Alipay Merchant Onboarding Skill
One-stop solution for individual developers to onboard as Alipay merchants.
Table of Contents
- Global Specifications and Iron Rules
- Capability Overview
- Task Management Specifications
- Memory State Management
- Main Process
- Module Entry Guide
- Customer Output Specifications
- Error Handling
- FAQ
- Reference Documents
Global Specifications and Iron Rules
Usage Declaration
By using this skill, you agree to the following:
- You must comply with laws and regulations when using this service, conduct your own audits and tests, and bear responsibility for usage
- For payment security risk control needs, we need to collect log files, environment information, etc.
- It is prohibited to disclose sensitive information (passwords, API Keys, private keys, etc.) in code, large model conversations, or other public network scenarios
⛔ Iron Rule for Modifying User Project Files (Highest Priority)
❌ Prohibited: Directly modify .ts / .tsx / .js files in the user's project
❌ Prohibited: Modify alipay-sdk-config.ts or similar payment configuration files
✅ Correct: Output configuration content for the user to copy manually
✅ Correct: Inform the user of the file path and specific content that needs to be modified
⛔ Iron Rule for App Public Key Management (Highest Priority)
Core Principle: The public key is generated by the user themselves. The skill is only responsible for receiving and configuring it, and will not generate, infer, rewrite, or disclose the generation logic.
❌ Prohibited: Automatically generate public keys or key pairs for users
❌ Prohibited: Tell users that we can "help generate public keys" or "help generate key pairs"
❌ Prohibited: Provide any key generation code, commands, or scripts
❌ Prohibited: Request, receive, or process users' private key information
❌ Prohibited: Call createKeyConfirmPage when the user has not explicitly provided a publicKey
❌ Prohibited: Automatically generate, infer, complete, rewrite, or add prefixes/suffixes to publicKey
✅ Mandatory: Guide users to the official key generation tool of the Alipay Open Platform
✅ Mandatory: Only accept complete publicKey explicitly provided by users
✅ Mandatory: Remind users to properly store their private keys and never disclose them to anyone
Standard Guidance Script:
Please go to the Alipay Open Platform Key Generation Tool (
https://opendocs.alipay.com/common/02kipk) to download and use the official tool to generate the app public-private key pair. After generation, provide the app public key to me to continue the subsequent process.
The private key generated by the official tool is in PKCS#8 format by default. Some development languages only support PKCS#1. If conversion to PKCS#1 is needed, you can use the format conversion function in the official tool.
Please properly store your private key and never disclose it to anyone.
⛔ Iron Rule for MCP Calls (Highest Priority)
All export PLATFORM=${DEV_TOOL_NAME} && alipay-cli mcp call
✅ Mandatory: Strictly follow the call examples and parameter structures in the skill documentation
✅ Mandatory: Use the complete parameters defined in the documentation, do not omit any parameters
✅ Mandatory: Use --json and 2>/dev/null together
❌ Prohibited: Infer or guess parameter names on your own
❌ Prohibited: Omit parameters defined in the documentation (including "ctx":{})
❌ Prohibited: Add extra parameters not defined in the documentation
❌ Prohibited: Modify the JSON nested structure of parameters
⛔ Iron Rule for CLI Environment Variables (Highest Priority)
The PLATFORM environment variable must be set before calling any export PLATFORM=${DEV_TOOL_NAME} && alipay-cli
✅ Mandatory: Set the PLATFORM environment variable before each alipay-cli call
✅ Mandatory: DEV_TOOL_NAME comes from Step 1 intelligent recognition, fill in "unknown" if missing
❌ Prohibited: Call alipay-cli directly without setting the PLATFORM environment variable
❌ Prohibited: Hardcode the PLATFORM value (e.g., PLATFORM=claudeCode)
❌ Prohibited: Use semicolon ; to connect commands (may cause environment variable leakage)
⛔ Iron Rule for Authorization Links (Highest Priority)
The field returned by the CLI's command cannot be used for authorization, and it is prohibited to disclose it to users!
❌ Prohibited to disclose: https://opengw.alipay.com/oauth/device (this link cannot be used for authorization)
✅ Correct link: https://aipay.alipay.com/cli-auth?deviceCode=xxx&productCode=xxx&mccCode=xxx&platform=xxx
⛔ Iron Rule for Handling createKeyConfirmPage Returns (Highest Priority)
It is prohibited to display QR code links and protocol links in the return results. Only display the Markdown link of .
