Skip to main content

Use Cases

  • Payment initiated via mobile browsers (not inside native apps)
  • Suitable for mobile websites, WebApps, or flows where users open links in Safari/Chrome
  • Supported wallets:
    • Alipay Cross-Border (801107)
    • AlipayHK (801512)
    • Alipay Service Window H5 (800107) — requires user authorisation (openid)
Social apps (e.g. WeChat, Facebook Messenger) may block redirecting to external wallet apps.
For better conversion, guide users to open payment links in Safari, Chrome, or the system browser.

HTTP Request

Endpoint: POST /trade/v1/payment

PayType Reference

PayTypeWalletDescription
801107Alipay Cross-BorderInternational WAP/H5 payment
801512AlipayHKHong Kong WAP payments
800107Alipay Service Window H5Requires user authorisation code (openid)

Request Parameters

For the full list of shared parameters, see:
Common Request Parameters Below are Alipay WAP / H5 specific or commonly required fields:
ParameterRequiredDescription
pay_typeYesOne of 801107, 801512, 800107
return_urlRecommendedRedirect after payment completion (browser flow)
notify_urlRecommendedBackend webhook for payment result
goods_nameRecommendedRequired by some wallets; keep ≤20 chars
openidConditionalRequired for 800107 only (Alipay Service Window H5)
expired_timeOptionalQR / link expiry in minutes (5–120, if supported)
limit_payOptionalMainland restrictions only (if applicable)
mchidConditionalInclude only if provided by QFPay for your store setup
Never hardcode or assume mchid is always required.
Include it only if QFPay has provided it for your store configuration.

Sample Request

# coding=utf-8
import hashlib
import requests
import datetime

environment = "https://test-openapi-hk.qfapi.com"
app_code = "YOUR_APP_CODE"
client_key = "YOUR_CLIENT_KEY"

def make_req_sign(data, key):
    keys = sorted(list(data.keys()))
    parts = [f"{k}={data[k]}" for k in keys]
    sign_str = ("&".join(parts) + key).encode("utf-8")
    return hashlib.md5(sign_str).hexdigest().upper()

txdtm = datetime.datetime.now().replace(microsecond=0).strftime("%Y-%m-%d %H:%M:%S")

data = {
    "txamt": "10",
    "txcurrcd": "HKD",
    "pay_type": "801107",
    "out_trade_no": "01234567890123",
    "txdtm": txdtm,
    "goods_name": "test1",
    "return_url": "https://merchant.example/success",
    "notify_url": "https://merchant.example/notify"
    # "mchid": "ZaMVg*****"  # include only if provided by QFPay
    # "openid": "xxx"        # required for pay_type=800107 only
}

headers = {
    "X-QF-APPCODE": app_code,
    "X-QF-SIGN": make_req_sign(data, client_key)
}

resp = requests.post(environment + "/trade/v1/payment", data=data, headers=headers)
print(resp.json())

Response Parameters

Refer to shared fields here:
Public Response Parameters

Sample Response

{
  "sysdtm": "2020-04-13 11:32:03",
  "paydtm": "2020-04-13 11:32:03",
  "txcurrcd": "HKD",
  "respmsg": "",
  "pay_type": "801107",
  "udid": "qiantai2",
  "txdtm": "2020-04-13 11:32:03",
  "txamt": "300",
  "resperr": "success",
  "out_trade_no": "BUFB3PT9ZDUWEUAE4ATD21JKNHVEIIPV",
  "syssn": "20200413000200020087171988",
  "respcd": "0000",
  "pay_url": "https://globalmapi.alipay.com/gateway.do?...",
  "chnlsn": ""
}

Asynchronous Notification

After payment completion, QFPay will notify your backend via notify_url.
Never rely solely on front-end redirection. Always verify the final result via backend notification and signature validation.

Security Considerations

Additional References

  • Official: Alipay H5 Authorisation Flow (Service Window)
  • Official: Alipay Cashier / WAP Documentation