English

简体中文

English

简体中文

Appearance

Mini-App Backend Development

1. Interface Description

The common server-side interfaces are encapsulated in the MiniAppCommonService service class from the public module. You can obtain an instance by injecting this service class. Usage example:

java
@Resource
private MiniAppCommonService miniAppCommonService;

@Resource
private MiniAppPayService miniAppPayService;
    
ApplicationVo application = miniAppCommonService.getApplication();
// ...

Before using the server-side interfaces, you must correctly configure the Mini-App's appKey and appSecret. These are mainly used for signing request parameters when the Mini-App backend initiates requests to the Mos server. Developers do not need to concern themselves with the specific signing method — the public service has already encapsulated it. After injecting the corresponding service, you can directly call the specific methods.

1.1 Interface BaseURL

1.2 Interface Signature

If calling directly via HTTP, the request Body must include the following fields:

  • appKey: Mini-App App Key
  • sign: Signature

Signature generation rule: Sort all parameters (including appKey) in ascending order, convert them to QueryString format (e.g., key1=value1&key2=value2...), then append secret=appSecret at the end, and finally perform MD5 on the resulting string. Java example code:

java
import org.springframework.util.DigestUtils;

/**
 * Get signature
 *
 * @param request Request object (Object used here as example; replace with actual request type or base class)
 * @return Signature
 */
public String getSign(Object request) {
    // Convert request to a key-ordered TreeMap (ascending by default), "appKey" must be included
    Map<String, String> requestSortedMap = JSON.parseObject(JSON.toJSONString(request), new TypeReference<TreeMap<String, String>>() {
    });
    requestSortedMap.put("appKey", "<your_app_key>");

    // Convert request to QueryString format, e.g., key1=value1&key2=value2...
    StringBuilder qsBuilder = new StringBuilder();
    for (Map.Entry<String, String> entry : requestSortedMap.entrySet()) {
        // "sign" or empty values do not participate in signing
        if ("sign".equals(entry.getKey()) || entry.getValue() == null || entry.getValue().isEmpty()) {
            continue;
        }
        qsBuilder.append(entry.getKey()).append("=").append(entry.getValue().trim()).append("&");
    }
    // Append "secret=your_app_secret" at the end
    qsBuilder.append("secret=").append("<your_app_secret>");

    // MD5 processing
    return DigestUtils.md5DigestAsHex(qsBuilder.toString().getBytes(StandardCharsets.UTF_8));
}

2. Login & Authentication

2.1 Get Application Information

API: MiniAppCommonService.getApplication()

HTTP: POST /open-apis/application/v1/getApplication

Get Mini-App application information

Parameters

None (signature still required)

Response

FieldTypeDescription
appNameStringApplication name
appKeyStringApplication key
appSecretStringApplication secret
descriptionStringApplication description
statusBooleanApplication status
notifyUrlStringCallback URL

2.2 Universal Login

API: MiniAppCommonService.miniAppLogin(String code)

A universal login interface provided by the public module. It uses the code obtained from the Mini-App frontend and JWT to generate an identity token. After creating a new Mini-App module, a default login interceptor com.testproject.mos.miniapp.xxx.interceptor.LoginInterceptor is included. This interceptor validates the token passed from the Mini-App frontend in the format of Bearer token via HTTP Header:

Authorization: Bearer <token>

After authentication passes, users can retrieve the logged-in user's openid and language type via the "Get Current User Information" interface, which can then be used to fetch the user's information within the Mini-App itself (the Mini-App must maintain its own user table with a column storing openid).

If the universal login does not meet your needs, you may override the login interceptor and implement your own login and current user information retrieval interfaces.

Note: Do not modify the code in the public module.

Parameters

FieldTypeRequiredDescription
codeStringYesCode obtained via mos.login in Mini-App

Response TokenVo

FieldTypeDescription
tokenStringIdentity token

2.3 Get Current User Information

API: MiniAppCommonService.getMiniAppUser()

A universal method provided by the public module to get the current logged-in user. It works only when used with the universal login interface and the default login interceptor.

Parameters

None (signature still required)

Response MiniAppUserBo

FieldTypeDescription
appKeyStringApplication key
openidStringUser unique identifier
languageTypeLanguageEnumLanguage type

2.4 Exchange Code for Mos Session

API: MiniAppCommonService.code2session(String code)

HTTP: POST /open-apis/mp/v1/auth/code2session

Get Mos session information using code

Parameters

FieldTypeRequiredDescription
codeStringYesCode obtained via mos.login in Mini-App

Response MosSessionVo

FieldTypeDescription
openidStringUser unique identifier
sessionKeyStringSession key (currently unused)

3. QR Code Login

3.1 Generate QR Code

HTTP: POST /open-apis/mp/v1/auth/getLoginQrCodeUrl

Generate a QR code for Mini-App scan-to-login. Expires in 120 seconds. The Mini-App uses this string to generate the QR code image.

