Alipay In-App Payments for Webservices API

Alipay is a Chinese e-wallet that belongs to AntFinancial, an affiliate of the Alibaba group, the largest e-commerce company in the world. When selecting Alipay, customers will be redirected to their hosted pages, enter their personal details and agree to the payment, before being redirected back to your website. Once completed, you will receive confirmation via a URL notification.

Supported customer countries	No restrictions on customer countries.
Supported currencies	AUD, CAD, CHF, DKK, EUR, GBP, HKD, JPY, KRW, NOK, NZD, SEK, SGD, THB, USD
Refunds	Full and partial refunds permitted.
Chargebacks	Payments are not subject to chargebacks.
Zero-authorisation	Not supported.
Recurring payments	Not supported.

Configuration

To enable Alipay on your account, please get in touch with your account manager.
A test sandbox account will be provided, which you will need when testing your implementation.

Before you can begin processing In-App Payments, you will need to contact Alipay and request your account is enabled for In-App Payments.
Click here to learn more about In-App Payments (link to external site).

Overview of Alipay

Initiate the customer
- Customer agrees to a payment using Alipay on the merchant's app.
- Merchant submits AUTH request to initiate the session.
- Merchant receives AUTH response, including signeddata.
Redirect to Alipay
- Merchant uses Alipay's SDK to open the Alipay app on the customer's device (using the signeddata).
- Customer follows instructions on Alipay's hosted pages to authorise the payment.
- Customer is redirected to the merchant's app with a verifystring value provided by Alipay.
Verify Auth Response
- Merchant submits VERIFYAUTHRESPONSE request, including the verifystring.
- Trust Payments will contact Alipay to retrieve the outcome of the session hosted by Alipay.
- Merchant receives VERIFYAUTHRESPONSE response and uses this to display the appropriate message to the customer.
Settlement
- At a later time, Alipay will contact Trust Payments with confirmation that funds have been settled.
- Trust Payments will submit a URL notification to the merchant's system to confirm funds have been settled.
- Merchant receives the notification and responds to Trust Payments to confirm it was received successfully.

1. Initiate the customer

When the customer chooses to pay with Alipay, your system will need to perform an AUTH request and, if successful, redirect the customer’s browser to the URL returned in the response.

AUTH request (In-App Payments)

The example request below is for an Alipay AUTH request using the In-App Payments interface:

#!/usr/bin/python
import securetrading

stconfig = securetrading.Config()
stconfig.username = "webservices@example.com"
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)

auth = {
  "currencyiso3a": "EUR",
  "paymenttypedescription": "ALIPAY",
  "requesttypedescriptions": ["AUTH"],
  "sitereference": "test_site12345",
  "accounttypedescription": "ECOM",
  "billingcountryiso2a": "DE",
  "baseamount": "1050",
  "orderreference": "My_Order_123",
  "applicationtype": "APP",
  "applicationsystem": "ios"
}

strequest = securetrading.Request()
strequest.update(auth)
stresponse = st.process(strequest) #stresponse contains the transaction response

<?php

if (!($autoload = realpath(__DIR__ . '/../../../autoload.php')) && !($autoload = realpath(__DIR__ . '/../vendor/autoload.php'))) {
throw new Exception('Composer autoloader file could not be found.');
}
require_once($autoload);

$configData = array(
  'username' => 'webservices@example.com',
  'password' => 'Password1^'
);

$requestData = array(
  'currencyiso3a' => 'EUR',
  'requesttypedescriptions' => array('AUTH'),
  'accounttypedescription' => 'ECOM',
  'sitereference' => 'test_site12345',
  'baseamount' => '1050',
  'paymenttypedescription' => 'ALIPAY',
  'billingcountryiso2a' => 'DE',
  'orderreference' => 'My_Order_123',
  'applicationtype' => 'APP',
  'applicationsystem' => 'ios',
);

$api = \Securetrading\api($configData);
$response = $api->process($requestData);
var_dump($response->toArray());

