Essential APIs

getAuthCode

Request an authorization code that can be exchanged for access tokens and user info.

Overview

my.getAuthCode prompts the Mini Program user to authorize access and returns an authCode. Merchants exchange this code for access tokens to retrieve user identifiers and profile data. For scope definitions and token exchange, refer to User authorization.

To view the end-to-end diagram, see the Authentication flow.

Request Example

my.getAuthCode({
  scopes: ['auth_base'],
  success: (res) => {
    my.alert({
      content: res.authCode
    });
  },
  fail: (err) => {
    console.log(err.authErrorScopes);
  }
});

Parameters

PropertyTypeRequiredDescription
scopesArray<string>YesAuthorization scopes to request. See Scope reference.
successFunctionNoCallback executed on success. Receives the payload described in Callback payload.
failFunctionNoCallback executed on failure. Receives the payload described in Callback payload.
completeFunctionNoCallback executed on completion, regardless of outcome.

Scope Reference

Customer User Scope

ScopeDescriptionSilent authorization
auth_baseObtain the unique user ID.Yes
USER_IDObtain the unique user ID.Yes
USER_LOGIN_IDObtain the user login ID.Yes
HASH_LOGIN_IDObtain the hashed user login ID.Yes
auth_userObtain the user's basic profile information.No
USER_NAMEObtain the user's name.No
USER_AVATARObtain the user's avatar.No
USER_GENDERObtain the user's gender.No
USER_BIRTHDAYObtain the user's birthday.No
USER_NATIONALITYObtain the user's nationality.No
USER_CONTACTINFOObtain the user's contact information.No
NOTIFICATION_INBOXSend notifications to the user's in-app inbox.No
AGREEMENT_PAYEnable auto-debit payments from the user's balance or card.No
CARD_LISTAccess the user's linked bank card information (high permission scope). Required by inquiryUserCardList.No
ACCOUNT_LISTAccess the user's bank account list (account numbers only, without sensitive card information). Required by inquiryUserAccountList.No

auth_base supports silent authorization and does not interrupt the user. All other scopes require proactive user consent.

Business (Merchant) User Scope

ScopeDescriptionSilent authorization
auth_baseObtain the unique merchant ID.Yes
MERCHANT_IDObtain the unique merchant ID in Super Qi.Yes
MERCHANT_NAMEObtain the merchant's business name.No
MERCHANT_LOGOObtain the merchant's logo.No
AGREEMENT_PAYEnable auto-debit payments from the merchant's balance or card.No
NOTIFICATION_PUSHSend push notifications to the merchant.No
NOTIFICATION_INBOXSend notifications to the merchant's in-app inbox.No
NOTIFICATION_WhatsAppSend WhatsApp notifications to the merchant.No
CARD_LISTAccess the merchant's linked bank card information (high permission scope).No

Scopes with silent authorization do not require explicit merchant approval. All other scopes require the merchant to grant consent.

Callback Payload

PropertyTypeRequiredDescription
authCodestringYesAuthorization code to exchange via applyToken.
authErrorScopesRecord<string, string>NoMap of scopes that failed with associated error codes.
authSuccessScopesstring[]NoList of scopes that were successfully authorized.

Success Example

{
  "authCode": "0000000001T1dc0W0tv44B0BD00007826"
}

Failure Example

{
  "authErrorScopes": {
    "auth_user": "10001"
  }
}

Error Codes

CodeDescription
3ERROR_CODE_UNKNOWN_ERROR
1000ERROR_CODE_UNKNOWN_ERROR
1001ERROR_CODE_USER_CANCEL
1002ERROR_CODE_APP_SERVICE_ERROR
1003ERROR_CODE_TIMEOUT
2001ERRORLCODE_AUTH_PENDING_AGREEMENT