❌ Prohibited to display: QR code prompts, alipays:// protocol links
✅ Mandatory: Output confirmPageUrl in Markdown link format
✅ Mandatory: Wait for user confirmation before proceeding with subsequent steps
⛔ Iron Rule for Handling Insufficient Authorization Scope (Highest Priority)
When detecting insufficient authorization scope, you must execute logout to exit login, then re-authorize.
❌ Prohibited: Continue executing subsequent operations after detecting insufficient authorization scope
❌ Prohibited: Re-login directly without executing logout
✅ Mandatory: Execute logout first, then re-authorize after detection
✅ Mandatory: Use the correct scope when re-authorizing (determined based on the current salesCode)
For detailed processing flow, see
scripts/handle_scope_mismatch.sh
Capability Overview
| Capability | Description |
|---|
| Product Recommendation | Recommend appropriate contracted products based on user business scenarios (PC Website Payment/AI Pay) |
| MCC Category Selection | Guide users to select business categories and provide intelligent recommendations |
| Login Authorization | alipay-cli OAuth authorization to obtain user identity and permissions |
| Qualification Information Collection | Collect website screenshots or service registration information based on product type |
| Product Contract Signing | Submit contract signing applications to activate payment capabilities |
| Application Publication | Query existing applications, reuse/create applications, set public keys, and submit for review |
| Service Market Registration | Shelve AI Pay products on the service market |
Task Management Specifications
The onboarding process must use TaskCreate/TaskUpdate/TaskList for task management to ensure the process is traceable and resumable.
Task-Step Comparison Table (Mandatory Compliance)
| Task No. | Task Name | Corresponding Step | Execution Content |
|---|
| Task 1 | Environment Check | Step 1 | Check alipay-cli installation status and operating environment |
| Task 2 | Solution Planning | Step 2 | Recommend products and business categories based on user business |
| Task 3 | Login Authorization | Step 3 | Alipay OAuth authorization login |
| Task 4 | Information Collection | Step 4 | Collect website screenshots (only when PC Website Payment is not signed) |
| Task 5 | Onboarding Promotion | Step 5 | Contract signing, service registration, application publication |
| Task 6 | Process Completion | Step 6 | Output onboarding results |
Iron Rule for Task Creation (Highest Priority)
All 6 tasks must be created in one go strictly in the following order, no disorder or omission allowed:
TaskCreate({ subject: "Environment Check", description: "Check alipay-cli installation status and operating environment" })
TaskCreate({ subject: "Solution Planning", description: "Recommend products and business categories based on user business" })
TaskCreate({ subject: "Login Authorization", description: "Alipay OAuth authorization login" })
TaskCreate({ subject: "Information Collection", description: "Collect website screenshots (only when PC Website Payment is not signed)" })
TaskCreate({ subject: "Onboarding Promotion", description: "Contract signing, service registration, application publication" })
TaskCreate({ subject: "Process Completion", description: "Output onboarding results" })
Task Skipping Rules
| Condition | Skipped Task | Handling Method |
|---|
| AI Pay product | Task 4: Information Collection | Directly mark as completed and output "AI Pay does not require information collection" |
| Already signed status | Task 4: Information Collection | Directly mark as completed and output "Already signed, skip information collection" |
| Existing online application | Part of Task 5 | Only execute service registration or application publication, skip duplicate steps |
Memory State Management
State data is stored in the conversation context, no file persistence is used. It will be automatically cleared after the process ends.
json
{
"productName": "PC Website Payment|AI Pay",
"salesCode": "I1080300001000041203|I1080300001000160457",
"scope": "app:all,fast_instant_trade_pay:write|app:all,machine_pay:write,agmnt:write",
"mccCode": "Axxxx_Bxxxx",
"mccName": "Level 1 Category > Level 2 Category",
"collect_information": {
"pc_home_page_image": "fileKey (only for PC Website Payment)",
"pc_shop_page_image": "fileKey (only for PC Website Payment)",
"pc_payment_image": "fileKey (only for PC Website Payment)"
}
}
Prohibited to store: deviceCode / browserUrl / verificationCode / ar_sign_data / service_market_data / appId / authToken, etc.
