> ## Documentation Index
> Fetch the complete documentation index at: https://sdk.qfapi.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Alipay WAP / H5 Payments
> Integration guide for Alipay Cross-Border (801107), AlipayHK (801512), and Alipay Service Window H5 (800107).
## Use Cases
* Payment initiated via **mobile browsers** (not inside native apps)
* Suitable for mobile websites, WebApps, or flows where users open links in Safari/Chrome
* Supported wallets:
* Alipay Cross-Border (`801107`)
* AlipayHK (`801512`)
* Alipay Service Window H5 (`800107`) — requires user authorisation (`openid`)
Social apps (e.g. WeChat, Facebook Messenger) may block redirecting to external wallet apps.\
For better conversion, guide users to open payment links in **Safari, Chrome, or the system browser**.
***
## HTTP Request
**Endpoint**: `POST /trade/v1/payment`
### PayType Reference
| PayType | Wallet | Description |
| -------: | ------------------------ | ------------------------------------------- |
| `801107` | Alipay Cross-Border | International WAP/H5 payment |
| `801512` | AlipayHK | Hong Kong WAP payments |
| `800107` | Alipay Service Window H5 | Requires user authorisation code (`openid`) |
***
## Request Parameters
For the full list of shared parameters, see:\
[Common Request Parameters](/integration/api-reference/request-format)
Below are **Alipay WAP / H5 specific or commonly required** fields:
| Parameter | Required | Description |
| -------------- | ----------- | ---------------------------------------------------------- |
| `pay_type` | Yes | One of `801107`, `801512`, `800107` |
| `return_url` | Recommended | Redirect after payment completion (browser flow) |
| `notify_url` | Recommended | Backend webhook for payment result |
| `goods_name` | Recommended | Required by some wallets; keep ≤20 chars |
| `openid` | Conditional | Required for `800107` only (Alipay Service Window H5) |
| `expired_time` | Optional | QR / link expiry in minutes (5–120, if supported) |
| `limit_pay` | Optional | Mainland restrictions only (if applicable) |
| `mchid` | Conditional | Include **only if provided by QFPay** for your store setup |
Never hardcode or assume `mchid` is always required.\
Include it only if QFPay has provided it for your store configuration.
***
## Sample Request
```python Python theme={null}
# coding=utf-8
import hashlib
import requests
import datetime
environment = "https://test-openapi-hk.qfapi.com"
app_code = "YOUR_APP_CODE"
client_key = "YOUR_CLIENT_KEY"
def make_req_sign(data, key):
keys = sorted(list(data.keys()))
parts = [f"{k}={data[k]}" for k in keys]
sign_str = ("&".join(parts) + key).encode("utf-8")
return hashlib.md5(sign_str).hexdigest().upper()
txdtm = datetime.datetime.now().replace(microsecond=0).strftime("%Y-%m-%d %H:%M:%S")
data = {
"txamt": "10",
"txcurrcd": "HKD",
"pay_type": "801107",
"out_trade_no": "01234567890123",
"txdtm": txdtm,
"goods_name": "test1",
"return_url": "https://merchant.example/success",
"notify_url": "https://merchant.example/notify"
# "mchid": "ZaMVg*****" # include only if provided by QFPay
# "openid": "xxx" # required for pay_type=800107 only
}
headers = {
"X-QF-APPCODE": app_code,
"X-QF-SIGN": make_req_sign(data, client_key)
}
resp = requests.post(environment + "/trade/v1/payment", data=data, headers=headers)
print(resp.json())
```
```java Java theme={null}
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
public class AlipayWapExample {
public static void main(String[] args) {
String appcode = "YOUR_APP_CODE";
String key = "YOUR_CLIENT_KEY";
String txdtm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date());
Map params = new HashMap<>();
params.put("txamt", "10");
params.put("txcurrcd", "HKD");
params.put("pay_type", "801107");
params.put("out_trade_no", "01234567890123");
params.put("txdtm", txdtm);
params.put("goods_name", "test1");
