server side. For more information, see Server API.
Verifies whether the session_key of the login status saved on the server is legal. To ensure the confidentiality of the session_key, the API does not transmit the session_key in clear text. Rather, it checks the login status signature.
# Request Address
GET https://api.weixin.qq.com/wxa/checksession?access_token=ACCESS_TOKEN&signature=SIGNATURE&openid=OPENID&sig_method=SIG_METHOD
# Request Parameters
| Attribute | Type | Default | Required | Description |
|---|---|---|---|---|
| access_token | string | Yes | Credentials to call API | |
| openid | string | Yes | The unique identifier of the user. | |
| signature | string | Yes | The signature of the user login status. | |
| sig_method | string | Yes | The hash method for the signature of the user login status. Only hmac_sha256 is supported. |
# Return Value
# Object
JSON data package that is returned
| Attribute | Type | Description |
|---|---|---|
| errcode | number | Error code |
| errmsg | string | Error message |
Valid values of errcode
| Value | Description | Minimum Version |
|---|---|---|
| 0 | Request successful | |
| 87009 | Invalid signature |
# Calling Example
curl -G 'https://api.weixin.qq.com/wxa/checksession?access_token=OsAoOMw4niuuVbfSxxxxxxxxxxxxxxxxxxx&signature=fefce01bfba4670c85b228e6ca2b493c90971e7c442f54fc448662eb7cd72509&openid=oGZUI0egBJY1zhBYw2KhdUfwVJJE&sig_method=hmac_sha256'
# Response Example
When correct, the returned JSON packet includes:
{"errcode": 0, "errmsg": "ok"}
When an error occurs, the returned JSON packet includes (this is an example of a signature error):
{"errcode": 87009, "errmsg": "invalid signature"}