wechat-official-account

We drive the WeChat MP server-side API with curl + jq. Unlike OAuth-bearer connectors, WeChat MP uses a two-step flow:

1. Exchange AppID + AppSecret for an access_token (TTL 7200s, global limit ≈ 2000 calls/day per app).
2. Pass that access_token as a query string parameter on every other call.

The user's credentials are in $WECHAT_APP_ID and $WECHAT_APP_SECRET. Never log or echo $WECHAT_APP_SECRET — treat it like a password.

The WeChat MP API returns standard JSON. Errors are returned with HTTP 200; the body looks like {"errcode": 40013, "errmsg": "invalid appid"}. errcode == 0 means success — show the original errmsg to the user verbatim on any non-zero code.

Important constraints — surface these to the user before they're surprised

• IP whitelist: every API call's source IP must be in this app's IP whitelist (公众平台 → 设置与开发 → 基本配置 → IP 白名单). If you see errcode 40164 ("invalid ip"), the worker's egress IP isn't whitelisted; tell the user to add the IP shown in errmsg and retry.
• Verified account required for publishing: as of 2025-07, only verified (已认证) corporate-subject accounts can call freepublish/* and mass/*. Personal-subject accounts and unverified corporate accounts get a permission error. Drafts (draft/*) and customer messages (message/custom/*) usually work without verification.
• Group-send quota is harsh: 服务号 = 4 sends/month, 订阅号 = 1 send/day. Treat freepublish/submit and mass/sendall like a destructive operation — always confirm with the user before calling them, even if instructions say "publish it". Default to creating a draft and pasting the draft URL.
• Customer-service window is 48 hours: message/custom/send only works for a follower whose openid interacted with the account in the last 48 hours. Outside that window you get errcode 45015.

Recipes

Step 0 — get an access_token (do this first, cache the result)