?>

curl --user webservices@example.com:Password1^ <DOMAIN>/json/ -H "Content-type: application/json" -H "Accept: application/json" -X POST -d '{
  "alias": "mike@ws.com",
  "version": "1.00",
  "request": [{
    "currencyiso3a": "EUR",
    "requesttypedescriptions": ["AUTH"],
    "accounttypedescription": "ECOM",
    "sitereference": "test_site12345",
    "baseamount": "1050",
    "paymenttypedescription": "ALIPAY",
    "billingcountryiso2a": "DE",
    "orderreference": "My_Order_123",
    "applicationtype": "APP",
    "applicationsystem": "ios"
  }]
}'

{
  "alias":"webservices@example.com",
  "version":"1.00",
  "request":[{
    "currencyiso3a":"EUR",
    "requesttypedescriptions":["AUTH"],
    "accounttypedescription":"ECOM",
    "sitereference":"test_site12345",
    "baseamount":"1050",
    "paymenttypedescription":"ALIPAY",
    "billingcountryiso2a":"DE",
    "orderreference":"My_Order_123",
    "applicationtype":"APP",
    "applicationsystem":"ios"
  }]
}

<requestblock version="3.67">
  <alias>webservices@example.com</alias>
  <request type="AUTH">
    <merchant>
      <orderreference>MyOrder123</orderreference>
    </merchant>
    <billing>
      <amount currencycode="EUR">1050</amount>
      <payment type="ALIPAY"/>
    </billing>
    <operation>
      <sitereference>test_site12345</sitereference>
      <accounttypedescription>ECOM</accounttypedescription>
      <applicationtype>APP</applicationtype>
      <applicationsystem>ios</applicationsystem>
    </operation>
  </request>
</requestblock>

Replace <DOMAIN> with a supported domain. Click here for a full list.

Field specification

Field	Format	Description
accounttypedescription XPath: /operation/accounttypedescription	Alpha (20)	Only “ECOM” (e-commerce) is supported.
applicationsystem XPath: /operation/applicationsystem	Alpha (7)	Required if applicationtype is “APP”. Defines the platform on which the app is being run. Supported values are “android” and “ios”.
applicationtype XPath: /operation/applicationtype	Alpha (3)	Determines the payment interface displayed to the customer after they have been redirected to the checkout hosted by Alipay: If “APP” is submitted – The transaction is processed using the Alipay In-App Payments interface, which is primarily designed for use from within mobile apps. Note: Before processing transactions using In-App Payments (both through the sandbox environment and with live payments), you will need to contact Alipay and request for the functionality to be enabled on your Alipay account.
baseamount XPath: /billing/amount	Numeric (13)	The amount of the transaction in base units, with no commas or decimal points, so €10 is submitted as 1000. This value must be greater than zero. (Max length may vary depending on your acquiring bank – Contact your bank for further info)
currencyiso3a XPath: /billing/amount/@currencycode	Alpha (3)	The currency that the transaction will be processed in (in ISO3A format). For a list of currency codes supported by Alipay, refer to the list found at the top of this page.
orderreference XPath: /merchant/orderreference	Alphanumeric including symbols (25) Recommended length 25 characters or less (exact length dependent on acquiring bank). Failure to adhere to this requirement may result in the text being truncated in the transaction.	Your unique order reference that can be stored on the Trust Payments system.
paymenttypedescription XPath: /billing/payment/@type	Alpha (20)	This value must be submitted as “ALIPAY”.
returnurl XPath: /merchant/returnurl	URL (2048)	The URL that the customer will be returned to after processing a payment with Alipay.
requesttypedescription XPath: /@type	Alpha (20)	The value in the request must be “AUTH”.
sitereference XPath: /operation/sitereference	Alphanumeric & underscore (50)	The site reference relates to your individual account which you received on setup. If you do not know your site reference, please contact our Support Team.