Request Body

None (signature still required)

Response Body

FieldTypeDescription
qrCodeStringQR code string, format: https://mos.me/miniapp-open/login/{uuid}
uuidStringQR code UUID string

3.2 Check QR Code Status

HTTP: POST /open-apis/mp/v1/auth/getLoginQrCodeStatus

Check the status of the QR code. Returns user information upon successful scan.

Request Body

FieldTypeRequiredDescription
qrCodeUuidStringYesQR code UUID string

Response Body

FieldTypeDescription
statusString'NO_SCAN': Not scanned | 'SCAN': Scanned
mosOpenUserVoMosOpenUserVoUser info (available only after successful scan)

Response MosOpenUserVo

FieldTypeDescription
openIdStringUser unique identifier
firstNameStringFirst name
lastNameStringLast name
headPortraitStringAvatar URL

4. Payment

Before developing payment features, you must apply to become a Mos merchant and obtain the corresponding merchant ID (mcId), which is required in the payment flow.

4.1 Create Prepayment Order

API: MiniAppPayService.prepay(CreatePrepayOrderAo ao)

HTTP: POST /open-apis/mp/v1/pay/prepay

Create a prepayment order

Parameters CreatePrepayOrderAo

FieldTypeRequiredDescription
mcIdStringYesMerchant ID
nonceStrStringNoRandom string, must be unique in the system
descStringNoOrder description
outTradeNoStringYesMerchant Mini-App system order number
currencyStringYesCurrency: USD - US Dollar | KHR - Cambodian Riel
totalAmountStringYesOrder amount
notifyUrlStringYesCallback URL
openidStringYesUser unique identifier
expireTimeStringNoOrder expiration timestamp (milliseconds)

Response PrepayOrderVo

FieldTypeDescription
prepayIdStringPrepayment order ID

4.2 Merchant Pays User

API: MiniAppPayService.payToMiniAppUser(PayToMiniAppUserAo ao)

HTTP: POST /open-apis/mp/v1/pay/payToMiniAppUser

Call this interface to pay a user

Parameters PayToMiniAppUserAo

FieldTypeRequiredDescription
nonceStrStringNoRandom string, must be unique in the system
outTradeNoStringYesMerchant Mini-App system order number
currencyStringYesCurrency: USD - US Dollar | KHR - Cambodian Riel
amountStringYesPayment amount
openidStringYesUser unique identifier

Response PayToMiniAppUserVo

FieldTypeDescription
prepayIdStringPrepayment order ID
nonceStrStringRandom string
outTradeNoStringMerchant Mini-App system order number
paymentNoStringMos order number

4.3 Query Order

API: MiniAppPayService.orderQuery(OrderQueryAo ao)

HTTP: POST /open-apis/mp/v1/pay/orderQuery

Query order status

Parameters OrderQueryAo

FieldTypeRequiredDescription
nonceStrStringYesRandom string, must be unique in the system
outTradeNoStringYesMerchant Mini-App system order number

Response OrderQueryVo

FieldTypeDescription
openidStringUser unique identifier
prepayIdStringPrepayment order ID
outTradeNoStringMerchant Mini-App order number
countryStringCountry code
currencyStringCurrency
totalAmountStringOrder amount
descStringProduct description
statusStringOrder status
expireTimeLongExpiration time
createTimeLongCreation time

5. Customer Service Account

5.1 Create Customer Service Account

HTTP: POST /open-apis/mp/v1/customerServ/create

Create a customer service account

Request Body

FieldTypeRequiredDescription
openidStringYesUser unique identifier
nameStringYesCustomer service name
headPortraitStringNoCustomer service head portrait, no default value automatically generated

Response Body

FieldTypeDescription
tokenStringCustomer service account identifier
webHookStringWebhook address of the account
nameStringCustomer service name
headPortraitStringCustomer service avatar
descriptorStringCustomer service description
idNumberStringUnique ID of the customer service
linkStringCustomer service link

5.2 Send Message

HTTP: POST /open-apis/mp/v1/customerServ/{token}/sendMessage

Send a message to a specified user via the customer service bot (implemented by combining content and msgType fields in different ways)

