Getting Started

From WeChat Official Account Admin Platform
Jump to: navigation, search



Developers should use the following steps to access the WeChat Official Account Admin Platform:

1. Complete server configuration
2. Verify validity of the URL
3. Execute service logics

The following describes these three steps in detail.

Step 1. Complete server configuration

Log in to the WeChat Official Account Admin Platform, select "Developer Center" in the management window, and click "Edit". Enter the URL pointing to your server as well as, the Token. The URL will be used for receiving WeChat messages and event-based messages from the WeChat Official Account System. The token can be manually set to generate signature; this Token will be compared with that contained in the URL to verify validity of the sender.


Step 2. Verify validity of the URL

After the configuration is submitted, the WeChat Official Account System will send a GET request to the entered URL pointing to developer's backend. The GET request contains the following parameters:

Parameter Description
signature Encrypted signature. This parameter is combined with the Token entered and timestamp and nonce parameters in the request.
timestamp Time stamp
nonce Random number
echostr Random string

The developer's backend system should verify the request by verifying the signature (verification method provided below). Once confirmed that the GET request has been sent by the WeChat Official Account System, the developer's backend system should return the echostr parameter value indicating that the request has been successfully received; otherwise, access fails.

The encryption/verification procedure is as follows:
1. Sort the token, timestamp, and nonce parameters alphabetically.
2. Combine the parameters into a string and encrypt it using SHA-1.
3. Compare the encrypted string with the signature. If they are identical, the request has been verified as being sent by the WeChat Official Account System.

PHP code of signature verification:

private function checkSignature()
        $signature = $_GET["signature"];
        $timestamp = $_GET["timestamp"];
        $nonce = $_GET["nonce"];	
        $token = TOKEN;
	$tmpArr = array($token, $timestamp, $nonce);
	sort($tmpArr, SORT_STRING);
	$tmpStr = implode( $tmpArr );
	$tmpStr = sha1( $tmpStr );

	if( $tmpStr == $signature ){
		return true;
		return false;

Download PHP code: Download

Step 3. Execute service logics

After successfully verifying the URL, the developer has achieved successfully access to the WeChat Official Account System. For subscription accounts, only common message-type APIs can be accessed. However, if the official account is a service account, the developer can apply for authentication access to additional features on the WeChat Official Account Admin Platform. After receiving authentication access, the developer will obtain access to call a large number of additional APIs.

If a user in an official account chat view sends a message to the official account or clicks an item in one of the custom-defined menus, the URL pointing to developer's backend will receive the message and an event pushed by the WeChat Official Account System. Subsequently, the developer’s backend should respond based on their account’s own service logic (e.g. send a reply to the user).

Normally, an official account should receive valid return values when making an API call. For details about return values, see the API’s documentation. If an error code is returned, query the cause of the error based on the Return Codes list.

Return Codes

When a user sends a message to an official account, the ID provided to the official account is the OpenID for the user. This OpenID is generated via encryption. For each official account, each user will be represented by a unique OpenID.

Note that official accounts currently only support port 80.

Developer Guide
Custom-defined Menu