AUTH response

{
u'requestreference': u'An3ug1kap',
u'version': u'1.00',
u'responses': [{
u'transactionreference': u'23-86-113',
u'merchantname': u'Test Merchant',
u'paymenttypedescription': u'ALIPAY',
u'orderreference': u'My_Order_123',
u'settleduedate': u'2017-03-16',
u'baseamount': u'1050',
u'transactionstartedtimestamp': u'2020-03-16 16:25:08',
u'errormessage': u'Ok',
u'settlestatus': u'10',
u'accounttypedescription': u'ECOM',
u'errorcode': u'0',
u'requesttypedescription': u'AUTH',
u'operatorname': u'webservices@example.com',
u'livestatus': u'0',
u'currencyiso3a': u'EUR',
u'partner id': u'2088611221573217'
}]
}

array(3) {
  ["requestreference"] => string(9) "A0345jmuw"
  ["version"] => string(4) "1.00"
  ["responses"] => array(1) {
    [0]=> array(17) {
      ["transactionreference"] => string(9) "23-86-113"
      ["merchantname"] => string(4) "Test Merchant"
      ["paymenttypedescription"] => string(6) "ALIPAY"
      ["orderreference"] => string(12) "My_Order_123"
      ["transactionstartedtimestamp"] => string(19) "2020-03-16 16:25:08"
      ["errormessage"] => string(2) "Ok"
      ["accounttypedescription"] => string(4) "ECOM"
      ["errorcode"] => string(1) "0"
      ["settleduedate"] => string(10) "2017-03-16"
      ["currencyiso3a"] => string(3) "EUR"
      ["baseamount"] => string(4) "1050"
      ["requesttypedescription"] => string(4) "AUTH"
      ["operatorname"] => string(11) "webservices@example.com"
      ["livestatus"] => string(1) "0"
      ["settlestatus"] => string(2) "10"
      ["partner id"] => string(16) "2088611221573217"
    }
  }
}

{
  "requestreference":"W23-fjgvn3d8",
  "version":"1.00",
  "response":[{
    "transactionreference":"23-86-113",
    "merchantname":"Test Merchant",
    "paymenttypedescription":"ALIPAY",
    "orderreference":"My_Order_123",
    "settleduedate":"2017-03-16",
    "baseamount":"1050",
    "transactionstartedtimestamp":"2020-03-16 16:25:08",
    "errormessage":"Ok",
    "settlestatus":"10",
    "accounttypedescription":"ECOM",
    "errorcode":"0",
    "requesttypedescription":"AUTH",
    "operatorname":"webservices@example.com",
    "livestatus":"0",
    "currencyiso3a":"EUR",
    "partner id":"2088611221573217"
  }],
  "secrand":"zO9"
}

<responseblock version="3.67">
  <requestreference>Xd4nk260v</requestreference>
  <response type="AUTH">
    <merchant>
      <merchantname>Test Merchant</merchantname>
      <orderreference>MyOrder123</orderreference>
      <operatorname>webservices@example.com</operatorname>
      <partnerid>2088101122136241</partnerid>
    </merchant>
    <transactionreference>44-86-102</transactionreference>
    <timestamp>2020-03-16 17:34:16</timestamp>
    <operation>
      <accounttypedescription>ECOM</accounttypedescription>
    </operation>
    <settlement>
      <settleduedate>2017-03-16</settleduedate>
      <settlestatus>10</settlestatus>
    </settlement>
    <billing>
      <amount currencycode="EUR">1050</amount>
      <payment type="ALIPAY"/>
    </billing>
    <live>0</live>
    <error>
      <message>Ok</message>
      <code>0</code>
    </error>
  </response>
  <secrand>Z1W</secrand>
</responseblock>

