JIYIK CN >

Current Location:Home > Learning > NETWORK >

WeChat public account development tutorial to obtain access_token

Author:JIYIK Last Updated:2025/03/16 Views:

During the development of WeChat official accounts, if we want to actively push messages to the WeChat server, we must have access_token. Access_token is the only ticket for the official account. When we develop and call various WeChat interfaces, we need to use access_token. Access_token is a string similar to the one shown below.

wGOSbMw6iKvhIOcjCJTi_r6wXpOF_Vnih-TEvumx_1OXgnaZiRfy0g0hJ08ykRkc0bMAYTzKdZoAmZ32ROdmgo5_JQbgTcPth2bajjoRqfEeC_VRz53cl2_CLavkNkBTSKWcAEAMEQ

This string is quite long. Therefore, the storage of access_token must reserve at least 512 characters. And the access_token obtained is not permanent, and its validity period is 2 hours. This validity period will be added to the return result of our access_token, and the field name is expires_in. We will talk about how to obtain access_token below. Let's first take a look at how WeChat officially explains the use and generation of access_token.

1. In order to keep appsecrect confidential, the third party needs a central control server for access_token acquisition and refresh. The access_token used by other business logic servers all come from the central control server and should not be refreshed separately, otherwise the access_token will be overwritten and affect the business;
2. The validity period of the access_token is currently conveyed through the returned expire_in, which is currently within 7200 seconds. The central control server needs to refresh the new access_token in advance according to this validity period. During the refresh process, the central control server still outputs the old access_token to the outside. At this time, the public platform backend will ensure that both the new and old access_tokens are available within a short refresh time, which ensures the smooth transition of third-party business;
3. The validity period of the access_token may be adjusted in the future, so the central control server not only needs to actively refresh internally, but also needs to provide an interface for passively refreshing the access_token, so that the business server can trigger the access_token refresh process when the API call knows that the access_token has timed out.
Therefore, we should refresh and obtain the access_token regularly. Otherwise, repeated acquisition will cause the last access_token to become invalid.

Well, after talking so much, we also understand the importance of access_token, so how should we get it? In fact, getting access_token is also very simple. WeChat provides us with the http interface:

https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=APPID&secret=APPSECRET

Note: The https protocol must be used when calling all WeChat interfaces.

The above interface requires us to send three parameters:

grant_type This parameter needs to be filled in with client_credential when obtaining access_token

The appid parameter can be obtained in the basic configuration. Each developer has a unique appid, which serves as the only credential for third-party users.

The value of the secret parameter is appsecret. Each developer also has an appsecret, which is a third-party user's unique credential key. Like appid, appsecret can also be obtained in the basic configuration.

Now that we know the three parameters, we can start calling this interface. Because it is an http interface, we use php language to call it, so curl is needed.

$url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=" . self::appId . "&secret=" . self::appSecret;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$res = curl_exec($ch);
curl_close($ch);

The returned result is a JSON string, which contains two contents: one is access_token and the other is the validity period (expires_in).

{"access_token":"gq84-toUzqn2mNX_ibmvMOIVm1TIKPD6mGLUfMNdCytpsLv6H-aCZgXMPkEt_D4Iqjjoe8 w_qgo_9oli3dECpimhb-FUONTEJLarG6PGYSpPZSAb8rcwv4WR0BMwwc8ESCXiAGABLG","expires_in":7200}

Similarly, if an error occurs during the call, a json string will be returned. The content of the json string varies depending on the cause of the error. An example is as follows:

{"errcode":40013,"errmsg":"invalid appid"}

Access_token use case - Get WeChat server IP address

We have introduced the purpose of access_token and how to obtain it above. Here we introduce a use case of access_token - if the public account needs to know the IP address list of WeChat server for security considerations, so as to make relevant restrictions, the WeChat server IP address list can be obtained through the corresponding interface.

Its interface is as follows

https://api.weixin.qq.com/cgi-bin/getcallbackip?access_token=ACCESS_TOKEN

We can see that this interface has only one parameter - access_token. Let's see how to use it.

$url = "https://api.weixin.qq.com/cgi-bin/getcallbackip?access_token=".$this->get_accesstoken();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$res = curl_exec($ch);

The returned result is also a json string.

{ "ip_list":["ip1"," ip2"] }

Similarly, this interface may also return a call error. The error is mostly caused by invalid or expired access_token.

{"errcode":40001,"errmsg":"invalid credential, access_token is invalid or not latest hint: [w2KXsa0239vr29!]"}

Well, the above is a detailed introduction to the purpose and acquisition method of access_token.

For reprinting, please send an email to 1244347461@qq.com for approval. After obtaining the author's consent, kindly include the source as a link.

Article URL:

Related Articles

WeChat public account receiving message event message processing

Publish Date:2025/03/16 Views:79 Category:NETWORK

As we know, there are two types of messages generated by the interaction between WeChat users and public accounts: one is ordinary messages, which are introduced in detail in the article "Ordinary message processing for WeChat public accoun

OAuth2.0 - How to issue access tokens

Publish Date:2025/03/17 Views:132 Category:NETWORK

In the previous article, we introduced that OAuth2.0 is an authorization mechanism whose main purpose is to issue tokens between websites or applications that want to share resources. Before starting this article, we assume that you have un

微信公众号接收消息 事件消息处理

Publish Date:2016/10/18 Views:4675 Category:网络

事件消息分为关注/取消关注、扫描带参数的二维码、上报地理位置、自定义菜单、点击菜单拉取消息、点击菜单跳转链接共六种事件。

微信公众号接收消息 普通消息处理

Publish Date:2016/10/14 Views:2385 Category:网络

在微信用户和公众号产生交互的过程中会分为两种情况:一种是微信用户向公众号发送普通消息;另一种是微信用户的某些操作使得微信服务器通过事件推送的形式通知到开发者填写的

微信公众号开发教程获取access_token

Publish Date:2016/10/12 Views:4442 Category:网络

在微信公众号开发过程中,如果我们想要主动向微信服务器推送消息那么我们必须要有access_token。access_token 是公众号的唯一票据。这里我们介绍获取access_token的方法及使用案例。

Scan to Read All Tech Tutorials

Social Media
  • https://www.github.com/onmpw
  • qq:1244347461

Recommended

Tags

Scan the Code
Easier Access Tutorial