params.put("return_url", "https://merchant.example/success");
params.put("notify_url", "https://merchant.example/notify");
// params.put("mchid", "ZaMVg*****"); // include only if provided by QFPay
// params.put("openid", "xxx"); // required for pay_type=800107 only
String data = QFPayUtils.getDataString(params);
String sign = QFPayUtils.getMd5Value(data + key);
String url = "https://test-openapi-hk.qfapi.com";
String resp = Requests.sendPostRequest(url + "/trade/v1/payment", data, appcode, sign);
System.out.println(resp);
}
}
```
```javascript JavaScript theme={null}
const crypto = require("crypto");
const request = require("request");
const environment = "https://test-openapi-hk.qfapi.com";
const app_code = "YOUR_APP_CODE";
const client_key = "YOUR_CLIENT_KEY";
const txdtm = new Date().toISOString().replace("T", " ").replace(/\..+/, "");
const payload = {
txamt: "10",
txcurrcd: "HKD",
pay_type: "801107",
out_trade_no: "01234567890123",
txdtm,
goods_name: "test1",
return_url: "https://merchant.example/success",
notify_url: "https://merchant.example/notify"
// mchid: "ZaMVg*****", // include only if provided by QFPay
// openid: "xxx" // required for pay_type=800107 only
};
const ordered = Object.keys(payload).sort().map(k => `${k}=${payload[k]}`).join("&");
const sign = crypto.createHash("md5").update(ordered + client_key).digest("hex").toUpperCase();
request({
uri: environment + "/trade/v1/payment",
headers: {
"X-QF-APPCODE": app_code,
"X-QF-SIGN": sign
},
method: "POST",
form: payload
}, function (error, response, body) {
console.log(body);
});
```
```php PHP theme={null}
$v) { $pairs[] = $k . '=' . $v; }
$str = implode('&', $pairs) . $key;
return strtoupper(md5($str));
}
$url = "https://test-openapi-hk.qfapi.com/trade/v1/payment";
$app_code = "YOUR_APP_CODE";
$app_key = "YOUR_CLIENT_KEY";
$fields = array(
"txamt" => "10",
"txcurrcd" => "HKD",
"pay_type" => "801107",
"out_trade_no" => "01234567890123",
"txdtm" => date("Y-m-d H:i:s"),
"goods_name" => "test1",
"return_url" => "https://merchant.example/success",
"notify_url" => "https://merchant.example/notify"
// "mchid" => "ZaMVg*****", // include only if provided by QFPay
// "openid" => "xxx" // required for pay_type=800107 only
);
$sign = buildSign($fields, $app_key);
$headers = array(
"X-QF-APPCODE: " . $app_code,
"X-QF-SIGN: " . $sign
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$output = curl_exec($ch);
curl_close($ch);
echo $output;
?>
```
***
## Response Parameters
Refer to shared fields here:\
[Common Response Parameters](/integration/api-reference/response-format)
***
## Sample Response
```json theme={null}
{
"sysdtm": "2020-04-13 11:32:03",
"paydtm": "2020-04-13 11:32:03",
"txcurrcd": "HKD",
"respmsg": "",
"pay_type": "801107",
"udid": "qiantai2",
"txdtm": "2020-04-13 11:32:03",
"txamt": "300",
"resperr": "success",
"out_trade_no": "BUFB3PT9ZDUWEUAE4ATD21JKNHVEIIPV",
"syssn": "20200413000200020087171988",
"respcd": "0000",
"pay_url": "https://globalmapi.alipay.com/gateway.do?...",
"chnlsn": ""
}
```
***
## Asynchronous Notification
After payment completion, QFPay will notify your backend via `notify_url`.
* Notification format: [Asynchronous Notifications](/integration/common-api/async-notifications)
* Verify final status via API: [Transaction Enquiry](/integration/common-api/transaction-enquiry)
Never rely solely on front-end redirection. Always verify the final result via backend notification and signature validation.
***
## Security Considerations
* Follow signature rules: [Signature Generation](/integration/preparation/authentication-and-signature)
* Never expose secret keys in front-end code
* For errors: [Status Codes](/integration/api-reference/status-codes)
***
## Additional References
* Official: Alipay H5 Authorisation Flow (Service Window)
* Official: Alipay Cashier / WAP Documentation