Field specification

Field	Format	Description
accounttypedescription XPath: /operation/accounttypedescription	Alpha (20)	The value returned is “ECOM”.
baseamount XPath: /billing/amount	Numeric (13)	The amount of the transaction in base units, with no commas or decimal points, so €10 is returned as 1000.
currencyiso3a XPath: /billing/amount/@currencycode	Alpha (3)	The currency that the transaction was processed in (in ISO3A format). For a list of currency codes supported by Alipay, refer to the list found at the top of this page.
errorcode XPath: /error/code	Numeric (1-5)	The error code should be used to determine if the request was successful or not. If the error code is “0” then the transaction was successful. If the error code is not “0” then the transaction was not successful. Click here for a full list of errorcode and message values.
errormessage XPath: /error/message	Alphanumeric (255)	This is the corresponding message to the above code. Click here for a full list of errorcode and message values.
orderreference XPath: /merchant/orderreference	Alphanumeric including symbols (25)	The unique order reference stored on Trust Payments and Alipay’s system.
partnerid XPath: /merchant/partnerid	Numeric (16)	A unique identifier for Alipay partners.
paymenttypedescription XPath: /billing/payment/@type	Alpha (20)	This value returned is “ALIPAY”.
requesttypedescription XPath: /@type	Alpha (20)	The value returned is “AUTH”.
settlestatus XPath: /settlement/settlestatus	Numeric (3)	This allows you to determine the status of the payment. Refer to the Handling the response section below for information on how to best interpret this field.
signeddata XPath: /other/signeddata		Returned from Alipay. Must be submitted using the SDK when customer is being redirected to the Alipay app.
errordata XPath: /error/data	Alphanumeric (255)	Additional information to help troubleshoot the error. Only returned if there has been an error.

Handling the response

When handling the AUTH response for Alipay payments, the recommendations we make regarding checks to perform following payments still need to be followed, with exception to the handling of the settlestatus field, which is subject to different conditions that are detailed below:

The settlestatus returned in the AUTH response is used to determine the status of the Alipay payment:

If the settlestatus is “10”, the payment is pending settlement

The funds have not yet been settled into your bank account.
The next step is to redirect the customer’s device to the Alipay app using their SDK to continue with the payment.

Funds will not be settled into your account until the customer is redirected to Alipay's app, in order to complete the payment. Read on for further information.

When there is an update to the settle status of the AUTH, you will receive a URL notification to inform you that the settlestatus has been updated to either “3” or “100”.
Further information on the notifications can be found below.

If the settlestatus is “3”, the payment has been cancelled

The payment has been declined, or has encountered an error.
To learn more about why the payment was unsuccessful, you will need to look at the errorcode. e.g. “70000” indicates that the payment was declined. Click here for a full list of error codes.
In rare cases, the settlestatus can be updated from “3” to “100” (indicating payment has successfully settled). If this occurs, you will receive another URL notification to inform you. e.g. This can be due to the customer contacting Alipay directly to resolve an issue on their account that was preventing the payment from being processed successfully.

2. Redirect to Alipay app

After checking the AUTH response, if the request was successful, you will need to redirect the customer’s device to the Alipay app using their SDK, including the signeddata returned in the AUTH response.

For further information on how to parse the signed data and submit this using the SDK, please refer to Alipay’s technical documentation (link to external site).

Once on the app, the customer will be prompted to enter additional information in order to complete the payment. At a later time, providing the customer has successfully completed the required steps on the Alipay app, the customer’s device will be redirected back to your app.

When testing, you will be displayed the sandbox as provided by Alipay. To complete a test transaction, you will need to follow the instructions displayed on screen. Please contact your account manager for test credentials to enter while on the sandbox.

