Basic API - Get access token

Access_token is the global private key of the official account. The official account needs to use access_token when calling various interfaces. Developers need to save it properly. The storage of access_token must reserve at least 512 characters. The validity period of access_token is currently 2 hours. It needs to be refreshed regularly. Repeated acquisition will cause the last access_token to become invalid.

Instructions on how to use and generate the access_token required for calling the public platform API:

1. To keep appsecrect confidential, the third party needs a central control server to obtain and refresh access_token. The access_token used by other business logic servers all comes from the central control server and should not be refreshed separately, otherwise the access_token will be overwritten and affect the business;
2. Currently, the validity period of access_token is conveyed through the returned expire_in, which is currently within 7200 seconds. The central control server needs to refresh the new access_token in advance based on this validity period. During the refresh process, the central control server still outputs the old access_token. At this time, the public platform backend will ensure that both the new and old access_tokens are available within a short refresh time, which ensures a smooth transition of third-party services;
3. The validity period of access_token may be adjusted in the future, so the central control server not only needs to actively refresh it internally at a fixed time, but also needs to provide an interface for passively refreshing access_token, so that the business server can trigger the access_token refresh process when the API call informs that the access_token has timed out.

If the third party does not use the central control server, but chooses each business logic point to refresh the access_token, conflicts may occur, resulting in unstable services.

Official accounts can use AppID and AppSecret to call this interface to obtain access_token. AppID and AppSecret can be obtained from the WeChat Official Accounts Platform official website - Developer Center page (you need to be a developer and your account is not in abnormal status). Note that the https protocol must be used when calling all WeChat interfaces.

Interface call request description

http request method: GET
https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=APPID&secret=APPSECRET

Parameter Description

Return Description

Under normal circumstances, WeChat will return the following JSON data packet to the official account:

{"access_token":"ACCESS_TOKEN","expires_in":7200}

When an error occurs, WeChat will return an error code and other information. An example of a JSON data packet is as follows (this example is an invalid AppID error):

{"errcode":40013,"errmsg":"invalid appid"}