Path Parameter

FieldTypeRequiredDescription
tokenStringYesCustomer service account identifier

Request Body

FieldTypeRequiredDescription
openidStringYesRecipient user unique identifier
contentContentYesMessage content, see Content

Content

FieldTypeRequiredDescription
msgTypeStringYesMessage type: TEXT (plain text) | CARD (card message)
textStringNoMessage text, max length 5000 characters (required when msgType=TEXT)
inlineButtonsList<List<InlineButton>>NoInline buttons (available for any message type), see InlineButton
cardMessageCardMessageNoCard message body (required when msgType=CARD), see CardMessage

InlineButton

FieldTypeRequiredDescription
textStringYesButton label, max length 30 characters
typeStringYesButton type: callback (callback request) | miniApp (mini-app jump) | url (external link or internal link opened in Mos)
dataStringYesButton data, developer-defined content

Inline Button Limits

  1. Up to 4 buttons per row (i.e., each inner list can contain at most 4 InlineButton objects)
  2. No more than 40 buttons in total

Inline Button Type Details

  1. callback: When the user clicks, MosApp sends an event to the customer service mini-app backend via webhook, passing the button’s data value.
  2. url: Opens the specified link in the browser; for internal links (such as user, group, channel), opens inside MosApp.
  3. miniApp: Opens the bound mini-app directly when clicked.

Inline Button Data Description

  1. For callback, data is a string configured by the customer service mini-app backend; MosApp forwards it transparently when the user clicks.

Callback webhook request body format:

json
{
  "reqId": "Unique request id",
  "data": "data"
}
  1. For url, data is an external URL or a MosApp internal link.
  2. For miniApp, data can configure page path and other info; MosApp appends it to the mini-app URL as query parameters.

CardMessage

FieldTypeRequiredDescription
titleStringYesTitle, max length 50 characters
messageTitleStringNoMessage title, max length 50 characters
coverStringNoCover image URL, max length 1000 characters
priceStringNoPrice, max length 30 characters
linePriceStringNoStrikethrough price, max length 30 characters

Response Body

None

5.3 Get Customer Service Account Info

HTTP: POST open-apis/mp/v1/customerServ/getInfo

Get customer service account information

Request Body

FieldTypeRequiredDescription
tokenStringYesCustomer service account identifier

Response Body

FieldTypeDescription
tokenStringCustomer service account identifier
webHookStringWebhook address of the account
nameStringCustomer service name
headPortraitStringCustomer service avatar
descriptorStringCustomer service description
idNumberStringUnique ID of the customer service
linkStringCustomer service link

5.4 Update Customer Service Account Info

HTTP: POST /open-apis/mp/v1/customerServ/updateInfo

Update customer service account information

Request Body

FieldTypeRequiredDescription
tokenStringYesCustomer service account identifier
nameStringNoCustomer service name, max length 30
headPortraitStringNoCustomer service avatar, max length 1000
descriptorStringNoCustomer service description, max length 300
idNumberStringNoUnique ID of the customer service, max length 30

Notes

  1. At least one of name, headPortrait, descriptor, idNumber must be provided
  2. idNumber is the unique identifier of the customer service and must be unique

Response Body

FieldTypeDescription
tokenStringCustomer service account identifier
webHookStringWebhook address of the account
nameStringCustomer service name
headPortraitStringCustomer service avatar
descriptorStringCustomer service description
idNumberStringUnique ID of the customer service
linkStringCustomer service link

5.5 Reset Customer Service Account Token

HTTP: POST /open-apis/mp/v1/customerServ/resetToken

Reset the customer service account token

Request Body

FieldTypeRequiredDescription
tokenStringYesCustomer service account identifier

Response Body

FieldTypeDescription
tokenStringCustomer service account identifier
webHookStringWebhook address of the account
nameStringCustomer service name
headPortraitStringCustomer service avatar
descriptorStringCustomer service description
idNumberStringUnique ID of the customer service
linkStringCustomer service link

5.6 Set Customer Service Account Webhook

HTTP: POST /open-apis/mp/v1/customerServ/setWebHook

Set the webhook of the customer service account, i.e., the callback URL for button events

Request Body

FieldTypeRequiredDescription
tokenStringYesCustomer service account identifier
webHookStringYesWebhook URL , if empty then delete the webhook, max length 300

Response Body

FieldTypeDescription
tokenStringCustomer service account identifier
webHookStringWebhook address of the account
nameStringCustomer service name
headPortraitStringCustomer service avatar
descriptorStringCustomer service description
idNumberStringUnique ID of the customer service
linkStringCustomer service link