3. Verify Auth Response

To verify that the payment was processed successfully while the customer was using the Alipay app, you will need to submit a VERIFYAUTHRESPONSE request to Trust Payments:

VERIFYAUTHRESPONSE request

#!/usr/bin/python
import securetrading

stconfig = securetrading.Config()
stconfig.username = "webservices@example.com"
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)

verifyAuthResponse = {
  "requesttypedescriptions": ["VERIFYAUTHRESPONSE"],
  "parenttransactionreference": "44-86-102",
  "sitereference": "test_site12345",
  "verifystring": "ALIPAY SYNC RESPONSE STRING"
}

strequest = securetrading.Request()
strequest.update(verifyAuthResponse)
stresponse = st.process(strequest) #stresponse contains the transaction response

<?php

if (!($autoload = realpath(__DIR__ . '/../../../autoload.php')) && !($autoload = realpath(__DIR__ . '/../vendor/autoload.php'))) {
throw new Exception('Composer autoloader file could not be found.');
}
require_once($autoload);

$configData = array(
  'username' => 'webservices@example.com',
  'password' => 'Password1^'
);

$requestData = array(
  'requesttypedescriptions' => array('VERIFYAUTHRESPONSE'),
  'parenttransactionreference' => '44-86-102',
  'sitereference' => 'test_site12345',
  'verifystring' => 'ALIPAY SYNC RESPONSE STRING'
);

$api = \Securetrading\api($configData);
$response = $api->process($requestData);
var_dump($response->toArray());

?>

curl --user webservices@example.com:Password1^ <DOMAIN>/json/ -H "Content-type: application/json" -H "Accept: application/json" -X POST -d '{
  "alias": "webservices@example.com",
  "version": "1.00",
  "request": [{
    "requesttypedescriptions": ["VERIFYAUTHRESPONSE"],
    "parenttransactionreference": "44-86-102",
    "sitereference": "test_site12345",
    "verifystring": "ALIPAY SYNC RESPONSE STRING"
  }]
}'

{
  "alias":"webservices@example.com",
  "version":"1.00",
  "request":[{
    "requesttypedescriptions":["VERIFYAUTHRESPONSE"],
    "parenttransactionreference":"44-86-102",
    "sitereference":"test_site12345",
    "verifystring":"ALIPAY SYNC RESPONSE STRING"
  }]
}

<requestblock version="3.67">
  <alias>webservices@example.com</alias>
  <request type="VERIFYAUTHRESPONSE">
    <operation>
      <parenttransactionreference>44-86-102</parenttransactionreference>
      <sitereference>test_site12345</sitereference>
      <verifystring>ALIPAY SYNC RESPONSE STRING</verifystring>
    </operation>
  </request>
</requestblock>

Field specification

Field	Format	Description
parenttransactionreference XPath: /operation/parenttransactionreference	Alphanumeric & hyphens (25)	The transactionreference returned in the AUTH response.
requesttypedescriptions XPath: /@type	Alpha (20)	You must submit “VERIFYAUTHRESPONSE”, as shown in the request example.
sitereference XPath: /operation/sitereference	Alphanumeric & underscore (50)	Identifies your site on the Trust Payments system. If you do not know your site reference, please contact our Support Team.
verifystring XPath: /operation/verifystring		Returned when customer is redirected back from the Alipay app.

VERIFYAUTHRESPONSE response

The information returned in the VERIFYAUTHRESPONSE response should be used to determine the message displayed to the customer following their payment attempt.

{
u'requestreference': u'An3ug1kap',
u'version': u'1.00',
u'response': [{
u'transactionstartedtimestamp': u'2020-03-16 16:25:08',
u'errormessage': u'Ok',
u'errorcode': u'0',
u'requesttypedescription': u'VERIFYAUTHRESPONSE',
}]
}

array(3) {
  ["requestreference"] => string(9) "A0345jmuw"
  ["version"] => string(4) "1.00"
  ["response"] => array(1) {
    [0]=> array(4) {
      ["transactionstartedtimestamp"] => string(19) "2020-03-16 16:25:08"
      ["errormessage"] => string(2) "Ok"
      ["errorcode"] => string(1) "0"
      ["requesttypedescription"] => string(18) "VERIFYAUTHRESPONSE"
    }
  }
}

{
  "requestreference":"W23-fjgvn3d8",
  "version":"1.00",
  "response":[{
    "transactionstartedtimestamp":"2020-03-16 16:25:08",
    "errormessage":"Ok",
    "errorcode":"0",
    "requesttypedescription":"VERIFYAUTHRESPONSE"
  }],
  "secrand":"zO9"
}