Main Process
Process Overview
Step 1: Environment Check → Step 2: Solution Planning → Step 3: Login Authorization
→ Step 3.1: Contract Signing Status Query (sub-operation) → Determine subsequent process
→ Step 4: Information Collection (conditional execution)
→ Step 5: Onboarding Promotion (contract signing + service registration + application publication)
→ Step 6: Process Completion
Step 1: Environment Check
1.1 CLI Installation Check
bash
if ! export PLATFORM=${DEV_TOOL_NAME} && alipay-cli version &>/dev/null; then
echo "🔄 Installing alipay-cli..."
curl -fsSL https://opengw.alipay.com/alipaycli/install | bash
fi
1.2 Task Creation (Must be completed before executing any Step)
Create all 6 tasks in order (see Task Management Specifications), no operations in between.
1.3 Intelligent Recognition of AI Programming Tools
Execute
scripts/detect_dev_tool.sh
, write the return value to
. Fill in "unknown" if missing.
Only output "Environment is ready, you can continue the process.", do not disclose detection details.
1.4 Memory State Initialization
Initialize conversation context variables: productName, salesCode, scope, mccCode, mccName, collect_information
Step 2: Solution Planning
Core Principle: Direct Recommendation + Adjust if Not Approved
- Directly recommend products and business categories based on user description, no inquiries or hesitation
- User confirms → Enter Step 3; User does not approve → Provide alternative categories in the same category (max 3)
Product Matching Rules
| Scenario Keywords | Recommended Product | salesCode | scope |
|---|
| Website, web page, PC, computer, e-commerce, mall | PC Website Payment | I1080300001000041203 | app:all,fast_instant_trade_pay:write |
| AI, agent, large model, Agent, MCP | AI Pay | I1080300001000160457 | app:all,machine_pay:write,agmnt:write |
| No clear scenario features | PC Website Payment (default) | I1080300001000041203 | app:all,fast_instant_trade_pay:write |
MCC Matching
Read
references/mcc-reference.md
for semantic matching.
Prohibited for LLM to generate mccCode on its own.
Process After User Confirmation
After user confirms the solution → Directly enter login authorization and output authorization information, no need for re-confirmation.
Step 3: Login Authorization
See
references/authorization.md
for details
Key Process
- whoami check login status (do not interrupt the process when expired, handle uniformly in Step 3)
- Execute
export PLATFORM=${DEV_TOOL_NAME} && alipay-cli login --non-interactive --scope "$SCOPE" --json 2>&1
- Parse device_code → Construct authorization link
https://aipay.alipay.com/cli-auth?deviceCode=xxx&productCode=xxx&mccCode=xxx&platform=xxx
- Output authorization information (product type, business category, confirmation code, link) → Wait for user confirmation
- After user confirmation, execute
export PLATFORM=${DEV_TOOL_NAME} && alipay-cli login --complete --json 2>&1
Scope Mapping
| Product | scope |
|---|
| PC Website Payment | app:all,fast_instant_trade_pay:write
|
| AI Pay | app:all,machine_pay:write,agmnt:write
|
Authorization Information Display Specifications (Highest Priority)
Must display 4 fixed items of information + authorization link (Markdown format), no conditional hiding allowed:
- Product type 2. Business category (mccName + mccCode) 3. Confirmation code 4. Authorization link validity period + link
Step 3.1: Post-Authorization Handling (Login Authorization Sub-process)
Contract Signing Status Query
bash
export PLATFORM=${DEV_TOOL_NAME} && alipay-cli mcp call ar-query.queryArInfosBySalesProd \
-d '{"request":{"salesProductCodes":["<salesCode>"]},"ctx":{}}' --json 2>/dev/null
Contract Signing Status Judgment and Branches
| Status | Product Type | Subsequent Process |
|---|
| NOT_SIGNED | PC Website Payment | Step 4 Information Collection (3 screenshots) → Step 5 |
| NOT_SIGNED | AI Pay | Directly Step 5 (contract signing + service registration + application publication) |
| SIGNED | PC Website Payment | Directly Step 5 (only application publication) |
| SIGNED | AI Pay | Directly Step 5 (service registration + application publication) |
For detailed judgment logic and scripts, see
references/product-sign.md
and
scripts/query_sign_status.sh
Step 4: Information Collection
⚠️ Only execute for "PC Website Payment" product and when not signed, skip this step for AI Pay.
📋 PC Website Payment requires 3 website screenshots:
1. Homepage screenshot 2. Product page screenshot 3. Payment page screenshot
Please upload the screenshots to continue.
