1. Alipay login introduction (test website: address )
Through the third-party application authorization, the system service provider (ISV) can call the Alipay open interface on behalf of the merchant after obtaining the merchant's authorization to complete the corresponding business logic (such as initiating an acquisition request for face-to-face payment on behalf of the merchant, etc.).
Authorization follows the standard OAuth 2.0 flow. To make third-party calls, ISVs need to add corresponding functions in their own applications and obtain authorization from merchants; if the third-party application has the ability to access and sign a contract, the merchant needs to complete the relevant contract.
OAuth : OAuth (Open Authorization) is an open standard that allows users to authorize third-party websites to access their information stored on another service provider, without the need to provide usernames and passwords to third-party websites or share all content of their data .
The user uses the Alipay account to log in to the website where the developer accesses the Alipay login function of the website, and the developer obtains the user's Alipay user ID to realize quick login after the account system is opened.
Developers can quickly obtain the public information of Alipay members on their own PC sites to improve user experience.
Developers can use the public information of Alipay members to carry out precise marketing for targeted groups and provide a variety of product capabilities.
2. Become a developer (official document: address )
Developers can access the Internet Open Platform and obtain interface permissions through the following steps.
2.1 Login to the development platform
The system service provider uses the real-name authenticated Alipay account to log in to the open platform (open.alipay.com)
2.2 Confirm service scope
The system service provider is required to complete the identification of the service scope of providing third-party services + self-developed services.
After the system service provider logs into the open platform:
If it has not entered the platform, the system will guide the developer to choose the service scope;
If the account registered by the system service provider has not completed the real-name authentication, the system will guide the current login to complete the real-name authentication;
If you have entered the platform but have not expanded your identity, please refer to the expansion of .
Personal Alipay accounts only support the selection of "self-developed services"; corporate Alipay accounts that choose "self-developed services" when entering, can expand the scope of services according to needs after the entry is completed.
2.3 Fill in personal information as required
The system service provider fills in the corresponding basic information according to the selected service scope of providing third-party services + self-developed services, and please fill in the correct information according to the actual business scenario.
The email address will be filled in by default with the email address filled in by the developer during real-name authentication (the email address of the enterprise Alipay account cannot be modified); if the enterprise account is an international account, the mobile phone number does not need to enter the verification code for verification, but email verification is required.
If the system service provider needs to modify the account information after entering, please enter the management center, select the account , and modify the corresponding information.
After filling in the information, please read the "Open Platform Service Agreement" carefully, and check Agree to sign before clicking OK to join .
2.4 Successfully settled in
After completing the filling and clicking OK to join , the system service provider has settled in as a third-party service developer. After the countdown to the successful settlement reminder page ends, the page will automatically jump to the management center .
3. Website application and mobile application access application
After completing the settlement, the system service provider can create a third-party application. The third-party application is the carrier for the system service provider to serve the merchant. It can be published as a service and put on the service market for sale.
To create a third-party application, see Create a third-party application .
Before the application is connected, an application must be made first to obtain the corresponding appid and appkey, so as to ensure that the website and users can be correctly authenticated and authorized in the subsequent process.
3.1 Create an application
1. After the registration is completed, the system service provider can create a third-party application, log in to the open platform console > in my application , select three webpages & mobile application > click to create an application .
2. Choose to create an application and select the type of application to be created. Let’s take a website application as an example. After clicking Create a website application, complete the information and naming
3. Fill in the website information. After clicking "Create Application", the website application is created. You can view the appid obtained by the website on the console, as shown in the following figure:
Note: The steps and methods for creating a mobile application are the same as those for a website application, so we won’t go into details here.
3.2 Perfect website information
Click the created application in the console to enter the application details page (after the application is created, the status will show that it is under review, just wait for review).
On the app details page, you can click "Modify" to edit the "basic information" of the app.
3.3 Complete the development and configuration of the gateway, callback address, signing method, etc. Application Gateway , Authorized Callback Address , and Signature Method are required.
Enter the development settings to complete the interface signing method, IP whitelist, application gateway, and interface content encryption method development information settings. For details, see Configuring the Application Environment .
Interface signing method: required. It is used to ensure the security of the interaction between the merchant application and Alipay. For configuration details, please refer to the interface signature method configuration instructions .
IP whitelist: optional. It is used to ensure the security of user funds. For details, please refer to the IP whitelist access guide .
Application gateway: optional. It is used to receive Alipay asynchronous notification messages. For details, see Application Gateway . (https://openapi.alipay.com/gateway.do)
Interface content encryption method: optional . It is used to encrypt/decrypt OpenAPI bizContent message content and encrypt/decrypt some user privacy information. For details, see Interface content encryption method .
Authorization callback address: optional. Callback address after third-party application authorization or user information authorization. The value of redirect_uri configured in the authorization link must be consistent with this value (for example: https://www.alipay.com). After the user successfully authorizes, the authorization code and other information will be carried after the url.
information and jump to that page. When the address is filled in, the system will automatically perform a security check. For details, please refer to Security Check .
3.4 Interface signing method
Tool download
- Online tools: Web online encryption (download-free, recommended)
- Offline tools:
Step 1: Select the signing mode
Merchants can choose public key certificate mode or public key mode according to access product requirements .
- Enterprise developers must use the public key certificate method if they are involved in accessing the capital expenditure interface.
- Individual developers do not involve capital interfaces, and it is recommended to use the public key mode for signing.
For more details about the differences between public key certificates and public keys, see Differences between public keys and public key certificates .
Step 2: Obtain the application public and private key/public key certificate
Merchants can generate public and private key/public key certificates through the Alipay .
For details on obtaining the public key mode, see Obtaining the Public Key .
For details on obtaining the public key certificate mode, see Obtaining a Public Key Certificate .
Step 3: Configure the public key/certificate for signing
Log in to the Alipay open platform , enter the corresponding application details page> settings > development settings > interface signing method , click Settings , upload the obtained CSR file,
Use this to obtain application public key certificate or Alipay root certificate , Alipay public key certificate and other information for subsequent interface calls.
3.5 official website code SDK download ( SDK sample code download )
3.6 At this point, the preparatory work is over, and the website development process (introduced in the next part)
3.7 Everyone's project needs are different, and different problems may arise. This article is for reference only
3.8 Reference official documents
Webpage & mobile application access preparation
3.9 SpringBoot+Vue implements third-party Alipay login (2)
3.10 Other third-party login methods: https://www.cnblogs.com/liyhbk/category/2089783.html
4. Source code purchase
4.1 Concise version ( Taobao source code )
Including login, third-party login, jump homepage, SpringBoot+SpringSecurity+Mysql+Redis+Vue+ElementUI, etc.
4.2 Multifunctional version ( Taobao source code )
Including login, registration, third-party login, complete system management module, system tool module, system monitoring module, personal center, etc., SpringBoot+SpringSecurity+Mysql+Redis+Vue+ElementUI, etc.