<responseblock version="3.67">
  <requestreference>Xd4nk260v</requestreference>
  <response type="VERIFYAUTHRESPONSE">
    <timestamp>2020-03-16 17:34:16</timestamp>
    <error>
      <message>Ok</message>
      <code>0</code>
    </error>
  </response>
  <secrand>Z1W</secrand>
</responseblock>

Field specification

Field	Format	Description
errorcode XPath: /error/code	Numeric (1-5)	The error code should be used to determine if the request was successful or not. If the error code is “0” then the transaction was successful. If the error code is not “0” then the transaction was not successful. Click here for a full list of errorcode and message values.
errormessage XPath: /error/message	Alphanumeric (255)	This is the corresponding message to the above code. Click here for a full list of errorcode and message values.
requesttypedescription XPath: /@type	Alpha (20)	The value returned is “VERIFYAUTHRESPONSE”.
transactionstartedtimestamp XPath: /timestamp	Date time YYYY-MM-DD hh:mm:ss	The time the request was processed.

4. Payment completion

After receiving the VERIFYAUTHRESPONSE response, you will need to use the data returned in order to display the appropriate response message stating the outcome of the payment (e.g. success / error).

If configured, our system will submit a URL notification to inform you of the authorisation outcome. Following authorisation, funds will be settled at a later time, as determined by Alipay.

The settlement process for Alipay differs from the standard process followed with card-based payment methods.

The settlement notification may not be sent immediately after processing the AUTH

For this reason, you should display a success or error message to the customer immediately after they return from Alipay’s hosted pages, and not wait for this notification.

In the unlikely event that payment is still pending settlement after 7 days (settlestatus “10”), this will be scheduled for investigation and we will contact you with further information.

Before you begin testing, we recommend that you contact our Support Team and request that rules are enabled on your account, which submit URL notifications to your system in the following scenarios:

When a payment is authorised.
When funds have been settled.

Configuring the authorisation notification

We recommend including at least the following fields in your authorisation notification:

Base Amount (baseamount) (e.g. £10.50 is “1050”)*
Main Amount (mainamount) (e.g. £10.50 is “10.50”)*
Billing Country (billingcountryiso2a)
Currency (currencyiso3a)
Error Code (errorcode)
Live Status (livestatus)
Order Reference (orderreference)
Payment Type (paymenttypedescription)
Request Type (requesttypedescription)
Settle Status (settlestatus)
Site Reference (sitereference)
Transaction Reference (transactionreference)
Transaction Started Timestamp (transactionstartedtimestamp)

*Please choose your preferred format.

Configuring the settlement notification

We recommend including the following fields in URL notifications sent on settlement:

Settle Status (settlestatus)
Site Reference (sitereference)
Transaction Reference (transactionreference)

Check the notification

You will need to check the contents of each notification received and respond accordingly by following the processes outlined in our URL notifications documentation. In particular, you will need to look at the updated settlestatus value:

On authorisation: If the settlestatus is “0”, “1” or “10”, the payment has been authorised and you are not required to take further action at this time. However, values of “2” or “3” indicate funds are not scheduled for settlement (suspended and cancelled, respectively).
On settlement: If the settlestatus has been updated to “100”, this indicates that the funds have been settled. Alternatively, if this has been updated to “3”, this indicates there has been a problem and the payment was subsequently cancelled.

Refunds

After processing a payment with Alipay, it is possible to pay the customer back by submitting a REFUND request.

Refunds for Alipay are settled immediately (settlestatus “100”).

Requirements

You cannot refund a payment until the AUTH has been settled (settlestatus is “100”).
You cannot refund a greater amount than was originally settled.

The REFUND request and response for Alipay payments follow the same field specification as outlined in our standard REFUND documentation. Click here for further information.

Further reading on this topic