An access token is a globally unique token that each official account must obtain before calling APIs. Developers should save an access token once obtained. A minimum of 512 bytes of space should be reserved per access token. Normally, an access token is valid for 7,200 seconds. Getting a new access token will invalidate the previous one.
Instructions on using and generating an access token to call APIs on the WeChat Official Account Admin Platform:
1. In order to keep appsecret secret, developers should have a primary server obtain or update the access token. Other application servers should subsequently obtain the access token from the primary server. The access token should be updated atomically; otherwise, service access might be adversely affected if using an invalidated access token. 2. Currently, an access token is valid for 7,200 seconds, with the remaining validity provided in the expire_in parameter denoted in seconds. The primary server should update the access token before the expiration of this validity period. While updating an access token, the primary server should continue to use the old access token and the WeChat Official Account System will continue to briefly recognize both the old and the new access tokens temporarily, allowing a smooth transition between access tokens for the developer’s backend system. 3. In the future, the validity period for access tokens may be adjusted. As a consequence, the primary server should not only update the access token internally but also provide a mechanism for application servers to request an update to the access token via an API call it if the current access token has expired.
If developers do not use a primary server to atomically store the access token but instead allow for an update of the access token in varying points of service logic, a race condition may occur and thus cause unstable services due to conflicting access tokens.
Official accounts can generate an access token by calling the API below using AppID and AppSecret. The AppID and AppSecret can be generated in Developer Mode (You need to be a developer already and your account state must be normal). Please note calling WeChat APIs should use HTTPS protocol.
HTTP request method: GET https://api.wechat.com/cgi-bin/token?grant_type=client_credential&appid=APPID&secret=APPSECRET
|grant_type||Yes||Fill in "client_credential" to obtain the access token|
|appid||Yes||The unique certificate of a third-party user|
|secret||Yes||AppSecret, the key of a third-party user's certificate|
An example of a successful JSON response is as follows:
|access_token||the obtained certificate|
|expires_in||certificate validity time, the unit is second|
An example of an unsuccessful JSON response is as follows (Invalid AppID):