For upload and parsing scripts, see
scripts/upload_screenshots.sh
bash
# Upload screenshot to get fileKey
export PLATFORM=${DEV_TOOL_NAME} && alipay-cli file upload "$FILE_PATH" -s payMerchantcodeSkill --json 2>/dev/null
Step 5: Onboarding Promotion
⚠️ Contract signing, service registration, and application publication are executed serially.
| Step | Module | Applicable Products | See Details |
|---|
| 5.1 | Product Contract Signing | All products | references/product-sign.md
|
| 5.2 | Service Market Registration | AI Pay only | references/service-registration.md
|
| 5.3 | Application Publication | All products | references/app-release.md
|
Step 6: Process Completion
Use TaskUpdate to mark all tasks as completed.
⛔ Iron Rule for Mandatory Module Reading (Highest Priority)
Before executing any module, you must first read the corresponding references document to obtain complete parameters and processes. Prohibited to execute based on memory!
✅ Mandatory: Before executing contract signing-related operations → Read references/product-sign.md first
✅ Mandatory: Before executing application publication-related operations → Read references/app-release.md first
✅ Mandatory: Before executing service market registration-related operations → Read references/service-registration.md first
✅ Mandatory: Before executing login authorization-related operations → Read references/authorization.md first
❌ Prohibited: Call any MCP methods directly without reading the documentation
❌ Prohibited: Guess or infer MCP method names, parameter names, or parameter structures based on memory
❌ Prohibited: Fabricate MCP methods that do not exist in the documentation (such as deleteService, updateApplication, etc.)
❌ Prohibited: Bring the ctx parameter habit from the contract signing module into the application publication module
❌ Prohibited: Bring the no-ctx habit from the application publication module into the contract signing module
Module Entry Guide
Contract Signing Module → references/product-sign.md
⚠️ Must read this document before executing contract signing
- Function: Contract signing status query + contract signing application submission
- MCP: ar-sign.apply / ar-query.queryArInfosBySalesProd (⚠️ Requires ctx)
- Contract signing JSON structure (PC Website Payment includes webAppDTO+screenshot / AI Pay has no webAppDTO)
- Key variables: bizRequestNo (generate new UUID each time), mccCode, channelCode, orderType
- Contract signing output specifications (rate disclaimer)
Application Publication Module → references/app-release.md
⚠️ Must read this document before executing application publication
- Function: Query existing applications → Reuse/create → Set public key → Submit for review
- MCP: apprelease.* (7 methods) (⚠️ Does not require ctx, parameter structure is completely different from the contract signing module)
- ⛔ Iron Rule for Application MCP Calls (request wrapping, no ctx, appTypes uses array)
- Mandatory principle for application reuse (only reuse ON_LINE status)
- createKeyConfirmPage return handling specifications (only display confirmPageUrl)
Service Market Registration Module → references/service-registration.md
⚠️ Must read this document before executing service registration
- Function: Shelve AI Pay products on the service market (query first, then create)
- MCP: Only 2 methods → a2a-pay-service.discoverBazaarServicesForMcp / saveBazaarServiceForMcp
- 5-step process: Query → Judgment → User decision → Submit → Process results
- ⛔ Prohibited: Use methods not defined in the documentation (such as deleteService, updateService)
- Input parameter verification rules + service quantity ≤20 limit + all fields must be passed for modification
MCC Recommendation Module → references/mcc-reference.md
- MCC category reference table, used for semantic matching to recommend business categories
- ⛔ Prohibited for LLM to generate mccCode on its own, must match exactly from the document
CLI Command Specifications → references/cli-commands.md
- Calling format and parameter specifications for all alipay-cli commands
- Detailed instructions for login/authorization/file upload/MCP calls
MCP Method Declarations → references/mcp-methods.md
- Parameter structures and call examples for all MCP methods
- ⛔ Strictly prohibited to call virtual MCP methods
Login Authorization → references/authorization.md
- Complete process of login status check, authorization link generation, re-authorization, and permission check
- ⛔ Iron Rule for re-authorization three parameters (deviceCode, productCode, mccCode are all required)
Error Handling → references/error-handling.md
- Error type identification priority + unified error handling template
- Handling of MCP authentication errors, service errors, authorization mismatch, backend business errors
Customer Output Specifications
1. Solution Planning Output Specifications
markdown
Let me first help you plan the solution, then complete the onboarding process step by step.
---
📋 Based on your [user business description], I recommend the following solution:
|------|------|
| Product Type | [Product Name] |
| Business Category | [Level 1 Category] > [Level 2 Category] ([mccCode]) |
Please confirm if the solution is appropriate? We will proceed to the next step after confirmation.
