Organize the Aliexpress API authorization process

Preface

I spent several months writing a small program for my own use and grabbing orders from Aliexpress. At the beginning of writing, this API was not open yet, and there was no order-related function. I did it by simulating user operations on the webpage: getting the webpage source code, using regular expressions to retrieve data, and then assembling the data to the local database.

During this period, I experienced several minor adjustments by Ali. Each time I made minor adjustments, it took me several hours to make program adjustments, the biggest change is when Ali gets a new and old order display pages.

The most difficult part is that when a user logs on to the console, the Cookie returned by these domains must be collected across several domains to collect the results returned by ajax. I used the same CookieContainer to solve the Cookie problem, but I still need to honestly request each Cookie in order in ajax.

Two days ago, Ali had a small plane. There was no order in a certain state, and there were 2147483648 pages on the page. At first glance, there was an overflow. Just as I was preparing to adjust the program, they fixed the problem again.

A few months ago, I applied for a developer account and passed it, but I have never studied it. After passing this flight, I decided to use the API to retrieve order data, instead of crawling from the web page.

 

Start

First, register as a developer:

Http://gw.api.alibaba.com/isv/index.htm

After successful registration, a unique identifier of the application will be assigned to you:

Where:

KeyYOUR_APPKEY In the API

Signature stringYOUR_APPSECRET In the API

 

For API instructions, you can open the following address:

Http://gw.api.alibaba.com/dev/doc/sys_auth.htm? Ns = aliexpress. open

 

Authorization process: initiate an authorization request. After the user agrees to the authorization, return.

The request for this step is as follows:

Http://gw.api.alibaba.com/auth/authorize.htm? Client_id = xxx & site = aliexpress & redirect_uri = urn: ietf: wg: oauth: 2.0: oob

Set client_id to APPKEY

Redirect_uri is the address for callback after authorization. Because I write a client, not a WEB application, so of course there is no callback address, I use this: urn: ietf: wg: oauth: 2.0: oob

 

Before a request, you need to sign the preceding address and add the value of the signature to the preceding address as the parameter _ aop_signature. For a request, the signature is described as follows:

 

, Only

Http://gw.api.alibaba.com/dev/tools/app_signature.html

 

2. obtain the authorization code

After obtaining the temporary code, all the APIs must be operated through the authorization code.

 

Authorization code acquisition address:

Https://gw.api.alibaba.com/openapi/http/1/system.oauth2/gettoken/%0 }? Grant_type = authorization_code & client_id = {1} & client_secret = {2} & redirect_uri = urn: ietf: wg: oauth: 2.0: oob & code = {3}

 

Where:

Enter the APPKEY at {0} and {1}

APPSECRET in {2}

Enter the temporary authorization Code obtained in the previous step in {3 }.

 

Need_refresh_tokenIf it is false

 

The returned results are as follows:

{"AliId": "xxx", "resource_owner": "xxx", "expires_in": "36000", "refresh_token": "xxx", "access_token ": "xxx "}

 

Expires_inIs the authorization code expiration time (seconds), 10 hours (60x60x10 ). After 10 hours, you need to refresh the authorization code.

Refresh_tokenIs needed later

Access_tokenThe new authorization code.

 

3. Refresh the authorization token

The authorization token expires 10 hours after it is generated. If you access the API, 401 is returned and is not authorized. When this happens, you need to refresh the authorization token. NoReacquireTemporary code.

 

Request address:

Https://gw.api.alibaba.com/openapi/param2/1/system.oauth2/gettoken/%0}

POSTThe following data:

Grant_typeThe value is a fixed refresh_token.

Client_idThe value is APPKEY.

Client_secretThe value is APPSECRET.

Refresh_tokenThat is, in the token obtained in the previous step (refhreshToken)

 

The result of refreshing the authorization token is roughly the same as that obtained by using the temporary authorization code, but the refresh code is missing because the refresh code is valid for half a year.

Other Instructions

The token refreshToken. In the API documentation, it is a half-year validity period, but there is no information about the expiration time of the token.

Separation of business logic and structural Logic

I don't know if there is anything wrong with that.

 

 

     [AttributeUsage(AttributeTargets.Class |                                       }

 

 

          opts = input.Target              (opts.AuthToken ==                                                                           }

 

It is easy to use, that is, add the relevant Attribute to the method for authorization judgment.

 

   OrderDetail FindOrderById(    url =                  .SetUrlKeyValue(  rh =  RequestHelper(  ctx =  JsonConvert.DeserializeObject<OrderDetail> }

However, the above is not enough. You still need to get the instance:

 

   APIOpts GetAPIOpts( user,   opts = (opts ==  opts = PolicyInjection.Create<APIOpts>    opts = PolicyInjection.Wrap<APIOpts>  }

 

 

Now, you only need to add the NeedAuth feature to the API method that requires authorization. If no authorization is available, the authorization will be automatically granted. If you need to refresh the authorization code, the authorization code is automatically refreshed, and the code looks much refreshed.