Web Authorization
This authorization method is for third-party applications to obtain user authorization to read and write user's survey data. Team developers do not need to be concerned with this.
Step 1: User Authorizes and Obtains code
Construct Web Authorization URL
https://open.wesurvey.com/connect/oauth2/authorize?appid={APPID}&redirect_uri={REDIRECT_URI}&response_type=code&scope=snsapi_user&state={STATE}#wj_redirect
Parameter Description
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| appid | string | Yes | Application ID issued by the open platform |
| redirect_uri | string | Yes | Callback URL after authorization, please use urlencode to process the URL |
| response_type | string | Yes | Return type, fixed value: code |
| scope | string | Yes | Application authorization scope, for user authorization enter: snsapi_user |
| state | string | No | Will be returned with redirect, can contain a-zA-Z0-9, max length 128 bytes |
| #wj_redirect | Yes | Fixed value |
Note: After user clicks "Confirm", the page will redirect to redirect_uri?code={CODE}&state={STATE}
Step 2: Exchange code for Web Authorization access_token
Important Notes!
- The access_token obtained here is related to user resources and has a very high security level. It must be stored only on the server and cannot be passed to the client.
- Subsequent steps using the access_token to obtain user data must also be initiated from the server.
- The access_token is valid for 3 days, must re-authorize after expiration.
API Endpoint
GET https://open.wesurvey.com/api/oauth2/access_token?appid={APPID}&secret={SECRET}&code={CODE}&grant_type=authorization_code
Parameter Description
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| appid | string | Yes | Application ID issued by the open platform |
| secret | string | Yes | Application secret issued by the open platform |
| code | string | Yes | The code returned in Step 1, becomes invalid after successfully exchanging for access_token once |
| grant_type | string | Yes | Fixed value: authorization_code |
Response Description
| Parameter Name | Type | Description |
|---|---|---|
| access_token | string | Authorization code |
| refresh_token | string | Used to refresh authorization code, valid for 30 days |
| expires_in | integer | Valid duration, default is 3 days |
| openid | string | Unique identifier for user authorized to current application, openid can access user list and other data |
{
"code": "OK",
"error": {
"type": ""
},
"data": {
"access_token":"ACCESS_TOKEN",
"refresh_token":"REFRESH_TOKEN",
"expires_in": 259200,
"openid":"OPENID"
},
"request_id": "6cda53f4-d0fa-41a9-95a0-77ea32c97f1e"
}
Step 3: Use access_token to Request User Data
Add ?appid={APPID}&access_token={ACCESS_TOKEN} to the API request
For example, to get user's survey details:
GET https://open.wesurvey.com/api/surveys/{survey_id}?appid={APPID}&access_token={ACCESS_TOKEN}
Some APIs require ?openid={OPENID} For example, to get user's survey list:
GET https://open.wesurvey.com/api/surveys?appid={APPID}&access_token={ACCESS_TOKEN}&openid={OPENID}
Other: Refresh access_token (if needed)
Since access_token has a short validity period, when it expires, you can use refresh_token to refresh it. refresh_token is valid for 30 days. After refresh_token expires, user needs to re-authorize.
API Endpoint
GET https://open.wesurvey.com/api/oauth2/refresh_token?appid={APPID}&refresh_token={REFRESH_TOKEN}&grant_type=refresh_token
Parameter Description
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| appid | string | Yes | Application ID issued by the open platform |
| refresh_token | string | Yes | The refresh_token returned in Step 2 |
| grant_type | string | Yes | Fixed value: refresh_token |
Response Description
| Parameter Name | Type | Description |
|---|---|---|
| access_token | string | Authorization code |
| expires_in | integer | Valid duration, default is 3 days |
{
"code": "OK",
"error": {
"type": ""
},
"data": {
"access_token":"ACCESS_TOKEN",
"expires_in": 259200
},
"request_id": "6cda53f4-d0fa-41a9-95a0-77ea32c97f1e"
}
Other: Get Authorized User Information
API Endpoint
GET https://open.wesurvey.com/api/oauth2/user?appid={APPID}&access_token={ACCESS_TOKEN}&openid={OPENID}
Parameter Description
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| appid | string | Yes | Application ID issued by the open platform |
| access_token | string | Yes | The access_token returned in Step 2 |
| openid | string | Yes | Unique identifier for user authorized to current application |
Response Description
| Parameter Name | Type | Description |
|---|---|---|
| openid | string | Unique identifier for user authorized to current application |
| nickname | string | User's nickname in WeSurvey system |
| avatar | string | User's avatar in WeSurvey system |