WeChat Mini Program API Access Guide
Access Overview
To access the WeChat Mini Program message service, developers need to follow the following steps:
1. Fill in the server configuration
2. Verify the validity of the server address
3. Implement business logic based on the interface document
The following three steps are introduced in detail.
Step 1: Fill in the server configuration
After logging in to the WeChat Mini Program official website, on the "Settings - Message Server" page of the Mini Program official website, the administrator scans the code to enable the message service and fill in the server address (URL), Token and EncodingAESKey.
URL is the interface URL used by developers to receive WeChat messages and events. The token can be filled in by the developer arbitrarily and used to generate a signature (the token will be compared with the token contained in the interface URL to verify the security). EncodingAESKey is manually filled in by the developer or randomly generated, and will be used as the message body encryption and decryption key.
At the same time, developers can choose the message encryption and decryption methods: plain text mode, compatibility mode and security mode. You can choose the message data format: XML format or JSON format. The default state of encryption method is clear format, and the default state of data format is XML format.
The mode selection and server configuration will take effect immediately after submission. Developers are advised to fill in and select carefully. Switching the encryption method and data format requires configuring the relevant code in advance. For details, please refer to the message encryption and decryption instructions.
Step 2: Verify that the message indeed comes from the WeChat server
After the developer submits the information, the WeChat server will send a GET request to the filled in server address URL , the GET request carries parameters as shown in the following table:
| Parameter | Description |
|---|---|
| signature | WeChat encrypted signature, signature combines the token parameter filled in by the developer with the timestamp parameter and nonce parameter in the request. |
| timestamp | Timestamp |
| nonce | Random number |
| echostr | Random string |
Developers verify the request by checking the signature (verification methods are listed below). If it is confirmed that this GET request comes from the WeChat server, please return the echostr parameter content as it is, then the access will take effect and you will become a developer successfully, otherwise the access will fail. The encryption/verification process is as follows: 1. Sort the three parameters token, timestamp, and nonce in lexicographic order 2. Splice the three parameter strings into one string for SHA1 encryption 3. The developer can obtain the encrypted string with Signature comparison, indicating that the request comes from WeChat
PHP sample code for verifying signature:
private function checkSignature()
{
$signature = $_GET["signature"];
$timestamp = $_GET["timestamp"];
$nonce = $_GET["nonce"];
$token = TOKEN;
$tmpArr = array($token, $timestamp, $nonce);
sort($tmpArr, SORT_STRING);
$tmpStr = implode( $tmpArr );
$tmpStr = sha1( $tmpStr );
if( $tmpStr == $signature ){
return true;
}else{
return false;
}
}Step 3: Implement business logic based on the interface document
Verification of URL validity is successful After that, the access takes effect and you become a developer. At this point, when the user sends a message to the mini program customer service, or enters a session, the server configuration URL filled in by the developer will get the messages and events pushed by the WeChat server, and the developer can respond according to its own business logic.
Please also note that the URL filled in by the developer must start with http:// or https://, which support port 80 and port 443 respectively.