Output for Adjustment When Not Approved:
markdown
📋 Understood, here are other options in the [Level 1 Category] category for you:
|------|----------|----------|
| 1 | [Level 1 Category] > [Level 2 Category 1] | [Applicable Scenario 1] |
| 2 | [Level 1 Category] > [Level 2 Category 2] | [Applicable Scenario 2] |
Please select the number, or continue describing your business scenario.
2. Service List Output Specifications
| No. | Service ID | Service Name | Description | Price | Status | Service Address |
3. Contract Signing Information Output Specifications (Including Rate Disclaimer)
When contract signing information includes rates, must add a disclaimer:
markdown
📋 Contract Signing Information:
• Signing Status: [Status]
• Rate: [Rate Value]
> Due to possible periodic promotional activities by Alipay, the actual rate may be lower than the rate shown on this page. Please refer to the corresponding expense bill for details.
4. Process Completion Output Specifications
PC Website Payment:
markdown
🎉 Alipay Merchant Onboarding Process Completed!
|------|------|------|
| 📦 Product Information | Product Type | [Product Name] |
| 📦 Product Information | Business Category | [Category Name] |
| 📋 Contract Signing Information | Signing Status | [Status] |
| 📋 Contract Signing Information | Rate | [Rate Value] (if applicable) |
| 📱 Application Information | App ID | [appId] |
| 📱 Application Information | App Status | [Status] |
> Due to possible periodic promotional activities by Alipay, the actual rate may be lower than the rate shown on this page. Please refer to the corresponding expense bill for details.
AI Pay Product (Including Service Market Information): Add 🔧 Service Information rows (Service ID, Service Name, Service Description, Service Status, Service Address) to the above table.
Error Handling
| Error Type | Identification Keywords | Handling Method |
|---|
| Authentication Error | HTTP 401, Authorization is empty | logout → Re-authorize |
| Service Error | MCP call failed (non-401) | Prompt user to check network and retry |
| Authorization Information Mismatch | mccCode/salesProductCodes is not auth, scope is not auth | logout → Re-authorize |
| Contract Signing Error | errorCode, errorMessage | Display error and guide user to correct |
Unified Error Detection Template:
bash
if echo "$RESULT" | grep -qiE "HTTP 401|Authorization is empty|mccCode.*is not auth|salesProductCodes.*is not auth|scope.*is not auth|Authorization information mismatch"; then
# → Execute scripts/handle_scope_mismatch.sh
fi
For detailed error handling, see
references/error-handling.md
FAQ
Product Related
Q: Can I activate PC Website Payment if my website is not online yet? A: Yes, you can upload website screenshots.
Q: Can individual accounts activate PC Website Payment? A: Yes, you need to provide a business license with the same name.
Q: What is AI Pay? A: AI Pay is a payment collection product that enables agent-to-machine payments through Alipay.
Q: How can individuals increase the collection limit for AI Pay? A: You need to provide an individual business license with the same legal person.
Contract Signing Related
Q: What should I do if I get the prompt "Operation behavior is risky" during contract signing? A: The system has detected abnormal account activity. Please try again later.
Q: How to close a product? A: Log in to b.alipay.com → Product Center → Find the product → Close the product.
Complete FAQ can be found in
Reference Documents
| Document | Content |
|---|
references/product-sign.md
| Complete process of contract signing module, JSON structure, status judgment |
references/app-release.md
| Full process of application publication, iron rules for MCP calls, reuse specifications |
references/service-registration.md
| Service market registration process, input parameter verification, query first then create |
references/authorization.md
| Complete process of login authorization, scope verification, re-authorization |
| Detailed execution flow chart and branch logic |
references/cli-commands.md
| Detailed instructions for CLI commands |
references/mcp-methods.md
| MCP method declarations, parameter structures, method routes |
| Product configuration, MCC format, information collection requirements |
references/error-handling.md
| Detailed instructions for error handling |
| Frequently asked questions and answers |
references/mcc-reference.md
| MCC category reference table |
references/state-management.md
| Instructions for state management |
scripts/detect_dev_tool.sh
| AI programming tool detection script |
scripts/query_sign_status.sh
| Contract signing status query and judgment script |
scripts/handle_scope_mismatch.sh
| Handling script for insufficient authorization scope |
scripts/app_query_and_reuse.sh
| Application query and reuse judgment script |
scripts/service_query_and_list.sh
| Service query and list output script |
scripts/upload_screenshots.sh
| Screenshot parallel upload and parsing script |